WIRELESS LAN SECURITY 802.

11B AND CORPORATE NETWORK

Presented by Piyush Mittal Department of Computer Science & Engineering, National Institute of Technology, Rourkela

Contents:

Introduction Benets of Wireless LANs Wireless Security In The Enterprise Known Risks Wireless Information Security Management Managed Security Services for Wireless Internet Security Systems Wireless LAN Solutions Conclusion References

Introduction:
In 1999,the Institute of Electrical and Electronics Engineers(IEEE)

published standard 802.11,which species a group of technologies governing wireless Ethernet connectivity between client devices-such as desktop computers , laptop and personal digital assistants(PDAs)- and wireless hubs connected to the physical network. Wireless LAN typically emulate the wired networks traditional hub-spoke conguration and comprise two primary components : a wireless network interface card(NIC) and an access point(AP). The best known and most widely used variation of the 802.11 standard is 802.11b.Products conforming to the 802.11b standard are called WiFi(pronounced as Y-Phi) for wireless delity, so named by wireless Ethernet compartibility Alliance . This Alliance is an independent interoperatibility between 802.11b based devices. Under ideal conditions , WiFi products can receive and transmit data at speed up to 11Mbps.How ever in typical conditions most WiFi devices operate at speed between 1 and 5Mbps at 2.4GHz

Benets of Wireless LANs:

Simplied implementation and

maintenance. Extended reach. Increased worker mobility. Reduced total cost of ownership and operation

Wireless Security In The Enterprise

 802.11bs low cost of entry is what makes it so attractive.

However, inexpensive equipment also makes it easier for attackers to mount an attack. Rogue access points and unauthorized, poorly secured networks compound the odds of a security breach. The following diagram depicts an intranet or internal network that is properly congured to handle wireless trac, with two rewalls in place, plus intrusion detection and response sensors to monitor trac on the wireless segment. One rewall controls access to and from the Internet. The other controls access to and from the wireless access point. The access point itself is the bridge that connects mobile clients to the internal network.

Known Risks:
Although attacks against 802.11b and other wireless

technologies will undoubtedly increase in number and sophistication over time, most current 802.11b risks fall into seven basic categories: Insertion attacks. Interception and unauthorized monitoring of wireless trac. Jamming. Client-to-Client attacks. Brute force attacks against access point passwords. Encryption attacks. Miscongurations.

Insertion Attacks
Insertion attacks are based on deploying

unauthorized devices or creating new wireless networks without going through security process and review. 1. Unauthorized Clients. 2. Unauthorized or Renegade Access Points .

Interception and Monitoring of Wireless Trac

As in wired networks, it is possible to intercept and monitor

network trac across a wireless LAN. The attacker needs to be within range of an access point (approximately 300 feet for 802.11b) for this attack to work, whereas a wired attacker can be anywhere where there is a functioning network connection. All a wireless intruder needs is access to the network data stream.
1) 2) 3)

Wireless Packet Analysis . Broadcast Monitoring. Access Point Clone (Evil Twin) Trac Interception.

Jamming
Denial of service attacks are also easily applied to wireless

networks, where legitimate trac can not reach clients or the access point because illegitimate trac overwhelms the frequencies. An attacker with the proper equipment and tools can easily ood the 2.4 GHz frequency, corrupting the signal until the wireless network ceases to function. In addition, cordless phones, baby monitors and other devices that operate on the 2.4 GHz band can disrupt a wireless network using this frequency. These denials of service can originate from outside the work area serviced by the access point, or can inadvertently arrive from other 802.11b devices installed in other work areas that degrade the overall signal.

Client-to-Client Attacks
Two wireless clients can talk directly to each

other, bypassing the access point. Users therefore need to defend clients not just against an external threat but also against each other. 1) File Sharing and Other TCP/IP Service Attacks. 2) DOS (Denial of Service).

Brute Force Attacks Against Access Point Passwords

Most access points use a single key or password that

is shared with all connecting wireless clients. Brute force dictionary attacks attempt to compromise this key by methodically testing every possible password. The intruder gains access to the access point once the password is guessed. In addition, passwords can be compromised through less aggressive means. A compromised client can expose the access point. Not changing the keys on a frequent basis or when employees leave the organization also opens the access point to attack.

Attacks against Encryption

802.11b standard uses an encryption system

called WEP (Wired Equivalent Privacy). WEP has known weaknesses (see http://www.isaac.cs.berkeley.edu/isaac/wepfa q.html for more information), and these issues are not slated to be addressed before 2002. Not many tools are readily available for exploiting this issue, but sophisticated attackers can certainly build their own.

Misconguration
Server Set ID (SSID). Wired Equivalent Privacy (WEP). SNMP Community Passwords. Client Side Security Risk.

Wireless Information Security Management

The following items are an introduction to

this approach. 1) Wireless Security Policy and Architecture Design. 2) Treat Access Points As Untrusted. 3) Access Point Conguration Policy. 4) Access Point Discovery. 5) Access Point Security Assessments. 6) Wireless Client Protection.

Internet Security Systems Wireless LAN Solutions

Internet Security Systems products and services provide a robust security management solution

for wireless LANs. These rapidly expanding oerings encompass: 1) Security Software Products. 2) Managed Security Services. 3) Security Architecture Consulting. 4) Wireless LAN Security Education. 5) Product Updates.

Conclusion
Like most advances, LANs pose both opportunity and risk . The technology can represent a powerful complement to an organizations networking capabilities , enabling increased employee productivity and reducing IT cost . To minimize the attendant risk , IT administrator can implement a range of measures , including establishment of wireless security polices and practices , as well as implementation of various LAN design and implementation measures . Achieving this balance of opportunity and risk allows enterprises to codently implement wireless LANs and realize the benets this increasing viable technology oers.

References
1. Dale Gardner , wireless in security, information

security magazine , january 2002 (http://www.infosecurity mag.com/article/ january02/cover.html). 2. IEEE working Group for WLAN standard(http://grouper.ieee..org/groups/802/11/in dex.htm). 3. Peter Rysavy , Break free with wireless LANs ,Networkcomputing,october29,2008(http://www. networkingcomputing.com/1222/1222f1.htm). 4. Joel Conover Wireless LANs Work Their Magic,Networkingcomputing,2007(http://www.ne tworkingcomputing.com/1113/1113f2full.htm).