Risks from crackers are sure to remain with us for any foreseeable future. The challenge for IT personnel will be to keep one step ahead of crackers. Members of the IT field need to keep learning about the types of attacks and what counter measures are available.
Counteracting security risks
There are many technologies available to counteract wireless network intrusion, but currently no method is absolutely secure. The best strategy may be to combine a number of security measures.
Possible steps towards securing a wireless network include:
All wireless LAN devices need to be secured
All users of the wireless network need to be educated in wireless network security
All wireless networks need to be actively monitored for weaknesses and breaches
MAC ID filtering
Most wireless access points contain some type of MAC ID filtering that allows the administrator to only permit access to computers that have wireless functionalities that contain certain MAC IDs. This can be helpful; however, it must be remembered that MAC IDs over a network can be faked. Cracking utilities such as SMAC are widely available, and some computer hardware also gives the option in the BIOS to select any desired MAC ID for its built in network capability..
Static IP addressing
Disabling at least the IP Address assignment function of the network's DHCP server, with the IP addresses of the various network devices then set by hand, will also make it more difficult for a casual or unsophisticated intruder to log onto the network. This is especially effective if the subnet size is also reduced from a standard default setting to what is absolutely necessary and if permitted but unused IP addresses are blocked by the access point's firewall. In this case, where no unused IP addresses are available, a new user can log on without detection using TCP/IP only if he or she stages a successful Man in the Middle Attack using appropriate software.
WEP encryption
Main article: Wired Equivalent Privacy
WEP stands for Wired Equivalency Privacy. This encryption standard was the original encryption standard for wireless. As its name implies, this standard was intended to make wireless networks as secure as wired networks. Unfortunately, this never happened as flaws were quickly discovered and exploited. There are several Open Source utilities like aircrack-ng, weplab, WEPCrack or airsnort that can be used by crackers to break in by examining packets and looking for patterns in the encryption. WEP comes in different key sizes.
The common key lengths are currently 128- and 256-bit. The longer the better as it will increase the difficulty for crackers. However, this type of encryption has seen its day come and go. In 2005 a group from the FBI held a demonstration where they used publicly available tools to break a WEP encrypted network in three minutes. WEP protection is better than nothing, though generally not as secure as the more sophisticated WPA-PSK encryption. A big problem is that if a cracker can receive packets on a network, it is only a matter of time until the WEP encryption is cracked.
WEP has some serious issues. First, it does not deal with the issue of key management at all.
Either the keys have to be manually given to end users, or they have to be distributed in some other authentication method. Since WEP is a shared key system, the AP uses the same key as all the clients and the clients also share the same key with each other. A hacker would only have to compromise the key from a single user, and he would then know the key for all users.
In addition to key management, a recently published paper describes ways in which WEP can actually be broken (“Weaknesses in the Key Scheduling Algorithm of RC4” by Fluhrer, Mantin and Shamir). This is due to a weakness in RC4 as it is implemented in WEP. If enough traffic can be intercepted, then it can be broken by brute force in a matter of an hour or two. If that weren’t bad enough, the time it takes to crack WEP only grows linearly with key length, so a 104-bit key doesn’t provide any significant protection over a 40-bit key when faced against a determined hacker. There are several freely available programs that allow for the cracking of WEP. WEP is indeed a broken solution, but it should be used as it is better than nothing. In addition, higher layer encryption (SSL, TLS, etc) should be used when possible.
WPA
Main article: Wi-Fi Protected Access
Wi-Fi Protected Access (WPA) is an early version of the 802.11i security standard that was developed by the Wi-Fi Alliance to replace WEP. The TKIP encryption algorithm was developed for WPA to provide improvements to WEP that could be fielded as firmware upgrades to existing 802.11 devices. The WPA profile also provides optional support for the AES-CCMP algorithm that is the preferred algorithm in 802.11i and WPA2.
WPA Enterprise provides RADIUS based authentication using 802.1x. WPA Personal uses a pre-shared Shared Key (PSK) to establish the security using an 8 to 63 character passphrase. The PSK may also be entered as a 64 character hexadecimal string. Weak PSK passphrases can be broken using off-line dictionary attacks by capturing the messages in the four-way exchange when the client reconnects after being deauthenticated. Wireless suites such as aircrack-ng can crack a weak passphrase in less than a minute. WPA Personal is secure when used with ‘good’ passphrases or a full 64-character hexadecimal key.
WPA2
Main article: IEEE 802.11i
WPA2 is a WiFi Alliance branded version of the final 802.11i standard.[6] The primary enhancement over WPA is the inclusion of the AES-CCMP algorithm as a mandatory feature. Both WPA and WPA2 support EAP authentication methods using RADIUS servers and preshared key (PSK).
802.1X
Main article: IEEE 802.1X
This is an IEEE standard for access of wireless and wired LANs. It provides for authentication and authorization of LAN nodes. This standard defines the Extensible Authentication Protocol (EAP) which uses a central authentication server. Unfortunately, during 2002 a Maryland professor discovered some shortcomings[citation needed]. Over the next few years these shortcomings were addressed with the use of TLS and other enhancements[citation needed].
LEAP
Main article: Lightweight Extensible Authentication Protocol
This stands for the Lightweight Extensible Authentication Protocol. This protocol is based on 802.1X and helps minimize the original security flaws by using WEP and a sophisticated key management system. This also uses MAC address authentication. LEAP is not safe from crackers. THC-LeapCracker can be used to break Cisco’s version of LEAP and be used against computers connected to an access point in the form of a dictionary attack.
PEAP
Main article: Protected Extensible Authentication Protocol
This stands for Protected Extensible Authentication Protocol. This protocol allows for a secure transport of data, passwords, and encryption keys without the need of a certificate server. This was developed by Cisco, Microsoft, and RSA Security.
TKIP
Main article: Temporal Key Integrity Protocol
This stands for Temporal Key Integrity Protocol and the acronym is pronounced as tee-kip. This is part of the IEEE 802.11i standard. TKIP implements per-packet key mixing with a re-keying system and also provides a message integrity check. These avoid the problems of WEP.
RADIUS
Main article: RADIUS
This stands for Remote Authentication Dial In User Service. This is an AAA (authentication, authorization and accounting) protocol used for remote network access. This service provides an excellent weapon against crackers. RADIUS was originally proprietary but was later published under ISOC documents RFC 2138 and RFC 2139. The idea is to have an inside server act as a gatekeeper through the use of verifying identities through a username and password that is already pre-determined by the user. A RADIUS server can also be configured to enforce user policies and restrictions as well as recording accounting information such as time connected for billing purposes.
WAPI
Main article: WAPI
This stands for WLAN Authentication and Privacy Infrastructure. This is a wireless security standard defined by the Chinese government.
Smart cards, USB tokens, and software tokens
This is a very high form of security. When combined with some server software, the hardware or software card or token will use its internal identity code combined with a user entered PIN to create a powerful algorithm that will very frequently generate a new encryption code. The server will be time synced to the card or token. This is a very secure way to conduct wireless transmissions. Companies in this area make USB tokens, software tokens, and smart cards. They even make hardware versions that double as an employee picture badge. Currently the safest security measures are the smart cards / USB tokens. However, these are expensive. The next safest methods are WPA2 or WPA with a RADIUS server. Any one of the three will provide a good base foundation for security. The third item on the list is to educate both employees and contractors on security risks and personal preventive measures. It is also IT's task to keep the company workers' knowledge base up-to-date on any new dangers that they should be cautious about. If the employees are educated, there will be a much lower chance that anyone will accidentally cause a breach in security by not locking down their laptop or bring in a wide open home access point to extend their mobile range. Employees need to be made aware that company laptop security extends to outside of their site walls as well. This includes places such as coffee houses where workers can be at their most vulnerable. The last item on the list deals with 24/7 active defense measures to ensure that the company network is secure and compliant. This can take the form of regularly looking at access point, server, and firewall logs to try and detect any unusual activity. For instance, if any large files went through an access point in the early hours of the morning, a serious investigation into the incident would be called for. There are a number of software and hardware devices that can be used to supplement the usual logs and usual other safety measures.
0 Comments
Post a Comment