PwC Making Wireless Networks Secure Computerworld 30 Nov 2004 Mark Vos
PwC 2 Agenda The Future Of Wireless Security Concerns Risk Management Approach Key Design and development initiatives Live Demonstration Session 1 Session 2 Intro
PwC 3 Future of Wireless Technology Most hardware based on b protocol (802.11g fast replacing “b”), but there are others (eg a) Uses Direct Sequence Spread Spectrum (DSSS) modulation at unlicensed 2.4 GHz band (i.e., same band as cordless phones, microwaves, other unlicensed use) Ethernet-to-wireless bridge (i.e., transmits all protocols, not just IP) Speed between 1 and 11 Mbps based on distance (“g” up to 54 Mbps) Features Plug-and-play DHCP client (LAN port) DHCP server (wireless port) Support for most operating systems and form factors Inexpensive and visually appealing (it is OK to have one at home) Pervasive (Dick Smith / Harvey Norman sell them) Convergence of VoIP and Wireless
PwC 4 Some thoughts on wireless Tagging (RFID) Value proposition E-tags require no line of sight to be interrogated. They can be read through nonmetallic substances, paint, grease or other obscuring materials. They do not require surfaces with smooth flat contours. Can support a longer read range than bar codes Can store more data than bar codes and data can be updated Commercial viability Already significant RFID usage in healthcare in US and Europe. Used to tag anything from patients to equipment to medicines. Passive RFID tags are forecast to exceed 800 million in 2004 (Gartner T ) Privacy considerations Small size makes RFID tags difficult to see May be used to monitor, track, and control individuals without their consent
PwC 5 Security Concerns Corporate Unauthorised APs with default settings on trusted part of the network Anybody can join Open networks Wireless sniffing (very easy) and weak WEP encryption All traditional hacker attacks work Business travelers and home users Joining Open networks (possibly involuntary) while connected over VPN Lack of personal firewalls or IDS (no longer behind corporate firewall) Weak default settings for home network (no WEP) Insecure computers due to OS (e.g., Windows 98) or physical access (kids can use computer and add hardware and software) Possible regulatory violations related to Privacy and Security Availability and Quality-of-Service (2.4 GHz band open to public) Network management headaches due to DHCP and NAT
PwC 6 War Driving War Driving is the term attached to finding rogue AP’s. All that is needed is a network card, laptop, and an antenna. Default and unprotected networks are often discovered. One War Driving excursion through Sydney found 500+ networks, with less then half secured. Do you know how many access points are on your network ?
PwC 7 Risk Management Approach Threats Vulnerabilities Likelihood Impact Risk X X = =
PwC 8 Key Design / Deployment Initiatives Education Home users Business travelers Design and deployment Policies and procedures must address technology Determine application requirements Review the size, location, and staffing level of the area to be covered Physical access – locate APs away from windows, outside walls, etc. Enforce higher network speed – higher speed means shorter distance Treat wireless LANs as untrusted and use traditional Internet technologies to secure Network segmentation Firewalls and Intrusion Detection, including for laptops VPN for sensitive applications Verify use of secure encryption (WEP, WPA, WPA-PSK, WPA2, i) Use of a
PwC 9 Key Design / Deployment Initiatives Enforcement and audit Identify all networks on all channels; investigate all unauthorized Access Points Verify Open vs. Closed network Verify use of secure encryption
PwC Tools Net Stumbler Software that can find and identify wireless access points and level of encryption in use. Commonly used in War Driving to discover unauthorized access points Airsnort Software that can break WEP traffic while sniffing the network. The WEP algorithm was cracked by Rice intern at AT&T
PwC 11 Network Stumbler – Live Demo
PwC 12 Summary - Top 5 Mitigation Steps 1.Balance risk against cost of mitigation 2.Policies & Procedures must address technology 3.Determine business / application requirements 4.Treat wireless LAN’s as untrusted 5.Adopt the defense-in-depth principle