Tải bản đầy đủ

CWNA guide to wireless LANs 2nd ch08

CWNA Guide to Wireless
LANs, Second Edition
Chapter Eight
Wireless LAN Security and Vulnerabilities


Objectives
• Define information security
• Explain the basic security protections for IEEE
802.11 WLANs
• List the vulnerabilities of the IEEE 802.11 standard
• Describe the types of wireless attacks that can be
launched against a wireless network

CWNA Guide to Wireless LANs, Second Edit

2


Security Principles: What is
Information Security?

• Information security: Task of guarding digital
information
– Ensures protective measures properly implemented
– Protects confidentiality, integrity, and availability
(CIA) on the devices that store, manipulate, and
transmit the information through products, people,
and procedures

CWNA Guide to Wireless LANs, Second Edit

3


Security Principles: What is
Information Security? (continued)

Figure 8-1: Information security components

CWNA Guide to Wireless LANs, Second Edit

4


Security Principles: Challenges of
Securing Information
• Trends influencing increasing difficultly in
information security:
– Speed of attacks
– Sophistication of attacks
– Faster detection of weaknesses
• Day zero attacks

– Distributed attacks
• The “many against one” approach
• Impossible to stop attack by trying to identify and
block source

CWNA Guide to Wireless LANs, Second Edit

5




Security Principles: Categories of
Attackers
• Six categories of attackers:
– Hackers
• Not malicious; expose security flaws







Crackers
Script kiddies
Spies
Employees
Cyberterrorists

CWNA Guide to Wireless LANs, Second Edit

6


Security Principles: Categories of
Attackers (continued)

Table 8-1: Attacker profiles

CWNA Guide to Wireless LANs, Second Edit

7


Security Principles: Security
Organizations
• Many security organizations exist to provide
security information, assistance, and training
– Computer Emergency Response Team Coordination
Center (CERT/CC)
– Forum of Incident Response and Security Teams
(FIRST)
– InfraGard
– Information Systems Security Association (ISSA)
– National Security Institute (NSI)
– SysAdmin, Audit, Network, Security (SANS) Institute
CWNA Guide to Wireless LANs, Second Edit

8


Basic IEEE 802.11 Security
Protections
• Data transmitted by a WLAN could be intercepted
and viewed by an attacker
– Important that basic wireless security protections be
built into WLANs

• Three categories of WLAN protections:
– Access control
– Wired equivalent privacy (WEP)
– Authentication

• Some protections specified by IEEE, while others
left to vendors
CWNA Guide to Wireless LANs, Second Edit

9


Access Control
• Intended to guard availability of information
• Wireless access control: Limit user’s admission to
AP
– Filtering

• Media Access Control (MAC) address filtering:
Based on a node’s unique MAC address

Figure 8-2: MAC address

CWNA Guide to Wireless LANs, Second Edit

10


Access Control (continued)

Figure 8-4: MAC address filtering

CWNA Guide to Wireless LANs, Second Edit

11


Access Control (continued)
• MAC address filtering considered to be a basic
means of controlling access
– Requires pre-approved authentication
– Difficult to provide temporary access for “guest”
devices

CWNA Guide to Wireless LANs, Second Edit

12


Wired Equivalent Privacy (WEP)
• Guard the confidentiality of information
– Ensure only authorized parties can view it

• Used in IEEE 802.11 to encrypt wireless
transmissions
– “Scrambling”

CWNA Guide to Wireless LANs, Second Edit

13


WEP: Cryptography
• Cryptography: Science of transforming
information so that it is secure while being
transmitted or stored
– scrambles” data

• Encryption: Transforming plaintext to ciphertext
• Decryption: Transforming ciphertext to plaintext
• Cipher: An encryption algorithm
– Given a key that is used to encrypt and decrypt
messages
– Weak keys: Keys that are easily discovered
CWNA Guide to Wireless LANs, Second Edit

14


WEP: Cryptography (continued)

Figure 8-5: Cryptography

CWNA Guide to Wireless LANs, Second Edit

15


WEP: Implementation
• IEEE 802.11 cryptography objectives:






Efficient
Exportable
Optional
Reasonably strong
Self-synchronizing

• WEP relies on secret key “shared” between a
wireless device and the AP
– Same key installed on device and AP
– Private key cryptography or symmetric
encryption
CWNA Guide to Wireless LANs, Second Edit

16


WEP: Implementation (continued)

Figure 8-6: Symmetric encryption

CWNA Guide to Wireless LANs, Second Edit

17


WEP: Implementation (continued)
• WEP shared secret keys must be at least 40 bits
– Most vendors use 104 bits

• Options for creating WEP keys:
– 40-bit WEP shared secret key (5 ASCII characters or
10 hexadecimal characters)
– 104-bit WEP shared secret key (13 ASCII characters
or 16 hexadecimal characters)
– Passphrase (16 ASCII characters)

• APs and wireless devices can store up to four
shared secret keys
– Default key used for all encryption
CWNA Guide to Wireless LANs, Second Edit

18


WEP: Implementation (continued)

Figure 8-8: Default WEP keys

CWNA Guide to Wireless LANs, Second Edit

19


WEP: Implementation (continued)

Figure 8-9: WEP encryption process

CWNA Guide to Wireless LANs, Second Edit

20


WEP: Implementation (continued)
• When encrypted frame arrives at destination:
– Receiving device separates IV from ciphertext
– Combines IV with appropriate secret key
• Create a keystream

– Keystream used to extract text and ICV
– Text run through CRC
• Ensure ICVs match and nothing lost in transmission

• Generating keystream using the PRNG is based on
the RC4 cipher algorithm
– Stream Cipher
CWNA Guide to Wireless LANs, Second Edit

21


WEP: Implementation (continued)

Figure 8-10: Stream cipher

CWNA Guide to Wireless LANs, Second Edit

22


Authentication
• IEEE 802.11 authentication: Process in which AP
accepts or rejects a wireless device
• Open system authentication:
– Wireless device sends association request frame to
AP
• Carries info about supported data rates and service
set identifier (SSID)

– AP compares received SSID with the network SSID
• If they match, wireless device authenticated

CWNA Guide to Wireless LANs, Second Edit

23


Authentication (continued)
• Shared key authentication: Uses WEP keys
– AP sends the wireless device the challenge text
– Wireless device encrypts challenge text with its WEP
key and returns it to the AP
– AP decrypts returned result and compares to original
challenge text
• If they match, device accepted into network

CWNA Guide to Wireless LANs, Second Edit

24


Vulnerabilities of IEEE 802.11 Security
• IEEE 802.11 standard’s security mechanisms for
wireless networks have fallen short of their goal
• Vulnerabilities exist in:
– Authentication
– Address filtering
– WEP

CWNA Guide to Wireless LANs, Second Edit

25


Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay

×