September 2007Wireless Networks1 Protecting Your Wireless Network University of Tasmania School Of Computing

September 2007 Wireless Networks 1

Protecting Your Wireless Network

University of TasmaniaSchool Of Computing


Tonight

This is for Home users Those with limited or no technical

expertise Simple networks with no extra

hardware e.g. no RADIUS/VPN servers etc

Those who want some background and straightforward advice


Agenda Background

Issues

Typical Configuration Options What do they mean

What you should do


A Wireless Network

What does the Access Point do? Internet

Each Computer is uniquely identified by its own IP Address and MAC

AddressIP: Internet ProtocolMAC: Medium Access Control


Wireless Local Area Networks

WLANs Technical Standards Institute of Electrical and

Electronics Engineers (IEEE) 802 802.11 committee

Many sub committees e.g. 802.11g - 54Mbps WLAN 802.11i - WLAN Security


WLAN StandardsSystem Advertise

dCapacityMax

Throughput

Frequency

Band

IEEE 802.11b

11Mbps 6Mbps 2.4GHz

IEEE 802.11g

54Mbps 31Mbps 2.4GHz

IEEE 802.11a

54Mbps 31Mbps 5GHz

IEEE802.11n

>100Mbps

?100Mbps 2.4GHz

802.11n final approval (publication date) is expected by October 2008. Standards are half duplex. Maximum achievable throughput is about 50% of theoretical capacity because of protocol overheads.

Draft 2.0


Unlicensed Spectrum - Legislation

Legal use of spectrum (in Australia) The 2.4Ghz band is divided into 13 channels

Not all channels are independent (ie. not interference free) Legislated power levels apply

Channel 1

Channel 2

Channel 3

Channel 4

Channel 5

Channel 6

Channel 7

Channel 8

Channel 9

Channel 10

Channel 11

Channel 12

Channel 13

2.412GHz 2.472GHz

microwave ovens….

You

Upstairs


Agenda Background

Issues


What you should do


What’s the Problem

Radio signals … Do not have a boundary

Penetrate walls, floors and ceilings

Get weaker the further away you are (from your wireless access point )


Wireless Range

If you measure the radio signal 1meter from the antenna as 100% then At 10m you will measure 1% At 100m you will measure 0.01% At 1km you will measure 0.0001%

It never goes away! just disappears into the background…


Boosting the Received Signal Increasing the rangehttp://www.usbwifi.orcon.net.nz/ Using cookware…

USB wireless device

SimpleCheap

Effective


Wardriving

War-chalking, -driving, -flying Recording the

whereabouts of WLANs Automation Web sites


Somewhere… http://www.larsen-b.com/Article/212.html


Starting A Wireless Connection

A wireless computer will: Start scanning automatically Seeking an active WLAN within range

Listening or probing for broadcasts… Access Points (networks) are identified

by a Service Set IDentifier (SSID) Configurable


Starting A Wireless Connection Authentication

Identify yourself to the network Access Point allows your equipment to use it

Association Message exchange to form a network

connection

Now you can use the network


WLAN Security Threats Anyone within range

can connect to your access point and use your computer and Internet

services

can receive the signal monitoring your activities

Unless…


Potential Threats Drive by Hacking

Use of your facilities for what?

Annoying the Neighbours Degradation of operation

More serious look at http://www.wardrive.net


Agenda Background

Issues


What you should do


Wireless Products and Users

A home user can not be expected to have any IT expertise

Installing wireless equipment is made as simple as possible

Advertising highlights the good points


A Popular Product

NETGEAR 108Mbps Wireless Firewall Router

WGT624 v2

Cable or DSL modemWireless RouterPC

Telephone Socket


NETGEAR WGT624 Security These are the advertised security features

Double Firewall Network Address Translation (NAT) Stateful Packet Inspection (SPI)

Denial of Service (DoS) attack prevention Intrusion Detection and Prevention Wired Equivalent Privacy (WEP) 64 and 128 bit Wi-Fi Protected Access (Pre Shared Key) Wireless Access Control (SSID)

To identify authorized wireless network devices Multiple VPN tunnels

Pass Through, 2 IPSec, and multiple L2TP and PPTP Exposed Host (DMZ) MAC address authentication


The Installation Guide How to connect the router How to Log in to the router

http://192.168.0.1 Run a setup wizard to connect to the

Internet Setup basic wireless connectivity

Default features Network Name(SSID): NETGEAR WEP Security: disabled



The wireless router was workingafter I switched it on.

I didn’t have to set anything!!


Proprietary

The network is opento anyone in range

Default

This is wrong



WEP Security Wired Equivalent Privacy (WEP)

Encryption intended to provide a level of security comparable to that of a wired LAN.

Confidentiality The fundamental goal of WEP is to prevent casual

eavesdropping

Access control (Optional) feature to discard all packets that are not properly

encrypted using WEP

Data integrity There is an integrity checksum field

The claimed security of the protocol “relies on the difficulty of discovering the secret key through a brute-force attack”




What is WPA WiFi Protected Access

WPA - WPA-Personal Uses an upgrade to WEP

Temporal Key Integrity Protocol (TKIP) Uses a pre-shared key based on a pass-phrase

WPA-PSK

WPA2 - WPA-Enterprise Uses Advanced Encryption Standard Ratified IEEE 802.11i Requires additional server support

extensible authentication protocol (EAP)


The Pass Phrase

8-63 characters long

10 20 30

Length in characters

Possible time to crack

minutesyears

lots of years


Now look at your other wireless computers


Configuring a Wireless Computer


Agenda Background

Issues


What you should do


Do’s Change the default settings

use your own SSID Makes your network less of an obvious attraction

change the administrator password on the AP

Enable and use the security features on the access point make use of the firewall and filtering offered on the access point

if they are not there then look at getting specific products

Use good passwords/pass-phrases for WPA for any shared directories on your computer

Enable MAC filtering allow only the computers you know/want on your network

this is a hurdle that can be bypassed (takes effort)


Do’s Manage the access point over a wired network

port

Look a the access point logs from time to time see who’s there

Keep the operational range to a minimum e.g. Lower the transmit power of the AP to minimise

signal propagation if you have the option.

Switch the access point off if you are not using it for any length of time



Don’t

Use a default for anything without serious consideration (and then still don’t)

Use WEP

Use a Pre Shared Key (PSK) based on a dictionary word


More on Passwords What you have learnt so far:

Passwords Protect your wireless networks

Effective passwords should be at least 20 characters long

Effective implementation is WPA The next bit:

Passwords and their uses Choosing and managing your passwords


Choosing & Managing your Passwords Authentication passwords (secret)

Generally shorter Often written down and stored securely Chosen and changed according to a

method known only to the creator Access Control passwords (shared)

Generally longer: pass phrase Need different method to choose these


Choosing & Managing your Passwords

It is common to find people choosing authentication passwords based on their personal lives

Tiddles1 Fido&Tiddles MyFidoDog

Or personal names, car number plates, birth dates etc

Introducing Fido and Tiddles


Choosing & Managing your Passwords Such methods are insecure because

attackers can guess these using ‘social engineering’ But they are very common as a basis for

authentication passwords What clues do we give attackers if our

access control WPA password is FidoFidoFidoTiddlesTiddles AnthonyBen2102861234



Tip #1 choose your WPA password using a very different method from the one you use to chose your authentication password Your WPA password will be shared You are not the only one controlling

the sharing



Tip #2 find a method that will produce a 20 character password that you can remember tell someone else easily

Not &%^$3wd9!fhKK#?….

Hints Think of the term pass phrase rather

than word


Choosing & Managing your Passwords Hints

Use lines from poems and other texts The boy stood on the burning deck My teddy bear is rather fat

Use lines from tunes and songs We’re all going on a summer holiday By saying something stupid like I

Use funny phrases Configuring this router is making me cross I often cook burnt offerings


Choosing & Managing your Passwords Hints

Add some capitals and replace o with 0 & I with 1 and use some SMS abbreviations

The b0y stood on Burn1ng deck My teddy bear 1s Rather fat We’re All go1ng on a summer hol1day By saying Something Stupid like 1 Configuring th1s ** router is making me X

Write this down and file in a secure place With some physical access control


Choosing & Managing your Passwords Finally

Remember your WPA password will be shared

It should give no clues as to how you construct your authentication passwords

You may trust your daughter but do you trust your daughter’s friend’s boy friend?

If in doubt change the pass phrase Access to your network is the first step to

access to your money!


More Information Understanding the updated WPA and WPA2 standards

Date: June 2nd, 2005 http://blogs.techrepublic.com.com/Ou/?p=67

www.wigle.net/gps/gps/main/stats/

www.gwifi.net


Additional (technical) Information


WEP (very simply)

YOUR DATA

+

“KEY STREAM”

ENCRYPTED DATA

You need to know the “Key Stream” to extract the dataBUT

If you know the “encrypted data” and “your data” you can work out the key stream

YOUR DATA

+

“KEY STREAM”


More BUTs BUT

The Key stream changes for each data message sent

BUT There are a fixed number of these streams

You have to tell the receiver which one to use


Open System Authentication[Clear text]

Client sends probe (seeking AP)

AP sends response

Clients sends authentication request to AP

AP sends confirmation

Clients sends association request to AP

AP sends confirmation and registers

ClientAccesspoint


Shared Key

Clients sends authentication request to AP

AP sends response containing unencrypted challenge

Clients sends WEP encrypted challenge to AP

AP checks response before confirming and registering

Client

Accesspoint

Client sends probe (seeking AP)

AP sends response


Issues Open System

A computer can authenticate to the access point without knowing the WEP encryption key

The computer can’t, however, communicate without this key

Shared Key A listener can see the “challenge” and then

the encrypted challenge This allows a keystream to be worked out


TKIP

Temporal Key Integrity Protocol

Keep the same hardware used for WEP but replace WEP with new firmware

Ensures that every data packet is sent with it’s own unique encryption key


IEEE 802.1X Provides a framework

authentication and control dynamically varying encryption keys

Requires a server

Makes use of a protocol called EAP (Extensible Authentication Protocol)

this is used across both the wired and wireless LAN media

Multiple authentication methods are supported


IEEE 802.1X Does not provide the actual authentication

mechanisms Choose an EAP type

EAP software support resides on an authentication server and within the operating system or application software on the client devices

The wireless access point passes on 802.1X messages

No new access point is needed when updating EAP


IEEE 802.1X Referred to as port based network access

control

Network or InternetAccess

AuthenticationServer

UncontrolledPort

ControlledPort

AccessPoint

Wireless Link

Supplicant


IEEE 802.1X After authentication

Network or InternetAccess

AuthenticationServer

UncontrolledPort

ControlledPort

AccessPoint

Wireless LinkNow, you are allowed access

Supplicant



Passwords &Their Uses Authentication

Used to verify a claimed identity Eg account number/password for Internet banking ATM card and PIN

Vital that this is SECRET Knowledge of these kinds of passwords allow

someone else to pretend to be you Most people use several of these kinds of

passwords User has to remember which one to use and what it

is


Passwords &Their Uses

Access Control Used to verify the right to use a resource

Eg wireless network name / WPA password Passwords protecting shared files

These passwords are designed to be SHARED But only among the special few

This is a new use for passwords Choosing and managing these provides different

challenges

Documents

September 2007Wireless Networks1 Protecting Your Wireless Network University of Tasmania School Of Computing