Wireless Security

The Good, The Bad, The

Ugly
Prepared By
Robert Sutherlin
Xtria, LLC
for the
Division of State Systems
Administration on Children, Youth, and Families
Administration for Children and Families
U.S. Department of Health and Human Services
June 2005
 Wireless Security?
 Hacking is no longer the esoteric domain of
the techno-elite. Most often done by
young males ages 15-25 that have
extensive computer programming
knowledge.
 Variety of reasons from simple curiosity all
the way to achieving terrorist ideals.
 Most often used for identity theft and
industrial espionage.

2
 Overview
 Wireless Frequencies Available
 Wireless Network Limitations
 Wireless Network Security Issues
 Hacking, Cracking and Attacks
 Risk Mitigation

3
 Capabilities
 Roaming Freedom
 No longer constrained to the office
 Smaller hand held devices have same functions as
larger laptops/tablets
 Never have to worry about access or “jacking-in”
 High Speed Data Transmission
 Speeds may vary, but all are faster than dial up
services
 Near Real Time Data Updates
 Cases in SACWIS are updated when workers in the field
get the information; decreases possible data loss due
to memory errors

4
 Wireless Frequencies
Available to the Public
 Regulated by IEEE (Institute of Electrical
and Electronics Engineers) 802.11x
Standards
 802.11a
 802.11b
 802.11g

Coming soon…
 802.11n

5
 802.11a
 Works at 40mhz, in the 5ghz range
 THEORETICAL transfer rates of up to
54mpbs
 ACTUAL transfer rates of about 26.4mbps
 Limited in use because it is almost a line of
sight transmittal which necessitates
multiple WAP’s (wireless access points)
 Cannot operate in same range as
802.11b/g
 Absorbed more easily than other wireless
implementations
6
 802.11b – “WiFi”
 Operates at 20mhz, in the 2.4ghz range
 Most widely used and accepted form of wireless
networking
 THEORETICAL speeds of up to 11mbps
 ACTUAL speeds depend on implementation
 5.9mbps when TCP (Transmission Control Protocol) is
used
(error checking)
 7.1mbps when UDP (User Datagram Protocol) is used
(no error checking)
 Can transmit up to 8km in the city;
rural environments may be longer if a line of sight
can be established

7
 802.11b - “WiFi” (cont.)
 Not as easily absorbed as 802.11a signal
 Can cause or receive interference from:
 Microwave ovens (microwaves in general)
 Wireless telephones
 Other wireless appliances operating in the
same frequency

8
 802.11g - “Super G”
 Operates at the same frequency range as
802.11b
 THEORETICAL throughput of 54mpbs
 ACTUAL transmission rate is dependent on
several factors, but averages 24.7mbps
 Logical upgrade from 802.11b wireless networks
– backwards compatibility
 Suffers from same limitations as 802.11b
network
 System may suffer significant decrease in
network speeds if network is not completely
upgraded from 802.11b

9
Limitation of Wireless
Networks

Availability

Environmental

Adding Devices
 Availability
 Wireless becoming more and more available as
time passes
 Wireless data networks are growing at roughly
the same rate as cellular telephone networks with
comparable coverage
 Does not rely on laying cables for connectivity
 Network cannot be accessed in situations where
RF signals have interference
 Largely inaccessible in rural areas

11
 Environmental
 Weather
 Rain, lightening affect RF signals
 Solar flares
 RF interference from ambient
sources or other RF devices
 Microwave towers
 Radio towers
 Electromagnetic interference
 Generators
 Power plants

12
 Adding Devices
 Extending range requires additional WAP’s
 Not always a viable option
 Possible conflicts between 802.11b and 802.11g
cause significant speed decrease in network
 Opens network up to more attacks
 Non-conflicting SSIDs (Service Set Identifiers)
 SSID’s are numbers that identify wireless devices on a
network.
 When SSIDs are not set dynamically

13
 Security Issues

Wired vs. Wireless

Hacking and Cracking
Types of Attacks
Open Networks
 Wired vs. Wireless
 Wired networks offer more and better
security options than wireless
 More thoroughly established standards
with wired networks
 Wireless networks are much more
equipment dependent than wired
networks
 Easier to implement security policies
on wired networks

15
 Hacking and Cracking
 Wired networks less susceptible to hackers/crackers
 RF signals allow for more unauthorized attempts
 Ubiquitous wireless networking devices allow access
 Hacking
 Gaining unauthorized access to networks/devices
by algorithms or penetration programs
 Cracking
 Extending the use of devices past original intentions

16
 Common Hacking &
Cracking Techniques and
Devices
 Referred to as “Wardrivers” or
“Warchalkers”
 Use PDA’s, laptops, scanners, tablets
or any WiFi enabled devices
 Underground networks list and
update open networks that are
waiting to be exploited
 Attack weak keys or sniff messages
going over the network to determine
SSID range
17
 Types of Attacks

 Man in the Middle Attacks

 Attacker intercepts identification information of the
sending and receiving parties.
 Substitutes own key in both situations
 Gives access to all information passed between parties
 Denial of Service or Distributed Denial of Service
 TCP SYN ACK Flood or Buffer Overrun – Typical DoS
 Illicit servers used to set up zombie machines for a DDoS
 Social Engineering
 Most prevalent form of network attacks
 Hardest to defend against because it involves human
nature

18
 Types of Attacks (cont.)
 “Weak key” attacks
 Involve algorithms in RC4 hashing algorithm
and WEP (Wired Equivalent Privacy)
 Both implementations use easily broken
algorithms
 WEP has been broken in under 2 hours
 Dictionary attacks
 Attackers use pre-populated list of frequently
used passwords and regular words
 Birthday attacks
 A complicated algorithmic attack

19
 Open Networks
 Most often associated with home
networks
 Networks are the target of hackers that
“wardrive.”
 Result of wireless networks that are
either unsecured entirely or are using
weak WEP keys
 Effects can be devastating

20
Mitigating Risks on a
Wireless Network
or

How I learned to love WLANS

and stop fearing the
Wardrivers
 Wireless Networks
 Ensure all unused ports are closed
 Any open ports must be justified
 “Pessimistic” network view
 Enforce the rule of least access
 Ensure SSIDs are changed regularly
 Ensure insurance and
authentication standards created
and enforced

22
 Encryption and Data
Insurance
 USE STRONG ENCRYPTION!!
 SHA-1 (Secure Hashing Algorithm)
 End to End Encryption
 Initiate encryption at user and end at server
that is behind the firewall, outside the DMZ
 Treat WLANs as untrusted networks
that must operate inside the DMZ
 Access trusted network via VPN and
two-factor authentication
 Increase application security
 Possibly through use of an enterprise
application system
 Minimally through increased encryption

23
 Encryption and Data
Insurance
 Do not, under any circumstances,
allow ad hoc WLANS
 Embrace and employ the 802.11i
IEEE security standard
 Native per user access control
 Native strong authentication
(tokens, smartcards and certificates)
 Native strong encryption
 Best bet for new wireless
networks

24
Wireless Future
“To the future and
beyond!!”
-Buzz Lightyear
 IPv4 Moving to IPv6
 IPv4 changing to IPv6
 US currently using IPv4; consists of four 8 bit fields
(255.255.255.255)
 When initially created, US received lion share of IP
addresses; Europe and Asia left with remainder
 IPv6 is the future
 Already in use in Asia and Europe
 Limited implementation in use
(RFID’s and shipping ports)
 New devices currently on market
 Netgear
 Cisco

26
 Pros of IPv6
 Eliminates the need for SSIDs
 Every device will have its own IP address
 Billions of unique IP addresses
 Eliminates the need for NAT (natural address translation)
 Can accept a range of IP addresses
 Minimizes hackers/crackers ability to penetrate
networks
 Increases scalability

27
 Cons
 Cost of Change Over
 Current infrastructure cannot be used
unless it is already IPv6 compliant
 New hardware required
 Network Changes
 Re-addressing of current IPv4
hardware/clients
 Compatibility with existing wireless
infrastructure

28
 802.11n (Ultranet)
 Standards in discussion now; should be
completed by the end of 2006
 REAL throughput of at least 100mbps
 4 – 5 times faster than 802.11g/a
 20 times faster than 802.11b!
 Better distance than 802.11a/b/g
 Being designed with speed and security
in mind
 Perfect compliment for WWW2

29
 Parting Thoughts
 Wireless Networking while great in
theory has significant problems that
are not easily addressed
 Upgrades to wireless technology that
are on the horizon make changing
over/integrating far less attractive

30