Rev | Author | # | Line |
---|---|---|---|
2 | DanielLawson | 1 | WLUG Meeting - 22 August 2005 |
1 | CraigBox | 2 | |
4 | JohnMcPherson | 3 | Location: University of Waikato, [LitB] |
2 | DanielLawson | 4 | Time: 7pm |
5 | |||
7 | DanielLawson | 6 | DanielLawson is giving a talk on the current state of Wireless Security, covering [WEP], [WPA], [802.11i] and more. |
6 | DanielLawson | 7 | |
7 | DanielLawson | 8 | [WEP] - Wireline Equivalent Protocol. |
9 | * Introduced in 1997 as part of [IEEE] [802.11] standard | ||
6 | DanielLawson | 10 | * Attempt to make wireless networks "no less secure" than wired ones |
11 | |||
12 | Authentication: | ||
7 | DanielLawson | 13 | * one-way open authentication ([SSID]) |
6 | DanielLawson | 14 | * shared-key authentication |
15 | |||
16 | Encryption: | ||
7 | DanielLawson | 17 | * Wireline Equivalent Privacy ([WEP]) key |
6 | DanielLawson | 18 | |
7 | DanielLawson | 19 | [WEP] keys |
6 | DanielLawson | 20 | * 40 (or 104/128 bit) string |
7 | DanielLawson | 21 | * uses [RC4] |
22 | * combined with 24bit Initialization Vector ([IV]) | ||
6 | DanielLawson | 23 | |
24 | Pros: | ||
25 | * allows some control over access to network | ||
26 | * allows some protection against sniffing. | ||
27 | |||
28 | Cons: | ||
29 | * comprised key = complete breach in security | ||
30 | * pain to administer large number of machines | ||
31 | * algorithm broken; can break encryption if enough data observed | ||
32 | |||
7 | DanielLawson | 33 | [WPA] - Wi-Fi Protected Access |
34 | * Wi-Fi Alliance assembled a part of the upcoming [802.11i] standardin 2003 | ||
35 | * [TKIP] for encryption | ||
11 | CraigBox | 36 | * per-user, not per-device authentication and key distribution framework ([802.1X]) |
7 | DanielLawson | 37 | * Extensible Authentication Protocol ([EAP]) |
38 | * Can still use Pre-Shared Keys ([PSK]) | ||
6 | DanielLawson | 39 | |
7 | DanielLawson | 40 | [TKIP] |
41 | * [RC4] based | ||
42 | * Per-packet keying, [IV] changes, broadcast key rotation to get around [WEP] insecurities | ||
43 | * Message Integrity Check ([MIC]) to prevent [MITM] attacks | ||
6 | DanielLawson | 44 | |
11 | CraigBox | 45 | [802.1X] |
7 | DanielLawson | 46 | * [IEEE] standard for port-based authentication |
6 | DanielLawson | 47 | * Strong mutual authentication between client and auth server |
48 | * Authenticates a client through user-supplied credentials, rather than a computer | ||
49 | |||
50 | Keys | ||
7 | DanielLawson | 51 | * [TKIP] keys dynamically generated and distributed |
6 | DanielLawson | 52 | * Master key generated to seed key hierarchy |
7 | DanielLawson | 53 | * Master key given to [AP] and client |
6 | DanielLawson | 54 | * Per-user, per-session encryption - brute forcing attack very difficult! |
55 | |||
7 | DanielLawson | 56 | [EAP] |
6 | DanielLawson | 57 | * Extensible Authentication Protocol |
58 | * Allows different auth methods without infrastructure changes | ||
12 | CraigBox | 59 | * Originally designed for [PPP] connections, adapted for [LAN] ([EAPOL|EAP]) |
60 | * Many [EAPOL|EAP] auth protocols exist - [MD5], [TLS], [CHAP], [MS-CHAPv2], [SIM] (Subscriber Identity Module), EAP-AKA (Authentication and Key Agreement), GTC (Generic Token Card) | ||
61 | * Some methods add a tunnel for authentication information - [PEAP|EAP], [EAP-TTLS|EAP] (Tunneled [TLS]) | ||
6 | DanielLawson | 62 | |
7 | DanielLawson | 63 | [WPA2] |
9 | PerryLorier | 64 | * Full [IEEE] [802.11i] standard |
6 | DanielLawson | 65 | * Ratified in July 2004 |
11 | CraigBox | 66 | * [TKIP], [802.1X]/[EAP] |
7 | DanielLawson | 67 | * Added [AES] encryption |
6 | DanielLawson | 68 | |
7 | DanielLawson | 69 | [AES] |
8 | PerryLorier | 70 | * Counter cipher-block chaining mode ([CBC]), as opposed to [WEP]'s single stream cipher |
6 | DanielLawson | 71 | * Variable keys sizes - 128, 192, 256 bits |
72 | * "Good security" | ||
73 | |||
74 | |||
75 | Practical Wireless Security | ||
76 | |||
77 | Encryption Methods: | ||
78 | |||
7 | DanielLawson | 79 | * Only very early [802.11b] devices lack [WEP] support, .: [WEP] is a good "minimum" |
80 | * [WEP] adds some overhead - might see some drop in throughput. Better than handing out your email password? | ||
81 | * BUT, [WEP] can be broken. | ||
6 | DanielLawson | 82 | |
7 | DanielLawson | 83 | * Some [802.11b] and most [802.11g] (all?) devices have [WPA] support |
84 | * [WPA] addresses most of the problems | ||
85 | * Can still use [PSK] | ||
86 | * [PSK] used to seed the [TKIP] key hieararchy | ||
6 | DanielLawson | 87 | * Changing keys, so bruteforce attack not as feasable |
7 | DanielLawson | 88 | * [WPA] shown to still be insecure if keys are less than 20 characters long |
6 | DanielLawson | 89 | |
7 | DanielLawson | 90 | * [WPA2] has good encryption ([AES]) |
91 | * Some [WPA] implementations have [AES] support as well. This is also good! | ||
6 | DanielLawson | 92 | |
7 | DanielLawson | 93 | Is [PSK] ok? |
6 | DanielLawson | 94 | |
7 | DanielLawson | 95 | * For small networks, [PSK] works well |
6 | DanielLawson | 96 | * Know the userbase |
97 | * Can control when people add / leave network, and change keys appropriately | ||
98 | * Low admin time | ||
99 | * Perfect for home / small office use | ||
100 | |||
7 | DanielLawson | 101 | When is [PSK] not ok? |
6 | DanielLawson | 102 | * Large networks ( > 20 machines ?) |
103 | * Large admin cost | ||
104 | * Dynamic user base (eg cafe net, conference) | ||
105 | * If per-user security is needed (eg cafe net, conference) | ||
106 | |||
107 | |||
108 | Other considerations for wireless security: | ||
109 | |||
110 | End-to-end security | ||
7 | DanielLawson | 111 | * [WEP], [WPA], [WPA2] only secure "in the air" transmissions. No security on remaining wired transmissions (which might go over an unsecured wireless backhaul!) |
112 | * Use [VPN]s | ||
6 | DanielLawson | 113 | |
7 | DanielLawson | 114 | Multiple [SSID]s |
6 | DanielLawson | 115 | * Can be used to provide different levels of security |
116 | * different user groups | ||
117 | |||
7 | DanielLawson | 118 | [VLAN]s |
119 | * Many [AP]s now support VLAN tagging | ||
120 | * Per-port (per [AP]) | ||
121 | * [MAC] address (per physical computer - bad) | ||
122 | * Per [SSID] ([SSID]s are sniffable) | ||
11 | CraigBox | 123 | * Per user (via [802.1X]) |
6 | DanielLawson | 124 | |
7 | DanielLawson | 125 | Rogue [AP] detection |
6 | DanielLawson | 126 | * Network only secure as long as you control all aspects of it |
7 | DanielLawson | 127 | * insecure [AP]s without strict security controls can cause major security breaches |
6 | DanielLawson | 128 | |
129 | |||
11 | CraigBox | 130 | Implementation of WPA-RADIUS with 802.1X via FreeRadius |
10 | CraigBox | 131 | |
132 | See also: | ||
133 | |||
134 | * [How to set up a wireless network using Windows server WPA and RADIUS|http://www.hansenonline.net/Networking/wlanradius.html] | ||
13 | DanielLawson | 135 | * [Comparison of TTLS and PEAP|http://www.oreillynet.com/pub/a/wireless/2002/10/17/peap.html] |
lib/blame.php:177: Warning: Invalid argument supplied for foreach()