wireless security – let the nightmare end! steve lamb it pro security evangelist ...
TRANSCRIPT
Wireless Security – Let the Wireless Security – Let the Nightmare End!Nightmare End!
Steve LambSteve Lamb
IT Pro Security Evangelist IT Pro Security Evangelist
http://blogs.technet.com/steve_lambhttp://blogs.technet.com/steve_lamb
[email protected]@microsoft.com
AgendaAgenda
What’s wrong with wireless out of the box?What’s wrong with wireless out of the box?
Protected Extensible Authentiction Protected Extensible Authentiction Protocol(PEAP)Protocol(PEAP)
Extensible Authentiction Protocol - Transport Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)Layer Security(EAP-TLS)
PKI ReferencesPKI References
"Best Practices for Implementing a Microsoft "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure" Windows Server 2003 Public Key Infrastructure" on on http://www.microsoft.com/http://www.microsoft.com/pkipki
AgendaAgenda
What’s wrong with wireless out of the box?What’s wrong with wireless out of the box?
Protected Extensible Authentiction Protected Extensible Authentiction Protocol(PEAP)Protocol(PEAP)
Extensible Authentiction Protocol - Transport Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)Layer Security(EAP-TLS)
The challengeThe challenge
Huge fear of wirelessHuge fear of wireless
Rooted in misunderstandings of securityRooted in misunderstandings of security
Wireless can be made secureWireless can be made secure
Takes workTakes work
Need to understand problemNeed to understand problem
Need to plan for secure solutionNeed to plan for secure solution
Securing WirelessSecuring Wireless
Need to control who and with what Need to control who and with what (authenticate)(authenticate)
Need to control what they access (authorise)Need to control what they access (authorise)
Ensure integrity of communications (Encrypt)Ensure integrity of communications (Encrypt)
Ensure safe transfer of credentials (Encrypt Ensure safe transfer of credentials (Encrypt Authentication)Authentication)
Need to audit and reportNeed to audit and report
WEP setup and RC4WEP setup and RC4
Secret key shared between access point and all Secret key shared between access point and all clientsclients
Encrypts traffic before transmissionEncrypts traffic before transmission
Performs integrity check after transmissionPerforms integrity check after transmission
WEP uses RC4, a stream cipherWEP uses RC4, a stream cipher
[key] XOR [plaintext] [key] XOR [plaintext] [ciphertext] [ciphertext]
[ciphertext] XOR [key] [ciphertext] XOR [key] [plaintext] [plaintext]
Common attacksCommon attacks
Bit-flipping (encryption ≠ integrity)Bit-flipping (encryption ≠ integrity)
Flipping bit Flipping bit nn in ciphertext flips same bit in plaintext in ciphertext flips same bit in plaintext
Statistical attacksStatistical attacks
Multiple ciphertexts using same key permit Multiple ciphertexts using same key permit determination of plaintext XORdetermination of plaintext XOR
Enables statistical attacks to recover plaintextEnables statistical attacks to recover plaintext
More ciphertexts eases thisMore ciphertexts eases this
Once one plaintext is known, recovering others is Once one plaintext is known, recovering others is trivialtrivial
WEP’s “defenses”WEP’s “defenses”
Integrity check (IC) fieldIntegrity check (IC) field
CRC-32 checksum, part of encrypted payloadCRC-32 checksum, part of encrypted payload
Not keyedNot keyed
Subject to bit-flipping Subject to bit-flipping can modify IC to make altered can modify IC to make altered message appear validmessage appear valid
Initialization vector (IV) added to keyInitialization vector (IV) added to key
Alters key somewhat for each packetAlters key somewhat for each packet
24-bit field; contained in plaintext portion24-bit field; contained in plaintext portion
Alas, this small keyspace guarantees reuseAlas, this small keyspace guarantees reuse
More IV problemsMore IV problems
Say an AP constantly sends 1500-byte packets at Say an AP constantly sends 1500-byte packets at 11mbps11mbps
Keyspace exhausted in 5 hoursKeyspace exhausted in 5 hours
Could be quicker if packets are smallerCould be quicker if packets are smaller
Key reuse causes even more collisionsKey reuse causes even more collisions
Some cards reset IV to 0 after initializationSome cards reset IV to 0 after initialization
Some cards increment by 1 after each packetSome cards increment by 1 after each packet
802.11 standard does 802.11 standard does notnot mandate new per- mandate new per-packet IV!packet IV!
Classes of attacksClasses of attacks
Key and IV reuseKey and IV reuse
Known plaintext attackKnown plaintext attack
Partial known plaintext attackPartial known plaintext attack
Weaknesses in RC4 key scheduling algorithmWeaknesses in RC4 key scheduling algorithm
Authentication forgingAuthentication forging
Realtime decryptionRealtime decryption
VPNsVPNs
ProsPros
FamiliarityFamiliarity
Hardware IndependentHardware Independent
Proven SecurityProven Security
ConsCons
Lacks user transparencyLacks user transparency
Only user logon (not Only user logon (not computer)computer)
Roaming profiles, logon Roaming profiles, logon scripts, GPOs broken, scripts, GPOs broken, shares, management shares, management agents, Remote desktopagents, Remote desktop
No reconnect on resume No reconnect on resume from standbyfrom standby
Complex network structureComplex network structure
VPNsVPNs
More ConsMore Cons
No protection for WLANNo protection for WLAN
Bottleneck at VPN Bottleneck at VPN devices devices
Higher management & Higher management & hardware costhardware cost
Prone to disconnectionProne to disconnection
Yet more cons! (non-MS Yet more cons! (non-MS VPNs)VPNs)
33rdrd party licensing costs party licensing costs
Client compatibilityClient compatibility
Many VPN auth Many VPN auth schemes (IPsec Xauth) schemes (IPsec Xauth) are as bad as WEP!are as bad as WEP!
AgendaAgenda
Public Key Infrastructure and Cryptography(PKI)Public Key Infrastructure and Cryptography(PKI)
What’s wrong with wireless out of the box?What’s wrong with wireless out of the box?
Protected Extensible Authentiction Protected Extensible Authentiction Protocol(PEAP)Protocol(PEAP)
Extensible Authentiction Protocol - Transport Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)Layer Security(EAP-TLS)
PEAP encapsulationPEAP encapsulation
1. 1. Server authenticates to client
2. 2. Establishes protected tunnel (TLS)
3. 3. Client authenticates inside tunnel to server
No cryptographic binding between PEAP tunnel and tunneled authN No cryptographic binding between PEAP tunnel and tunneled authN methodmethod
Fix: constrain client (in GPO) to trust only a specific corporate root Fix: constrain client (in GPO) to trust only a specific corporate root CACA
Foils potential MitM attacksFoils potential MitM attacks
The many flavors of PEAP…The many flavors of PEAP…
Common point of customer confusion:Common point of customer confusion:
Microsoft released PEAPv0 (a.k.a MSFT-PEAP) while…Microsoft released PEAPv0 (a.k.a MSFT-PEAP) while…
Cisco released PEAPv1 (a.k.a Cisco-PEAP)Cisco released PEAPv1 (a.k.a Cisco-PEAP)
Support for PEAPSupport for PEAP
Most RADIUS servers on market now support PEAP version 0:Most RADIUS servers on market now support PEAP version 0:Cisco ACS (RADIUS server)Cisco ACS (RADIUS server)
Funk Steal Belted RADIUSFunk Steal Belted RADIUS
Interlink RADIUSInterlink RADIUS
MeetingHouse RADIUSMeetingHouse RADIUS
PEAP is supported in the following families:PEAP is supported in the following families:
Natively - Microsoft® Windows® 2003, Windows XPSP1+, Windows® Natively - Microsoft® Windows® 2003, Windows XPSP1+, Windows® 2000 SP4, Tablet2000 SP4, Tablet
Application or system upgrade - Windows 98, Windows NT 4.0 and Application or system upgrade - Windows 98, Windows NT 4.0 and Pocket PC 2002Pocket PC 2002
Internet Authentication Service (IAS) in Microsoft® Windows® 2000 Internet Authentication Service (IAS) in Microsoft® Windows® 2000 Server family and Windows Server® 2003 family support PEAPServer family and Windows Server® 2003 family support PEAP
no need to install third party RADIUS software. no need to install third party RADIUS software.
AgendaAgenda
What’s wrong with wireless out of the box?What’s wrong with wireless out of the box?
Protected Extensible Authentiction Protected Extensible Authentiction Protocol(PEAP)Protocol(PEAP)
Extensible Authentiction Protocol - Transport Extensible Authentiction Protocol - Transport Layer Security(EAP-TLS)Layer Security(EAP-TLS)
EthernetEthernet
Access PointAccess Point
Radius ServerRadius Server
802.1X On 802.11802.1X On 802.11
EAPOL-StartEAPOL-Start
EAP-Response/IdentityEAP-Response/Identity
Radius-Access-ChallengeRadius-Access-Challenge
EAP-Response EAP-Response (credentials)(credentials)
Access blockedAccess blocked
AssociationAssociation
Radius-Access-AcceptRadius-Access-Accept
EAP-Request/IdentityEAP-Request/Identity
EAP-RequestEAP-Request
Radius-Access-RequestRadius-Access-Request
Radius-Access-RequestRadius-Access-Request
RADIUSRADIUS
Laptop computerLaptop computer
WirelessWireless
802.11802.11802.11 Associate802.11 Associate
EAP-SuccessEAP-Success
Access allowedAccess allowedEAPOL-Key (Key)EAPOL-Key (Key)
Secure Wireless Deployment Secure Wireless Deployment ComponentsComponents
Wireless ClientsWireless Clients
Wireless Access Wireless Access
PointsPoints
Radio Types: 802.11 a/b/gRadio Types: 802.11 a/b/g
Network Authentication: 802.1X, Network Authentication: 802.1X, WPA, WPA2/802.11i*WPA, WPA2/802.11i*
Encryption: WEP, TKIP, AESEncryption: WEP, TKIP, AES
RADIUS ServerRADIUS Server
RADIUSRADIUS
EAP/TLS EAP/TLS
PEAP-MSCHAPv2PEAP-MSCHAPv2
Remote Access PoliciesRemote Access Policies
User account User account databasedatabase
Remote Access permissionsRemote Access permissions
Credentials = PasswordsCredentials = Passwords
Certificate Authority Certificate Authority
(optional)(optional)Credentials = CertificatesCredentials = Certificates
Secure Wireless Deployment Secure Wireless Deployment MS OfferingsMS Offerings
Windows XPWindows XP
Windows Wireless Zero ConfigWindows Wireless Zero Config
Native 802.1X, WPA, and soon WPA2*Native 802.1X, WPA, and soon WPA2*
Certificates, Passwords, Smartcards, Certificates, Passwords, Smartcards, RSAToken**RSAToken**
Wireless group policyWireless group policy
APAP Any Access Point supporting 802.11 Any Access Point supporting 802.11 and 802.1X standardsand 802.1X standards
Server 2003 IASServer 2003 IAS
EAP/TLS (certificates/smartcard)EAP/TLS (certificates/smartcard)
PEAP (password)PEAP (password)
Remote access policiesRemote access policies
Radius proxy functionsRadius proxy functions
Improved scalingImproved scaling
Server 2003 Active Server 2003 Active Directory Directory
Wireless group policyWireless group policy
User and computer authenticationUser and computer authentication
Server 2003 Server 2003 Certificate Certificate Authority Authority
User and computer auto-enrollmentUser and computer auto-enrollment
Secure Wireless Deployment Secure Wireless Deployment BenefitsBenefits
Windows XPWindows XP
Integrated Windows ClientIntegrated Windows Client
Standards based securityStandards based security
Evolving with the industryEvolving with the industry
Seamless sign-on experienceSeamless sign-on experience
APAP InteroperabilityInteroperability
Server 2003 IASServer 2003 IAS
SecuritySecurity
ManageabilityManageability
Policy-based access managementPolicy-based access management
ScalabilityScalability
Deep and wideDeep and wide
Server 2003 Active Server 2003 Active DirectoryDirectory
Centralized AdministrationCentralized Administration
Client configurationClient configuration
Access managementAccess management
Server 2003 Server 2003 Certificate Certificate Authority Authority
Automated client updatingAutomated client updating
Hidden SSIDHidden SSID
Does not provide any real securityDoes not provide any real security
Easily discoverable in well-used environmentsEasily discoverable in well-used environments
Windows client experience is impactedWindows client experience is impacted
MAC FilteringMAC Filtering
Does not scaleDoes not scale
NIC management issueNIC management issue
MAC is spoofableMAC is spoofable
““Shared” modeShared” mode
Sounds like more security but is actually worseSounds like more security but is actually worse
Not to be confused with Pre-Shared Key (PSK) which is more secureNot to be confused with Pre-Shared Key (PSK) which is more secure
Open networks and VPN’sOpen networks and VPN’s
Grants Grants everyoneeveryone access to the wireless segment access to the wireless segment
Great for hotspots, not for your businessGreat for hotspots, not for your business
Security Best Practices Security Best Practices What What NOTNOT to do to do
Security Best Practices Security Best Practices What to doWhat to do
Chose a security authentication Chose a security authentication
WPA with EAP-TLS and both user and computer certificatesWPA with EAP-TLS and both user and computer certificates
WPA with PEAP-MS-CHAP v2 and enforce strong user passwordsWPA with PEAP-MS-CHAP v2 and enforce strong user passwords
WEP with 802.1X authentication, EAP-TLS with both user and WEP with 802.1X authentication, EAP-TLS with both user and computer certificates, and periodic re-authenticationcomputer certificates, and periodic re-authentication
WEP with 802.1X authentication, PEAP-MS-CHAP v2, periodic re-WEP with 802.1X authentication, PEAP-MS-CHAP v2, periodic re-authentication, enforce strong user passwordsauthentication, enforce strong user passwords
Preventing roguesPreventing rogues
User education and policyUser education and policy
Ongoing MonitoringOngoing Monitoring
Don’t use Hidden SSIDsDon’t use Hidden SSIDs
Do use Wireless Group Policy Do use Wireless Group Policy
Install at least two IAS RADIUS serversInstall at least two IAS RADIUS servers
For best performance, install IAS on domain controllersFor best performance, install IAS on domain controllers
Use strong RADIUS shared secretsUse strong RADIUS shared secrets
Use as many different RADIUS shared secrets as Use as many different RADIUS shared secrets as possiblepossible
Use IAS RADIUS proxies to scale authentication trafficUse IAS RADIUS proxies to scale authentication traffic
Use IAS RADIUS proxies for separate account Use IAS RADIUS proxies for separate account databasesdatabases
Best Practices: ScalabilityBest Practices: ScalabilityMicrosoft RADIUS – Internet Authentication Microsoft RADIUS – Internet Authentication Service (IAS)Service (IAS)
IAS servers
WirelessAPs
IASRADIUSproxies
Using IAS RADIUS proxiesUsing IAS RADIUS proxiesLoad balancing of RADIUS trafficLoad balancing of RADIUS traffic
IAS serversIAS servers
Forest 1 Forest 2
WirelessAPs
IASRADIUSproxies
Using IAS RADIUS proxiesUsing IAS RADIUS proxiesCross-forest authenticationCross-forest authentication
Best Practices: ManagementBest Practices: Management
Use the Wireless Network (IEEE 802.11) Policies Group Use the Wireless Network (IEEE 802.11) Policies Group Policy settings to automatically configure wireless clients Policy settings to automatically configure wireless clients running Windows XP and Windows Server 2003 with running Windows XP and Windows Server 2003 with your SSID your SSID
If you have a native-mode domain, use universal groups If you have a native-mode domain, use universal groups and global groups to organize your wireless computer and global groups to organize your wireless computer and user accounts into a single group. and user accounts into a single group.
Use certificate auto-enrollment for computer certificatesUse certificate auto-enrollment for computer certificates
Use certificate auto-enrollment for user certificatesUse certificate auto-enrollment for user certificates
"Best Practices for Implementing a Microsoft Windows "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure" on Server 2003 Public Key Infrastructure" on http://www.microsoft.com/http://www.microsoft.com/pkipki..
Aligning with other security Aligning with other security initiatives initiatives
Network Health ComplianceNetwork Health Compliance
Lays down both the network infrastructure and ID Lays down both the network infrastructure and ID Management elements needed for NAP (Network Access Management elements needed for NAP (Network Access Protection)Protection)
Preserves investment in infrastructurePreserves investment in infrastructure
RADIUS is the center of policy making, enforcement and RADIUS is the center of policy making, enforcement and access control for Secure Wireless and NAPaccess control for Secure Wireless and NAP
Single sign-on Single sign-on
Secure Network SegmentationSecure Network Segmentation
IPSec and 802.1X work together by providing a defense in IPSec and 802.1X work together by providing a defense in depth strategydepth strategy
802.1X – hard outside – offers isolation802.1X – hard outside – offers isolation
IPSec – hard inside – offers resource protectionIPSec – hard inside – offers resource protection
Best Practices as applied to Best Practices as applied to MicrosoftMicrosoft
Microsoft IT Secure Wireless DeploymentMicrosoft IT Secure Wireless Deployment
Wireless ClientsWireless Clients
Wireless Access Wireless Access
PointsPoints
23-30K per day23-30K per day
Network Authentication: 802.1XNetwork Authentication: 802.1X
300K authentications per day300K authentications per day
Encryption: dynamic WEPEncryption: dynamic WEP
~5000 802.11b Cisco APs~5000 802.11b Cisco APs
90 countries, 300+sites90 countries, 300+sites
Single SSIDSingle SSID
RADIUS ServerRADIUS Server Puget Sound 2 Proxy, 4 RADIUS Puget Sound 2 Proxy, 4 RADIUS serversservers
Worldwide 5 Proxy/RADIUS serversWorldwide 5 Proxy/RADIUS servers
EAP/TLS EAP/TLS
Remote Access Policies enforcedRemote Access Policies enforced
User account User account databasedatabase
Remote Access permissionsRemote Access permissions
Group Policies for configurationGroup Policies for configuration
Certificate Authority Certificate Authority User and Machine CertificatesUser and Machine Certificates
Autoenrolled Autoenrolled
Microsoft Future Wireless DeploymentMicrosoft Future Wireless DeploymentWireless ClientsWireless Clients
Wireless Access Wireless Access
PointsPoints
Migration to 802.11i (WPA2)Migration to 802.11i (WPA2)
Thin AP/Wireless Switch Architecture Thin AP/Wireless Switch Architecture
Single Hardware PlatformSingle Hardware Platform
Multiple SSIDs, Independent servicesMultiple SSIDs, Independent services
Voice, Guest and Corporate NetworkVoice, Guest and Corporate Network
RADIUS ServersRADIUS Servers Independent RADIUS servers for Independent RADIUS servers for each serviceeach service
Different Auth methods for each Different Auth methods for each servicesservices
Proxies to distribute loadProxies to distribute load
User account databaseUser account database Multiple ADs to support Guests and Multiple ADs to support Guests and Corporate users.Corporate users.
Certificate Authority Certificate Authority User and Machine Certificates for User and Machine Certificates for corporate servicescorporate services
Autoenrolled Autoenrolled
ToolsTools
WEPCrack—breaks 802.11 keysWEPCrack—breaks 802.11 keys
http://wepcrack.sourceforge.net/http://wepcrack.sourceforge.net/
AirSnort—breaks 802.11 keysAirSnort—breaks 802.11 keys
Needs only 5-10 million packetsNeeds only 5-10 million packets
http://airsnort.shmoo.com/http://airsnort.shmoo.com/
NetStumbler—access point reconnaissanceNetStumbler—access point reconnaissance
http://www.netstumbler.comhttp://www.netstumbler.com
ResourcesResources
The Advantages of Protected Extensible Authentication The Advantages of Protected Extensible Authentication Protocol (PEAP)Protocol (PEAP)
http://www.microsoft.com/windowsserver2003/techinfo/overviehttp://www.microsoft.com/windowsserver2003/techinfo/overview/peap.mspxw/peap.mspx
Designing and Deploying Wireless LAN Connectivity for Designing and Deploying Wireless LAN Connectivity for the Microsoft Corporate Networkthe Microsoft Corporate Network
http://www.microsoft.com/technet/prodtechnol/winxppro/deployhttp://www.microsoft.com/technet/prodtechnol/winxppro/deploy/wlandply.mspx/wlandply.mspx
"Best Practices for Implementing a Microsoft Windows "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure" Server 2003 Public Key Infrastructure"
http://www.microsoft.com/http://www.microsoft.com/pkipki
Best Practices article in Technet Magazine – Nov 2005Best Practices article in Technet Magazine – Nov 2005
http://www.technetmagazine.comhttp://www.technetmagazine.com
© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.© 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.