Computer Network ForensicsComputer Network ForensicsLecture 5 - WirelessLecture 5 - Wireless

© Joe CleetusConcurrent Engineering Research Center,

Lane Dept of Computer Science and Engineering, WVU

Wireless LANsWireless LANs

Transmitter/receiver (transceiver), called an

access point (AP), connects to a wired

network

End users access the wireless LAN through

wireless-LAN adapters

Single access point can support a group of

users within a range of few hundred feet

Wireless LANsWireless LANs

IEEE 802.11b standard by IEEE for wireless,

Ethernet local area networks in 2.4 gigahertz

bandwidth space

IEEE 802.11b connects computers and other

gadgets to each other, and to the Internet, at high

speed, without cumbersome wiring, at low cost

Wireless LANsWireless LANs

Laptops with PCMCIA card adapters

Wireless LAN adapters

Wired network

Wireless LANsWireless LANs

Data rates ~ 1.6 Mbps range

Throughput fine for e-mail, sharing printers,

Internet access, multi-user databases

Compatible with Ethernet or Token Ring

Wireless LAN systems from different

vendors might not be interoperable

Wireless LANs ApplicationsWireless LANs Applications

Doctors and nurses in hospitals with PDA with

wireless LAN access patient information instantly

Warehouse workers can exchange information

with central databases

Senior executives in conference rooms make

quicker decisions because they have real-time

information at their fingertips

Neighborhood Area Network (NAN)Neighborhood Area Network (NAN)

People put up Access Points to cover a geographic

neighborhood

Coverage can be up to 1 kilometer in radius if the AP

owner is using an omni-directional antenna

Neighbors -in the NAN would use a directional antenna

pointed back at the AP

Thanks to NANs, anyone can walk around with a

personal digital assistant (PDA) and be connected all

around the neighborhood

http://www.bawug.org/

Wireless LAN Popularity Wireless LAN Popularity

802.11b Wireless access points ~$150

PC Card adapters ~ $70

Cheapness induces departments to set up on

their own

But there are inherent security problems

Policy setting and technology deployment are

equally important

Wireless LAN Security Wireless LAN Security

802.11b Security features may not be turned on

Wired Equivalent Privacy (WEP) and Media Access

Control (MAC) address lists still leave WLANs

vulnerable

WEP encryption keys can be discovered by

listening passively to sufficient traffic

Positioning of APs is important to ensure traffic

does not go out of corporate area

Wireless LAN Security Wireless LAN Security

Service Set Identifier (SSID) of each AP is needed

by clients to access

But SSIDs are broadcast by APs often

Wireless Sniffer products can catch such points:

AiroPeek NX, Sniffer Wireless 4.7, Observer 8.1,

NetStumbler

See http://www.eweek.com/article2/0,3959,3586,00.asp

ReefEdge VPN WLAN Security FixReefEdge VPN WLAN Security Fix

ReefEdge implements VPN firewall function to the

wireless network

Protects and secures wireless access to the

enterprise network

Authentication, encryption and fine-grained access

controls

Stops intruders from reading, modifying or injecting

wireless traffic, or accessing protected resources

VPNs to the RescueVPNs to the Rescue VPNs can encrypt wireless network traffic directly from

the access point to the wireless client

VPN-based systems have the benefit of being platform-

and radio- technology-agnostic

The WLAN can be situated behind a DMZ that's blocked

off from the production network

WLAN users may access the Internet through their

wireless links — but will have to connect to the

corporate network through an encrypted VPN link

                                                         

Standard WLAN DeploymentStandard WLAN Deployment

From - 802.11 Wireless Networks: The Definitive Guide by Matthew Gast

                                                         

Matthew Gast http://www.oreillynet.com/pub/a/wireless/2002/05/24/wlan.html

Seven Security Problems of WLANSeven Security Problems of WLAN

Easy Access - your 802.11 network and its parameters are

available for anybody with an 802.11 card

Rogue Access Points - Any user can run to a nearby

computer store, purchase an access point, and connect it to the

corporate network without authorization

Unauthorized Use of Service – Anyone can access WLANs

whose WEP feature is not turned on

Service and Performance Constraints – 11 Mbps

capacity of 802.11b is easily overwhelmed by sharing among

multiple users; susceptible to DoS attacks by PING flood

                                                         

Seven Security Problems of WLANSeven Security Problems of WLAN

MAC Spoofing and Session Hijacking - your Attackers

can observe the MAC addresses of stations on the network and

use them for malicious transmissions (User Authentication and AP

authentication needed)

Traffic Analysis and Eavesdropping – Frame headers

are always in the clear; WEP cracking is easy, though new

products change the WEP key every 15 mins; for highly

confidential data no substitute for strong encryption

Higher Level Attacks – Once the WLAN is penetrated more

dangerous attacks can be launched from within

Keeping your Wireless LAN Safe Keeping your Wireless LAN Safe

Enable WEP.

Change the default SSID of your product.

If your access point supports it, disable "broadcast SSID".

Change the default password on your access point or

wireless router.

As a network administrator, you should periodically survey

your site using a tool like NetStumbler to see if any

"rogue" access points pop up.

Keeping your Wireless LAN Safe Keeping your Wireless LAN Safe

Many access points allow you to control access based on the MAC

address of the NIC attempting to associate with it.

Assign static IP addresses for your wireless NICs and turn off

DHCP. It makes it tougher for the casual "drive by" to use your

network.

Buy access points or NICs that support 128-bit WEP.

Only purchase access points that have flashable firmware.

Check on additional proprietary security features beyond the

802.11b standard.

The most effective strategy:

– Put your wireless access points into a DMZ, and

– have the wireless users tunnel into your network using

a VPN.

Keeping your Wireless LAN Safe Keeping your Wireless LAN Safe

Using a tool such as NetStumbler to detect

– SSIDs

– Manufacturer

– Password

– Encryption key

Exercises Exercises

ReferenceReference

802.11 Wireless Networks: The Definitive Guide by Matthew Gast, O’Reilly Press April 2002  0-596-00183-5, 464 pages, $44.95 US http://www.oreilly.com/catalog/802dot11/index.html

WLAN Deployment and Security Basics http://www.extremetech.com/article2/0,3973,1073,00.asp

Keeping your Wireless Network Safe http://www.extremetech.com/article2/0,3973,34635,00.asp