O'Reilly    
 Published on O'Reilly (http://oreilly.com/)
 See this if you're having trouble printing code examples


What Is Wireless Security

by Swayam Prakasha
03/30/2006

 

In this Article:

  1. Basic Security Measures in the 802.11x Standard
  2. Types of Wireless Network Attacks
  3. Preventive Measures
  4. Security Protections for Your Organization
  5. Summary
  6. References

The new standard in wireless networks--802.11g--offers speed, security, and performance. It is also the most widely employed standard in corporate internal wireless LAN networks. You can transfer data at up to 54Mbps using 802.11g (which is five times the speed of older 802.11b wireless networks). And wireless LANs provide some obvious benefits: they always provide on-network connectivity, they do not require a network cable, and they actually prove less expensive than traditional networks. Wireless networks have evolved into more affordable and logistically acceptable alternatives to wired LANs. But to take advantage of these benefits, your wireless LAN needs to be properly secured.

Network security in a wireless LAN environment is a unique challenge. Whereas wired networks send electrical signals or pulses through cables, wireless signals propagate through the air. Because of this, it is much easier to intercept wireless signals. This extra level of security complexity adds to the challenges network administrators already face with traditional wired networks. There are a number of extremely serious risks and dangers if wireless networks are left open and exposed to the outside world. This article covers the types of attacks wireless networks encounter, preventive measures to reduce the chance of attack, guidelines administrators can follow to protect their company's wireless LAN, and an excellent supply of online resources for setting up a secure wireless network.

Basic Security Measures in the 802.11x Standard

Let's have a look at some of the security features available in the 802.11x wireless standard.

Types of Wireless Network Attacks

As in wired networks, the basic controls you'll need include a host system that authenticates the user or device attempting to access the network, and encryption that protects the data as it travels from the user device to the access point, whether to ensure confidentiality or to ensure that no one has tampered with the message or changed its content. The wireless networks based on 802.11x have been plagued by some well-publicized security failings. The IEEE 802.11x protocol provides a different approach to security and security management that overcomes the failings of 802.11x Wired Equivalent Privacy (WEP). The following is the list of some of the main known security risks.

1. Insertion Attacks 2. Interception and Monitoring of Wireless Traffic 3. Misconfiguration 4. Client-to-Client Attacks 5. Jamming

The Wireless Equivalent Privacy (WEP) encryption built into 802.11x can be compromised relatively easily. Wireless sniffing programs, such as AirSnort, can implement attacks that exploit these weaknesses. WEP has some known weaknesses in how the encryption is implemented. Keep in mind that using WEP is better than not using anything; it at least stops casual sniffers.

Let's take a closer look at each type of wireless network attack listed above.

Insertion attacks: These occur when you place unauthorized devices on the wireless network without going through a security process and review. This type of attack can happen when an attacker tries to connect a wireless client to an access point without authorization. It is possible to configure the access points so that they require a password for client access. If there is no password, an intruder can connect to the internal network simply by enabling a wireless client to communicate with the access point.

Interception and monitoring of wireless traffic: As in wired networks, it is possible to intercept and monitor the network traffic across a wireless LAN. For this type of attack to take place, the only condition that needs to be satisfied is that he/she needs to be within the range of an access point.

Misconfiguration: Many access points ship in an unsecured configuration so that they can be handled and deployed easily. Unless each unit is configured prior to deployment, these access points will be a high risk for attack or misuse.

Client-to-client attacks: Two wireless clients can communicate with each other, bypassing the access point. Therefore, there is a need for the users to defend the clients not just against an external attack but also against each other.

Jamming: DoS (Denial of Service) attacks are easily applied to the wireless world, where legitimate information cannot reach the clients or access points, mainly because the legitimate traffic overwhelms the frequencies.

By gathering enough "interesting" packets, that is, those that contain weak initialization vectors (starting keys), the sniffers can decrypt WEP-encoded messages by breaking the keys employed by WEP. Some vendors are trying to fix this problem through firmware updates that provide "weak key avoidance."

Preventive Measures

Another way of deflecting the attacks is to change the WEP keys periodically. Before an attacker can gather enough information to deduce the keys, the keys themselves change. Unfortunately, WEP does not provide a facility to distribute keys to deployed devices. Traditionally, keys are delivered through some alternate communication method, usually involving a wired network that is considered to be secure. Key distribution is one management problem associated with WEP that causes administrative and security headaches. Another is the management of authorization for deployed devices. Device management is usually done through MAC addresses. A deployed wireless network allows or disallows access to the network by checking the requester's MAC address against an access-control list. Complications arise because most managers administer their access control lists at individual access points, rather than through a centralized database.

This decentralized approach gives rise to a large number of lists. If hardware is lost or stolen, updating the access points individually is time-consuming. Also, access control via MAC addresses has a greater problem: MAC-address spoofing is relatively trivial for the determined hacker or espionage agent to implement. As the above issues illustrate, not only is security flawed, but administration of the security structure in wireless networks is flawed as well.

IEEE 802.11x is an IEEE standard for "port-based network access control." It allows the decision of whether or not to permit network access to be made at the port, the point of contact to the network itself. Until a port is authenticated, it can be used only to pass traffic associated with the authentication process. Authentication can be user-based and managed at a centralized authentication server. In addition, 802.11x provides optional abilities to distribute keys. With its combination of centralized management, management by user instead of device, network protection, and key delivery, 802.11x seems to be the prescription for security, correcting WEP's failings.

The 802.11x protocol specifies Extensible Authentication Protocol (EAP) to carry authentication messages. As "extensible" implies, EAP can carry any number of actual authentication protocols. One example of an EAP authentication method is EAP-TLS. This protocol packages Transport Layer Security (TLS), an evolution of the Secure Sockets Layer (SSL) used in secure web browsing, on top of EAP's message structure. Another example is EAP-OTP, which specifies the use of "one-time passwords." For successful authentication, the entity requesting access to the network and the network's infrastructure must both support the same EAP "flavor." While a deployment requires administrators to consider infrastructure costs and interoperability, the technology is presently available, and deploying a wireless network without it would be a critical oversight.

Security Protections for Your Organization

If your organization wants to establish proper security protections, here are some important guidelines to follow.

Summary

Ultimately, security is everybody's business, and only with everyone's cooperation and consistent practices will it be achievable. Wireless security is a work in progress, so it is essential to administer a wireless network so that it becomes more and more secure. And with more organizations focusing strongly on wireless security, we can only expect to see many more secured wireless networks in the future.

References

The following online resources provide detailed information on wireless security.

Swayam Prakasha has been working in information technology for several years, concentrating on areas such as operating systems, networking, network security, electronic commerce, Internet services, LDAP, and Web servers. Swayam has authored a number of articles for trade publications, and he presents his own papers at industry conferences. Currently he works at Unisys Bangalore in the Linux Systems Group.


Return to the Security DevCenter.

Copyright © 2009 O'Reilly Media, Inc.