Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures
(IEEE 802.11 Wireless Networks)
James Burrell
Research project submission for the partial fulfillment of the requirements for the degree ofMaster of Science in Telecommunications
Advisor
Dr. Jeremy AllnuttDirector, M.S. Telecom ProgramGeorge Mason UniversitySchool of Information Technology & Engineering
December 2002
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Introduction To WLAN Technology
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Introduction
Wireless networking technologies offers many advantages over traditional wired (or physical) network connectivity, to include:
!Mobility support
!Rapid deployment of network resources
!Flexible implementation
!Scalability
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Basic WLAN Components
Wireless Network Interface Card(PCMCIA)
Wireless Access Point
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Spectrum Allocation
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Spectrum AllocationISM FREQUNCY BANDS
Frequency (Lower Limit) Frequency (Upper Limit) Total Bandwidth
902 MHz 928 MHz 26 MHz
2.4 GHz 2.4835 GHz 83.5 MHz
5.725 GHz 5.850 GHz 125 MHz
Industrial, Scientific, and Medical (ISM) Frequency Allocations (Source: Bruce)
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Standards802.11b HomeRF IrDA 802.11a 802.11g Bluetooth
Max Speed 11Mbps 10Mbps 4Mbps 54Mbps 54Mbps 1 Mbps
Frequency 2.4GHz 2.4 GHz Light waves 5GHz 2.4GHz 2.4 GHz
Indoor Range
150-300 feet 150 feet 1 meter 150-300
feet150-300
feet 30 feet
Application WLAN WLAN Device
Beaming WLAN WLANPersonal
Area Network
Wireless Networking Standards and Specifications (Source: Anderson)
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Transmission Technologies
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Transmission Technologies
• Spread Spectrum
• Narrowbeam Microwave
• Infrared
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Comparison of WLAN Transmission Technologies
Transmission Technology Range Limitation
Low High
Signal Interception Susceptibility
Low High
Susceptibility To Interference /
Jamming
Low High
Spread Spectrum **** **** ****
Narrowband Microwave **** ******************** ********************
Infrared ******************* **** ********************
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Network Topologies
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Topologies
Laptop PDA
PDALaptop
Peer-to-Peer (Ad hoc) Topology
Infrastructure Topology
Wireless Bridge Wireless Bridge
Point-to-Point Topology
EthernetSegment
WirelessSegment
Hybrid Topology
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
IEEE 802.11 Hybrid WLAN Topology
Physical Network Segment
RouterInternetPDA
LANSwitch
Network FirewallLaptop
Wireless AccessPoint
Wireless Network Segment
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Applications
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN ApplicationsWLAN Topology Application
Peer-to-Peer Ad hoc networking between mobile devices
Hybrid (Wireless/Wired) Network extension for wired LAN infrastructure
WLAN Client location flexibility and mobility
Point-to-Point Wireless connectivity between buildings or facilities
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN ApplicationsOrganization Application Advantage
Educational Institutions Classroom and student connectivity !Relocation of devices to different locations in classrooms
Health Care / Hospitals Patient monitoring and access to patient medical information !Mobility
Inventory Control Connectivity for portable inventory devices with central storage facility !Real-time reporting
Manufacturing Network connectivity for machinery in open locations and hazardous environments
!Relocation of devices to different locations!Hazardous environments
Conference Centers Provide connectivity to attendees with enabled devices !Rapid deployment
Education Shared computer resources among student classrooms and laboratories !Mobility
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN ApplicationsTactical/Military Rapid establishment of network
with mobility support in hazardous environments !Mobility
•Rapid network deployment
Multimedia Resources Provide wireless access to multimedia resources
!Shared Resources
Small Office/Home Office (SOHO)
Rapid establishment of low cost network infrastructure
•Low cost networking solution
Residential Rapid establishment of low cost network infrastructure
!Low cost networking solution
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Security Risks
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Security Risks• Network Detection
• RF Signal Limiting
• Interference and RF Disruption
• Unauthorized Network Access
• Data Interception
• Denial of Service
• Insider Threat
• Compromised Devices
• Illicit Access Point Deployment
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Security RisksSecurity Vulnerability Relative Security Risk Level
Low High Security Countermeasures
Detecting WLANs ********************
•Deactivate access point beacon and advertisement transmission
RF Signal Propagation
********************
•Minimize access point transmission level
Interference and RF Disruption*******
•Conduct RF environment analysis•Strategic location of access point deployments
Unauthorized Access **************************
•Use strong authentication
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Security RisksData Interception ************************** !Use encryption
Denial of Service *************!Implement measures to secure against unauthorized access
Insider Threat *********************!Background investigations!Require change of encryption key upon employee termination/dismissal
Compromised Devices*********************
!Security awareness!Reporting requirement for lost or stolen devices!Require change of encryption key if compromise is suspected
Illicit Access Point Deployment *********************!Limit physical access to wired network infrastructure!Conduct routine monitoring for illicit/improperly configured access point
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WEP Authentication / Encryption
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WEP Encryption ProcessPLAINTEXT MESSAGE CRC
ENCRYPTED MESSAGE
GENERATED ENCRYPTION SEQUENCE
IV
LEGENDCRC Cyclic Redundency
CheckIV Initialization Vector
Logical Exclusive-Or (XOR)Operation
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Weaknesses of WEP AlgorithmThe primary issues that have led to the defeating the security provided by WEP, is related to the:
!Implementation of the encryption algorithm
!Relatively short length of the shared encryption key
!IV being transmitted with its associated encrypted message
!Static nature associated with WEP encryption key management
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WEP Encryption Process
ENCRYPTED MESSAGEIV
Initialization Vector (IV)used to generate the
psuedo-random encryptionsequence is transmittedalong with the encrypted
message
ENCRYPTED MESSAGEIV
Initialization Vector (IV)used to generate the
psuedo-random encryptionsequence is transmittedalong with the encrypted
message
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
RF Signal Limiting
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
SNR Measurements At Selected Distances
(100mW Output Power)
0
10
20
30
40
50
60
10'
20'
100'
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
SNR Measurements For Selected Output Power Levels
0
20
40
60
80
100
120
0 20 40 80 100
Distance (Feet)
SNR
(dB) 100mW
50mW
5mW
1mW
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
RF Interference Source
Figure X.X Microwave Interference Source Effect On WLAN Transmissions(Distance From Wireless Device – 10 Feet)
0
10
20
30
40
50
60
Norma l
Int e rfe re nc e S ourc e
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Maximum Distances For Output Power Levels
0
200
400
600
800
1000
1200
100 50 5 1
Output Pow er (mW)
Dis
tanc
e (F
eet)
IEEE 802.11b2.4 GHz Wireless Access Point
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Firewall / Intrusion Detection System / VPN Integration
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Firewall Integration Into A Wireless Network Segment
PDA
LANSwitch
Laptop
Wireless AccessPoint
Wireless Network SegmentFirewall
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
IDS Integration Into A Wireless Network Segment
PDA
LANSwitch
Laptop
Wireless AccessPoint
Wireless Network SegmentFirewall
Intrusion DetectionSystem
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
VPN Integration Into A Wireless Network Segment
PDA
LANSwitch
Laptop
Wireless AccessPoint
Wireless Network SegmentVPN
Gateway
VPN / IPSec Tunnel
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Emerging Security Technology and Standards
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Emerging Security Technology and Standards
•IEEE 802.11e - Quality of Service (QoS)
•IEEE 802.11g - 54 Mbps over 2.4 GHz band
•IEEE 802.11h – Spectrum Manager 802.11a
•IEEE 802.11i - Enhanced security
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Summary / Conclusion
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Summary! The optimal security solution for WLANs involves a
combination of security technologies
! A detailed threat risk assessment and analysis is essential to determine which security measures, or combination of measures are the most effective
! The implementation of preventive and protective end-to-end security measures, such as firewalls, intrusion detection, and VPN technologies, provides the most secure and effective defense against the threats associated with the transmission of data over an insecure wireless medium
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Summary
! Requires implementation of policy requirements to ensure the effectiveness of security solutions
! Training information will emphasize the importance of security to network users
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Conclusion
• A combination of security measures will further increase the security offered by WLAN technologies
• Increased security will support new WLAN applications
• Emerging security technology will reduce the increasing security threats associated with providing wireless network connectivity