Embed Size (px)
Citation preview
Wireless and Broadband Net Access and SecurityWireless and Broadband Net Access and Security
Lesson 11
WirelessWireless IEEE 802.11 working group to define the interface between
wireless clients and their network access points.802.11a: uses OFDM (Orthogonal Frequency Division Multiplexing) to deliver up to 54Mbps in the 5GHz ISM band. (Industrial, scientific, medical – unlicensed part of spectrum)802.11b: HR-DSSS (High Rate Direct Sequence Spread Spectrum) to deliver up to 11Mbps in the 2.4GHz band. Actually appeared before 802.11a.802.11g: An enhanced version of 802.11b. Uses ODFM but operates in the 2.4GHz band. In theory can operate up to 54Mbps.802.11i: Aimed at better security. Wants longer keys than current WEP.
802.11 Frame Structure802.11 Frame Structure
Version Type SubtypeToDS
FromDS
MF Retry Pwr More W O
FrameControl
DurationAddress
1Address
2Address
3Seq
Address4
Data Checksum
Source and destination system, source and destination base stations
Why 4 addresses?
802.11 Frame Structure802.11 Frame Structure
Frame Control FieldProtocol Version: allows different versions of protocol to be used in same cell at the same timeType: Data, control, or management frameSubtype: RTS (request to send) or CTS (clear to send)To/From DS: frame sent to/from intercell distribution systemMF: More fragments to followRetry: retransmission of a frame sent earlierPwr: power management, put device in/out of sleep stateMore: additional frames followW: body had been encrypted using WEPO: sequence of bits with this set must be processed in order.
Wireless Application Protocol (WAP)Wireless Application Protocol (WAP)
Designed for systems withSlow processorsLimited memoryLower bandwidth
Much leaner than wired protocolsMake data transactions as compressed as possibleAllow for more dropped packets
WAP vs. wired network(Security+ Guide to Network Security Fundamentals)
WAP vs. wired network(Security+ Guide to Network Security Fundamentals)
WAP client access to networkWAP client access to network Step 1: Client makes a connection with the WAP
gateway and sends a request for the content it wants using WSP (Wireless Session Protocol)
Step 2: Gateway converts the request into the HTTP format and forwards it to the application server.
Step 3: Application server sends requested content back to the WAP gateway.
Step 4: Gateway converts the data using WSP, compresses it and sends it to the WAP client.
If the WAP client has enabled the Wireless Transport Layer Security (WTLS) protocol, data is encrypted.
The “Gap” in WAPThe “Gap” in WAP WAP 1.X does not require the use of WTLS. If it is not
enabled, all data is transmitted in the clear. Must convert at the gateway from WTLS to TLS. This
means that for a brief moment the data is in the clear and can be read at the gateway. This is the “Gap in WAP”.
What is the real security risk of this being exploited? WAP 2.0 employs TLS (Transport Layer Security) so no
conversion is necessary at the gateway.
Wireless Transport Layer Security (WTLS)Wireless Transport Layer Security (WTLS) 3 different classes of authentication
Class 1: Does not allow either the client or gateway to authenticate the otherClass 2: Allows the client to authenticate the gatewayClass 3: Allows both client and gateway to authenticate each other.
Class 3 ideal but few WAP-enabled devices use it since it requires a Wireless Identity Module (WIM) – a tamper-resistant device that holds digital signatures and has power to perform encryption for authentication purposes
WTLS Class 2 authenticationWTLS Class 2 authentication Prior to sending a request for a session, the WAP
device sends a request for authentication to the gateway. The client always initiates this process. The client can also challenge the gateway again at any time during the session.
The gateway sends a copy of its certificate, which contains the gateway’s public key.
The device receives the certificate and key and generates a unique random value for encryption.
The gateway receives the encrypted value and uses its own private key to decrypt it. Now both have new shared key.
Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP) The optional security mechanism specified by the
802.11 protocol to provide authentication and confidentiality in a wireless environment.
Uses RC4 algorithm Although the IEEE committee recommended that WEP
should be used, it also stated WEP should NOT be considered adequate security and strongly suggested other security mechanisms be used (e.g. other authentication processes)
Weaknesses with WEPWeaknesses with WEP Uses Initialization Vector (IV) and shared key between
users.Many sites use same shared key for all users, thus any individual can listen to anybody’s communication – sort of like ethernet.
IV is only 24 bits and will thus repeat after only a short period of time. This allows for several types of cryptographic attacks that utilize different messages encrypted with the same key.
RC4 algorithm itself is flawed and can be broken easily.
“War Chalking”“War Chalking”
SSID – Service SetIdentifier. Wirelessnetwork names sentwith wireless datapackets to helpdevices identify eachother.
SSID – should be cryptic so as to notprovide valuable datato potential attackers.
e.g. don’t use “ABCConsulting Firm” asa SSID.
BroadbandBroadband
Not a clear definition of what it isBaseband uses a signal pulsed directly on the transmission medium in the form of high-speed, square-wave pulses of direct current voltage.Broadband systems use cable television technology to divide the transmission medium into frequency bands or channels. Each broadband channel can be multiplexed to carry data, voice, or video.
Broadband (cont.)Broadband (cont.) The term is used to cover a gamut of alternatives for
handling high-bandwidth traffic.In the ITU’s definition it is any bandwidth in excess of the B-ISDN primary rate (25-1200Mbps)It has become a term used to cover any high-speed access mechanism.– ISDN– Cable– DSL– Wireless
ISDNISDN Integrated Services Digital Network
Probably really should be considered narrowband/baseband but…it is faster than dial-up.
What’s the reason behind ISDN?Normal voice lines limited to 4KHz which limits speed of data transmissionMost signaling is still in-band which is very consuming of bandwidth– The little out-of-band signaling that exists runs on lines separate to the
networkMost users have separate voice and data networks/linesTelephone and data equipment must be separately administered from the network it runs onThere are several voice, data and digital interface standards.
ISDN (cont.)ISDN (cont.) ISDN’s goal or vision:
Provide an international standard for voice, data and signalingMake all transmission circuits end-to-end digitalAdopt a standard out-of-band signaling systemBring more bandwidth to the desktop
Delivers this with existing copper cables, but requires ISDN digital-switching equipment
On the plus side, telephone calls can be made a lot faster than with the current analog equipment.
You will pay extra for the ISDN service (no surprise)
ISDN (cont.)ISDN (cont.) Requires an ISDN “modem”
Not really a modem. Modems translate digital signals to analog (and back) so existing POTS can be used.ISDN “modem” really a terminal adapter
ISDN allows you to use your line for voice calls as well as data
Though ISDN is faster than traditional POTS with modem, it is slower than DSL
Because of this, it isn’t as popular as DSL
ISDN (cont.)ISDN (cont.) Most common configurations:
Basic Rate Interface (BRI): 2B+D.– 2 64Kbps B(bearer) channels for data or voice– 1 16Kbps D(data) which can also be used for signaling
Primary Rate Interface (PRI): 23B+D or 30B+D– 23B+D equivalent to 1.544Mbps– 23 or 30 B channels and 1 D channel
CableCable Cable modems connect you to the Internet via the
coaxial cable (sometimes referred to as the broadband wire) that is used in your house to deliver Cable TV.
The coax cable enters a splitter inside your home which divides the transmission into that which will be sent to your TV and that which is destined for your computer through a cable modem.
The cable modem attaches to an ethernet card inside the computer. This card is configured the same as any other network card.
Cable (cont.)Cable (cont.)
Computer data is sent along frequencies that lie between the 100 6MHz frequency bands carrying TV programming.
Data Sent as standard IP packets. High bandwidth lets you:
Receive at speeds of 3-10 MbpsTransmit at speeds up to a maximum of 2 Mbps
Cable (cont.)Cable (cont.) Cable is a broadcast medium. Everyone connected to
the same distribution hub receives everyone else’s downloads too.
Cable companies generally divide each city into neighborhoods of about 500 homes which will all be on the same local area network.
If many folks access the system at the same time then speeds will be slower.
Obvious security implications to it being a broadcast medium.
Digital Subscriber Line (DSL)Digital Subscriber Line (DSL) Traditional analog transmissions and voice calls sent
over the POTS use only a small portion of the potential bandwidth.
DSL allows users to talk on the telephone and use the Internet at high speeds simultaneously – over a single line.
Several different variationsAsymmetric Digital Subscriber Line (ADSL)Very high-speed DSL (VDSL)G-Lite or Universal DSLRate adaptive DSL (RADSL)
ADSLADSL Asymmetric – more bandwidth is devoted to data
traveling downstream (to your machine) than upstream (from your machine)
Upstream traffic generally small portion of network traffic – especially web-based traffic.– 8Mbps downstream, 1Mbps upstream possible
0 4 6 100 180 1000 Kilohertz
Upstream data Downstream DataVoice
xDSL Transmission RatesxDSL Transmission Rates VDSL -- speeds as high as 10-26 Mbps downstream
but need to be within 4500 feet of a phone switch. ADSL – speeds up to 8 Mbps downstream need to be
18,000 feet from phone switch. G-Lite – allows only 1.5Mbps downstream at distances
to 18,000 feet from the phone switch. RADSL – reaches as far as 21,000 feet but is limited to
600Kbps-7Mbps downstream.
WirelessWireless “Broadband Wireless” initially an attempt to deliver cable TV
services – without the cable. Local Multipoint Distribution System (LMDS)
Receiver dishes located on top of apartment buildings can receive signal to broadcast to apartments via coax.Can also utilize 18” antenna in subscriber’s homeVariations used to transmit data and some attempts with voice.Local Multipoint Communication System (LMCS) used in Canada for wireless broadband data signalsRates up to 155 Mbps
Multipoint Multichannel Distribution Service (MMDS) Also known as Microwave Multi-point Dist SrvcUsed for longer distance (40 km) up to 10 Mbps
Broadband Security IssuesBroadband Security Issues
Broadband Internet access provides increased convenience and speed – but has its own security issues
Inexperienced usersContinuous connection (‘Always-on’)Bottom line, however, is it is basically “general security”
Dial-up –vs- BroadbandDial-up –vs- BroadbandBroadband attractive for emerging SOHO environments and for telecommuting.
SOHO securitySOHO security
Some Telecommuter SecuritySome Telecommuter Security
This is from the point of view of a business that is allowing employees to telecommute.
Broadband SecurityBroadband Security
Issues with “always-on” connections
Virus Attacks
Intruder Attacks
Personal and Network Firewalls
“Always-On” Connections“Always-On” Connections
ISPs generally use one of two methods to assign an IP address to a subscriber
Static– IP address for a machine remains the same even if
rebooted. Commonly used for servers.
Dynamic host configuration protocol (DHCP)– Used to temporarily assign an IP address to subscriber
systems. Commonly used by dial-up users to share a pool of addresses.
“Always-on” (cont.)“Always-on” (cont.) The strategy best protects dial-up users who go online
only for brief sessions. Each time they log off and dial in again, they will be assigned a new address.
With “always-on” connections such as DSL and cable modems, a user may have the same IP address for extended periods. This gives attackers a chance to connect to their computers.
Periodically, the address will “expire” but not quickly enough to avoid attackers potentially targeting the system.
Virus AttacksVirus Attacks As we mentioned before, probably the most widely understood threat. Standard anti-virus package that will scan received files is useful. May also want to periodically check your system’s files in case
“stealth” method used to access your wireless system. Basically concerned with viruses affecting computers/pc’s but
“Timofonica” virus actually sent messages (using a Short Message Service (SMS) gateway) to subscribers of the Timofonica service (Spanish Cell phone service).
Though no real damage, outside of wasted bandwidth, to the phones, many fear cell phone virus will be next generation of viruses.
Intruder AttacksIntruder Attacks Outside of wireless, medium is not to blame for a
technological change that has made it easier for individuals to attack systems.
What has changed is the range of possible targets. Now an individual’s own home pc is potentially accessible and may therefore become a target.
Need to eliminate file sharing on Windows 95/98 and Macintosh systems.
These features originally intended for use on private, secure local area networks, not the open environment found in cable modem world.
Personal and Network FirewallsPersonal and Network Firewalls A good idea is to install personal firewalls on
your pc to monitor suspicious activity and to filter traffic.
Software based firewalls – generally fairly inexpensive. Install directly onto your pc.Hardware based firewalls – many broadband Internet access devices include bundled firewall and NAT support. While more expensive than software firewalls, still affordable.
Other security considerationsOther security considerations Distributed Denial of Service (DDoS).
Small office and home pc’s increasingly becoming the target of individuals setting up DDoS networks. Target of DoS attack will not be the pc, it instead will be used to launch an attack on another system.
SniffingWith LAN nature of many broadband mechanisms, need to be cognizant of what you are sending since others are also sharing the same medium with you.
SummarySummary
What is the Importance and Significance of this material?
How does this topic fit into the subject of “Voice and Data Security”?
