1. Wireless Networks: There Be Dragons!
Marc Rogers PhD, CISSP
Director of Information Security Services
Manageworx Infosystems Inc.

2. Copyright (C) Manageworx 2003

3. Copyright (C) Manageworx 2003
Agenda
The business impact of wireless
Wireless Networking basics
Brief history of WLAN
WLAN threats (802.11b)
WLAN risk mitigation
Conclusions
Copyright (C) Manageworx 2003

4. Copyright (C) Manageworx 2003
The Impact
Wireless is at the same state today that the Internet was in 1995
As of 2003, 1/5th of the world’s population using wireless devices
WLAN Business Drivers:
Faster realization of ROI
32 users with a total cost of ownership of $20,000 over three years would deliver a benefit of $300,000 over a three-year period.
150 users with a total cost of ownership of $60,000 over three years would deliver a benefit of $1,000,000 over a three-year period.
1000 users with a total cost of ownership of $400,000 over three years would deliver a benefit of $5,000,000 over a three-year period.
(Source: IntelFinance 2002)
Copyright (C) Manageworx 2003

5. Copyright (C) Manageworx 2003
Growth of WLAN
Source: Gartner 2002
Copyright (C) Manageworx 2003

6. Vertical Mobile Application Trends
Copyright (C) Manageworx 2003

7. Impact of Mobile Applications
Copyright (C) Manageworx 2003

8. Copyright (C) Manageworx 2003
Basic Overview
Wireless Networks
Transport mechanism between devices and the traditional wired networks
Covers various technologies
2G Cellular, Cellular Digital Packet Data (CDPD), Global System for Mobile Communication (GSM), WLAN
Ad Hoc Networks
Shifting network topologies
Short distances
Blue tooth
Cell phones
Laptops
PDAs
Wireless LANS (WLANS)
Connects computers and other components to networks using an access point device
IEEE Standard
Copyright (C) Manageworx 2003

9. Copyright (C) Manageworx 2003
WLAN History
Late 1980’s Motorola developed the first commercial WLAN
1990 – IEEE initiated the project
IEEE approves the international interoperability standard
1999 – IEEE ratifies the a & b wireless network communication standard
802.11b is the current, most used standard
Frequency 2.4GHz – 2.5GHz Industrial, Scientific, and Medical (ISM)
Maximum transmission speed 11Mbits per second
802.11a is soon to be released
5 GHz frequency
54 Mbps
Copyright (C) Manageworx 2003

10. Copyright (C) Manageworx 2003
WLAN Threats
All the vulnerabilities that exist in a wired network
Plus others
General consensus on at least 8 top issues
Copyright (C) Manageworx 2003

11. Copyright (C) Manageworx 2003
WLAN Security
Top 8 Security Issues with b
Access Point Mapping
SSID Broadcasting
SSID Naming Conventions
Security Architecture
Radio Frequency Management
Default Settings
Encryption
Authentication
Copyright (C) Manageworx 2003

12. Copyright (C) Manageworx 2003
Top b Security Issues
1. Access Point Mapping
Access points can be monitored and located using freely available software, known as ‘war driving.’
Mapping tools can give you information that can allow you to become part of their network, such as channel number (you can change the name of your wireless to match the ssid, and at that point you can actually become part of the network, as long as they assign you an ip address, through dhcp, or if you can sniff an ip address you can simply change yours to match.
You also get longitude and latitude parameters with gps capabilities.
Copyright (C) Manageworx 2003

13. Copyright (C) Manageworx 2003
Top b Security Issues
1. Access Point Mapping
By getting the latitude and longitude parameters from the software, you can know exactly where the access points are, and at that point you can basically do anything you like within the realm of your creativity.
Copyright (C) Manageworx 2003

14. Copyright (C) Manageworx 2003
Top b Security Issues
2. SSID Broadcasting
SSID = Company A
SSID = Company A
SSID
SSID
The ssid is essentially the network name, which allows an attacker to simply change the network name on his/her laptop, which in effect allows the attacker to become part of the network. That’s all it really takes.
Copyright (C) Manageworx 2003

15. Copyright (C) Manageworx 2003
Top b Security Issues
3. SSID Naming Conventions
SSID = tsunami
SSID
Default SSID
Cisco = tsunami
3COM = 101
Agere = WaveLAN
Linksys = Linksys
Dlink = default
Vendors will have ‘default’ ids and passwords set that can be used by attackers. Shown in the box is the default Cisco wireless id.
Copyright (C) Manageworx 2003

16. Copyright (C) Manageworx 2003
Top b Security Issues
4. Security Architecture
Internet
DMZ (Web Servers,
Mail Servers)
Firewall
If you’ve got an access point in the internal network, then you’ve basically opened it up to everyone. A better to solution is to create a dmz where you have an access point, which is shown on the next slide.
Internal Network
Copyright (C) Manageworx 2003

17. Copyright (C) Manageworx 2003
Top b Security Issues
5. Radio Frequency Management
Building A
Parking Lot
Poor RF management will lead to unnecessary transmission of your RF signal into unwanted areas.
Also consider other devices which may cause interference such as 2.4GHz cordless phones or Bluetooth.
Making sure that your footprint doesn’t go past what you can control. Bluetooth can impact the availability of your b network, because bluetooth can disrupt your signals (that’s why they don’t allow you to use your cellphones in hospitals, etc.)
Copyright (C) Manageworx 2003

18. Copyright (C) Manageworx 2003
Top b Security Issues
6. Default Settings
Most Access Points come with no security mechanisms enabled.
Unless you take some steps to increase the security of the ‘default’ shipment of wireless, then you don’t really have any security at all.
Copyright (C) Manageworx 2003

19. Copyright (C) Manageworx 2003
Top b Security Issues
7. Encryption
Most Access Points are implemented without using some form of Encryption.
Clear Text Passwords
IP Addresses
Encryption can protect your wireless transmissions.
Company Data
Copyright (C) Manageworx 2003

20. Copyright (C) Manageworx 2003
Top b Security Issues
8. Authentication
802.11b does not contain adequate authentication mechanisms. The two forms of authentication included with b are Open System Authentication (OSA) and Shared Key Authentication (SKA).
Open System Authentication
All you need is the SSID
Negotiation is done in clear text
Shared Key Authentication
SSID and WEP Encrypted key required
Request (SSID)
Accepted (SSID)
Challenge Text (WEP)
Challenge Response (WEP)
You need to add user and device authentication to increase the security of your wireless networks. Eg, two-factor, radius, tacacs, vpns,etc.
Copyright (C) Manageworx 2003

21. Copyright (C) Manageworx 2003
Risk Mitigation
Management Countermeasures
Security Policy
WLAN specific Policy
Operational Countermeasures
Physical security
Access controls
Placement of the AP
Location
Range
Copyright (C) Manageworx 2003

22. Copyright (C) Manageworx 2003
Risk Mitigation
Technical Countermeasures
Hardware/Software solutions
Access Point configuration
Updating default passwords
Proper encryption settings
Controlling the reset function
MAC ACL functionality
Changing the SSID
Changing the default crypto keys
Copyright (C) Manageworx 2003

23. Copyright (C) Manageworx 2003
Risk Mitigation
Technical Countermeasures (cont’d)
Change default SNMP parameter
Change default channel
DHCP
Authentication
VPNs
BIOMETERICS
Personal firewalls
IDS
Security Assessments
Copyright (C) Manageworx 2003

24. Copyright (C) Manageworx 2003
Conclusions
Wireless technology is in boom phase
Businesses are “leaping” into the wireless arena
Caution is required
Still an evolving technology
WLAN has risks
Need to properly manage the “risk”
No magic bullet for complete protection
Treat WLAN traffic as “Untrusted” traffic
Copyright (C) Manageworx 2003

25. Wireless Security Tools
Net Stumbler
WEP Crack
MAC Stumbler
Airsnort
Copyright (C) Manageworx 2003

26. Copyright (C) Manageworx 2003
QUESTIONS
Copyright (C) Manageworx 2003

27. Copyright (C) Manageworx 2003
Contact Information
Dr. Marc Rogers
(204)
Copyright (C) Manageworx 2003