Computer Network Forensics Lecture 5 - Wireless © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU

Wireless LANs Transmitter/receiver (transceiver), called an access point (AP), connects to a wired network End users access the wireless LAN through wireless-LAN adapters Single access point can support a group of users within a range of few hundred feet

Wireless LANs IEEE b standard by IEEE for wireless, Ethernet local area networks in 2.4 gigahertz bandwidth space IEEE b connects computers and other gadgets to each other, and to the Internet, at high speed, without cumbersome wiring, at low cost

Wireless LANs Laptops with PCMCIA card adapters Wireless LAN adapters Wired network

Wireless LANs Data rates ~ 1.6 Mbps range Throughput fine for , sharing printers, Internet access, multi-user databases Compatible with Ethernet or Token Ring Wireless LAN systems from different vendors might not be interoperable

Wireless LANs Applications Doctors and nurses in hospitals with PDA with wireless LAN access patient information instantly Warehouse workers can exchange information with central databases Senior executives in conference rooms make quicker decisions because they have real-time information at their fingertips

Neighborhood Area Network (NAN) People put up Access Points to cover a geographic neighborhood Coverage can be up to 1 kilometer in radius if the AP owner is using an omni-directional antenna Neighbors -in the NAN would use a directional antenna pointed back at the AP Thanks to NANs, anyone can walk around with a personal digital assistant (PDA) and be connected all around the neighborhood

Wireless LAN Popularity b Wireless access points ~$150 PC Card adapters ~ $70 Cheapness induces departments to set up on their own But there are inherent security problems Policy setting and technology deployment are equally important

Wireless LAN Security b Security features may not be turned on Wired Equivalent Privacy (WEP) and Media Access Control (MAC) address lists still leave WLANs vulnerable WEP encryption keys can be discovered by listening passively to sufficient traffic Positioning of APs is important to ensure traffic does not go out of corporate area

Wireless LAN Security Service Set Identifier (SSID) of each AP is needed by clients to access But SSIDs are broadcast by APs often Wireless Sniffer products can catch such points: AiroPeek NX, Sniffer Wireless 4.7, Observer 8.1, NetStumbler See

ReefEdge VPN WLAN Security Fix ReefEdge implements VPN firewall function to the wireless network Protects and secures wireless access to the enterprise network Authentication, encryption and fine-grained access controls Stops intruders from reading, modifying or injecting wireless traffic, or accessing protected resources

VPNs to the Rescue VPNs can encrypt wireless network traffic directly from the access point to the wireless client VPN-based systems have the benefit of being platform- and radio- technology-agnostic The WLAN can be situated behind a DMZ that's blocked off from the production network WLAN users may access the Internet through their wireless links — but will have to connect to the corporate network through an encrypted VPN link

Standard WLAN Deployment From Wireless Networks: The Definitive Guide by Matthew Gast

Matthew Gast Seven Security Problems of WLAN Easy Access - your network and its parameters are available for anybody with an card Rogue Access Points - Any user can run to a nearby computer store, purchase an access point, and connect it to the corporate network without authorization Unauthorized Use of Service – Anyone can access WLANs whose WEP feature is not turned on Service and Performance Constraints – 11 Mbps capacity of b is easily overwhelmed by sharing among multiple users; susceptible to DoS attacks by PING flood

Seven Security Problems of WLAN MAC Spoofing and Session Hijacking - your Attackers can observe the MAC addresses of stations on the network and use them for malicious transmissions (User Authentication and AP authentication needed) Traffic Analysis and Eavesdropping – Frame headers are always in the clear; WEP cracking is easy, though new products change the WEP key every 15 mins; for highly confidential data no substitute for strong encryption Higher Level Attacks – Once the WLAN is penetrated more dangerous attacks can be launched from within

Keeping your Wireless LAN Safe Enable WEP. Change the default SSID of your product. If your access point supports it, disable "broadcast SSID". Change the default password on your access point or wireless router. As a network administrator, you should periodically survey your site using a tool like NetStumbler to see if any "rogue" access points pop up.

Keeping your Wireless LAN Safe Many access points allow you to control access based on the MAC address of the NIC attempting to associate with it. Assign static IP addresses for your wireless NICs and turn off DHCP. It makes it tougher for the casual "drive by" to use your network. Buy access points or NICs that support 128-bit WEP. Only purchase access points that have flashable firmware. Check on additional proprietary security features beyond the b standard.

The most effective strategy: –Put your wireless access points into a DMZ, and –have the wireless users tunnel into your network using a VPN. Keeping your Wireless LAN Safe

Using a tool such as NetStumbler to detect –SSIDs –Manufacturer –Password –Encryption key Exercises

Reference Wireless Networks: The Definitive Guide by Matthew Gast, O’Reilly Press April , 464 pages, $44.95 US WLAN Deployment and Security Basics 00.asp 00.asp Keeping your Wireless Network Safe