You see, wire telegraph is a kind of very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is there is no cat. - Albert Einstein
Securing A Wireless b Home Network © 2004 ABACUS
Why wireless? Low infrastructure costs –no network cable to install or maintain Flexibility –computers can be added to, or removed from the network at any time Inexpensive –wireless devices have dropped in price due to Moore’s Law © 2004 ABACUS
Wireless disadvantages Interference –cordless phones and other devices use same frequency Range –about feet from access point Security –anyone can eavesdrop on an unsecured wireless network © 2004 ABACUS
Wireless history 1902 –Guglielmo Marconi sends first radio transmission 1990 –Institute of Electrical and Electronics Engineers (IEEE) forms Working Group to set standards for wireless networking 1997 –IEEE publishes the first set of standards 1999 –IEEE publishes standard b © 2004 ABACUS
wireless standards StandardMax. RateFrequencyModulation Mb/sec2.4 GHz FHSS DSSS b11 Mb/sec2.4 GHzDSSS a54 Mb/sec5 GHzOFDM g54 Mb/sec2.4 GHz OFDM DSSS © 2004 ABACUS
(1997) Slow –2 Mb/second data rate Interoperability problems –Implemented two different modulations: FHSS (Frequency Hopping Spread Spectrum) DSSS (Direct Sequence Spread Spectrum) –Devices with FHSS couldn’t talk to devices with DSSS and vice versa © 2004 ABACUS
802.11b (1999) Currently most common –Equipment is inexpensive Faster than –11 Mb/second vs. 2 Mb/second nominal Maximum data rate is 5-6 Mbps due to overhead No interoperability problems –DSSS modulation only Security issues –Encryption can be broken © 2004 ABACUS
802.11a ( first devices 2001) Faster than b –54 Mb/second vs. 11 Mb/second Uses Orthogonal Frequency Division Multiplexing (OFDM) for modulation Not compatible with b –Uses 5 GHz frequency band vs. 2.4 GHz for b –Shorter range than b due to higher frequency © 2004 ABACUS
802.11g (2003) Faster than b –54 Mb/second vs. 11 Mb/second nominal Max. realistic data rate about Mbps Better security than b Compatible with b –Most devices support OFDM and DSSS –Networks can use b and g equipment together © 2004 ABACUS
More b factoids First widespread implementation – Apple’s Airport in 1999 Also called Wi-Fi –Wi-Fi equipment has been certified for interoperability by the Wi-Fi Alliance, a group of wireless equipment manufacturers. Every manufacturer’s Wi-Fi equipment should work with every other manufacturer’s WI-Fi equipment. © 2004 ABACUS
So what is the difference between a wired LAN (Local Area Network) and a wireless LAN? Aside from the obvious, let’s look at the details. © 2004 ABACUS
Wired LAN Devices being networked –Include desktop computers, laptop computers, printers, servers, PDAs, video game systems, even TV and stereo systems Devices for connecting the above –Include network adapters, hubs, switches, routers, gateways and more Connecting medium –Networking cable; most common is Category 5 or CAT-5 for short © 2004 ABACUS
Simple home wired LAN © 2004 ABACUS
Wireless LAN Devices being networked (same as for wired) –Include desktop computers, laptop computers, printers, servers, PDAs, video game systems, even TV and stereo systems Devices for connecting the above –Include wireless adapters, access points, bridges, base stations and more Connecting medium –Radio waves; per Einstein, there is no CAT-5 © 2004 ABACUS
Simple home wireless LAN © 2004 ABACUS
Securing your home LAN Preventing (or limiting) attacks against your network © 2004 ABACUS
Wired LAN outside attacks Must come in through Internet Gateway Attacks workstations and servers on the network Can be prevented by: –Installing a firewall (hardware and/or software) This is often done on the Internet gateway –Turning off (or limiting) file-sharing and remote access © 2004 ABACUS
Wired LAN attack blocked by firewall © 2004 ABACUS
Wireless LAN outside attacks Even if you have a firewall installed on your Internet gateway, a wireless LAN attacker is, effectively, already inside your network –Wireless base station has to signal its existence so clients can connect Attackers of wireless LANs therefore need to be kept out by other means in addition to firewalls © 2004 ABACUS
Wireless attacker is inside firewall! © 2004 ABACUS
Types of attacks 1. Attack servers and workstations on the LAN 2. Steal information being transmitted over your wireless LAN 3. Steal Internet access through your Internet gateway © 2004 ABACUS
Server and workstation attacks Attacker attempts to steal data from hard drives Attacker attempts to damage the data on the hard drives Attacker plants malicious software to attack other computers –Spam servers –Denial of service attack software –Worms –Attacks can be traced to your computer, not his! Handled like attacks on wired LANs –Firewalls on individual computers –Turn off or limit file-sharing © 2004 ABACUS
Attacks to steal data being transmitted over wireless network Examples: –Personal information contained in s –Copyrighted audio and video files being streamed over your wireless LAN –Financial information being shared between different computers on the network Prevented by encryption © 2004 ABACUS
Attacks to steal Internet access Attacker’s computer joins your network, uses your Internet gateway Attacker could be (for example): –Downloading copyrighted music files –Downloading child pornography –Performing DOS attacks on other computers –Broadcasting spam –These can be traced back to your Internet connection Prevented by encryption, closing the network and other tricks © 2004 ABACUS
How easy is it to attack a wireless LAN? Very easy –All an attacker needs is a laptop computer, a wireless card and some software –A directional antenna will increase the range over which the attacker can access your network Directional antenna can be made from a Pringles potato chip can! –Attackers drive around with their computers looking for open wireless networks –Practice is called ‘wardriving’ © 2004 ABACUS
“Wardriving?” From 1983 movie War Games –‘Wardialing’ was the practice of using an automatic dialer program to get your modem to locate access numbers for unsecured computers and networks © 2004 ABACUS
There is even ‘warflying’ Open networks found by aircraft flying into San Carlos -- from Ars TechnicaArs Technica © 2004 ABACUS
Why is it so easy to invade a wireless LAN? Ease of setup –Default settings allow even people with limited technical skills to set up and run a basic wireless network Allows wireless users to use open, public networks (usually for Internet access) –Such as the one at your local Starbucks © 2004 ABACUS
How do you keep attackers out of your home wireless LAN? Secure the network –Change the service set identifier (SSID) of your base station –Change your base station’s password –Close your network Shut off your base station’s SSID broadcast –Change your base station’s IP address –Enable encryption (WEP) Done on your base station and all the other wireless devices in your LAN –Other tricks Wireless security measures won’t completely protect your LAN, but all will help © 2004 ABACUS
Changing your SSID To access the LAN you need the service set identifier (SSID) of your base station Changing the default SSID reduces the chance the attacker will be able to guess it Like taking your keys when you park your car Works best with other security measures Each of these is an SSID (except Alviso) © 2004 ABACUS
Change your password To access the LAN you need the base station’s password Changing the default password (often ‘admin’ or ‘password’) drastically reduces the chance the attacker will be able get into your network Like locking your car when you park it © 2004 ABACUS
Close your network Shut off SSID broadcast Reduces chances that the attacker can see your network at all –Network beacon signals can still be detected Like parking your car in a closed garage –If the thief can’t see it, he won’t know that it’s available to steal If your SSID broadcast is off, you won’t even show up on this map © 2004 ABACUS
Change the IP address of your base station and other devices Changes the address ranges other devices on your network can use –Defaults are typically x or x –Available private address ranges: Also reduces the odds your neighbor’s wireless LAN will overlap yours Like using “The Club” in your car –Requires the thief have additional tools to steal your car © 2004 ABACUS
Enable wireless encryption Encrypt your network traffic (packets) –This has to be done on the base station and all access points, bridges, wireless adapters, etc. All devices use the same WEP key WEP (Wireless Encryption Protocol) uses a key to encrypt each packet sent –Key can be generated using a pass phrase or entered directly in hexadecimal Don’t forget yours; write it down –WEP slows network traffic slightly Each packet has to be encrypted by sender; decrypted by receiver © 2004 ABACUS
How safe is WEP? WEP can be broken, but it takes time –How long? Depends on network traffic volume –High traffic networks transmit lots of packets to analyze WEP Keys can be broken quickly –Lower traffic networks generate fewer packets Breaking WEP takes longer Skilled professionals with custom tools have broken WEP keys in less than a week Readily available tools, such as Airsnort or WEPCrack, in amateur hands, may take a lot longer © 2004 ABACUS
Increasing WEP security Use longer encryption keys –128-bit/104-bit instead of 64-bit/40-bit WEP key consists of two parts –A 24-bit initialization vector (IV) –The user-generated portion (40 bits or 104 bits) –Together these are used to encrypt the packets Unfortunately WEP sends the IV in clear (unencrypted), so most cracking software can use this as a starting point to break the whole key and read your packets Change your WEP keys often –This forces attackers to start decryption from scratch © 2004 ABACUS
Problem with longer WEP keys 128/104-bit encryption was not part of the original b standard Different b equipment makers implemented 128-bit encryption differently Hence, one maker’s 128-bit keys may not work on another’s devices –To avoid this buy all your b devices from one manufacturer, if possible © 2004 ABACUS
Why is WEP security so bad? WEP was designed during a period when strong (i.e.,long-key) encryption systems were subject to export restrictions as weapons! WEP was intentionally made weak to allow WEP devices to be exported and/or made overseas Unfortunately, WEP was made too weak © 2004 ABACUS
WEP encryption is like a hidden ‘kill’ switch on your car’s ignition A car thief may be able to find the switch by tracing the wires, but it will take him time Similarly, WEP can be cracked, but it will take an attacker time to do so If it takes too much effort, he may look for an easier target –Easier targets may include retail stores! Retailers often use wireless networking cash registers to connect to the store computer or the company network If unencrypted, attackers can steal credit card and authorization numbers from the store’s network traffic © 2004 ABACUS
Other wireless security tricks Limit number of network users –Set a low limit to the number of users the base station will accept, or –Turn off DHCP (Dynamic Host Configuration Protocol) and assign each device in your network a static IP address Apply address filtering –Locks out devices from Internet access by either IP or MAC (hardware) address © 2004 ABACUS
Non security for wireless LANs Use 802.1x (Robust Security Network) –Provides additional layer of encryption over –Not all b devices support it –RSN encryption may be breakable Use a proprietary encryption scheme –Example: Buffalo Technologies’ AOSSAOSS –All wireless devices on LAN must be from same manufacturer Use a virtual private network (VPN) –VPNs use strong encryption –Not supported by all devices © 2004 ABACUS
Virtual Private Networks May be overkill for a home LAN VPNs can secure all network traffic, both wired and wireless –VPNs can securely connect computers up to thousands of miles apart over another network (such as the Internet) via a process called ‘tunneling’ –Tunneled VPN traffic can be seen by wireless attackers, but can’t be cracked © 2004 ABACUS
Tunneling and VPNs Three common VPN tunneling modes –Point-to-Point Tunneling Protocol (PPTP) –Layer Two Tunneling Protocol (L2TP) –IP Security (IPSec) All nodes on the network must use the same tunneling mode –Wireless base station must be: Special router which supports VPN, or Server computer w/ wireless adapter running VPN software –Wireless client computers must also have VPN software installed © 2004 ABACUS
Setting up wireless security Make security changes in all devices (routers, access points, bridges, adapters, etc.) through a wired link –If you change a device setting through a wireless link, you could lose the connection when you apply the changes –Set up devices in this order: Base station Access points Bridges and adapters –Test each device for connectivity before you install it in its final location © 2004 ABACUS
Wireless security is not perfect A determined car thief can steal almost any car if he wants it bad enough However, many simple measures can be taken to make his job harder If you make it difficult enough, most thieves will pick another target Wireless LAN security is similar; if you make it difficult enough, attackers will pick other targets © 2004 ABACUS
802.11g features Better security than b –Automatically changes keys Up to more than 4 times faster than b –Much faster than either DSL or cable broadband; the broadband connection is the bottleneck –Extra speed is only useful for such applications as streaming digital video over your network © 2004 ABACUS
The future of wireless LAN security i –Supposedly more secure than WEP –Supposedly compatible with older equipment (802.11b and g) This doesn’t mean that b equipment will be able to use i security; it just means that b and i equipment can be used in the same network –Not available yet © 2004 ABACUS
To return to ABACUS September 2004 Links Page >>>Click here<<<Click here