Wireless Security – Getting It Right

by: Vishwadeep Bajaj

It may sound strange but is true that several organisations, which have adopted Wireless networking, are open to severe security breaches. Mostly the reasons are that organisations simply plug the access points and go live without bothering to change the default factory settings. Wireless local area networks are open to risk not because the systems are incapable but due to incorrect usage. The biggest problem lies with inadequate security standards and with poorly configured devices. For a start, most of the wireless base stations sold by suppliers come with the in-built security Wired Equivalent Privacy (WEP) protocol turned off. This means that unless you manually reconfigure your wireless access points, your networks will be broadcasting data that is unencrypted.

In the old world of wired local area networks, the architecture provides some inherent security. Typically there is a network server and multiple devices with an Ethernet protocol adapter that connect to each other physically via a LAN backbone. If you are not physically connected, you have no access to the LAN.

Compare it with the new wireless LAN architecture. The LAN backbone of the wired world is replaced with radio access points. The Ethernet adapters in devices are replaced with a radio card. There are no physical connections – anyone with a radio capability of sniffing can connect to the network.

What can go wrong?

Unlike the wired network, the intruder does not need physical access in order to pose the following security threats:

Eavesdropping. This involves attacks against the confidentiality of the data that is being transmitted across the network. In the wireless network, eavesdropping is the most significant threat because the attacker can intercept the transmission over the air from a distance away from the premises of the company.

Tampering. The attacker can modify the content of the intercepted packets from the wireless network and this results in a loss of data integrity.

Unauthorized access. The attacker could gain access to privileged data and resources in the network by assuming the identity of a valid user. This kind of attack is known as spoofing. To overcome this attack, proper authentication and access control mechanisms need to be put up in the wireless network.

Denial of Service. In this attack, the intruder floods the network with either valid or invalid messages affecting the availability of the network resources.

How to protect?

There are 3 types of security options – basic, active and hardened. Depending upon your organisation needs, you can adopt any of the above.

Basic

You can achieve the basic security by implementing Wired Equivalent Standard 128 or WEP 128. The IEEE 802.11 task group has established this standard. WEP specifies generation of encryption keys. The information source and information target uses these keys to prevent any eavesdroppers (who do not have these keys) to get access to the data.

Network access control is implemented by using a Service Set Identifier (SSID – a 32 character unique identifier) associated with an access point or a group of access points. The SSID acts as a password for network access.

Another additional type of security is Access Control List (ACL). Each wireless device has a unique identifier called Media Access Control address (MAC). A MAC list can be maintained at an access point or a server of all access points. Only those devices are allowed access to the network that have their MAC address specified.

The above implementations are open to attack. Even when you do turn on WEP, there are still problems inherent within it. The problem lies in the protocol's encryption key mechanism, which is implemented in such a way that the key can be recovered by analysing the data flow across the network over a period of time. This has been estimated at between 15 minutes and several days. The SSID attached to the header of packets sent over a wireless Lan - is sent as unencrypted text and is vulnerable to being sniffed by third parties. Unfortunately most supplier equipment is configured to broadcast the SSID automatically, essentially giving new devices a ticket to join the network. While this is useful for public wireless networks in places such as airports and retail establishments - in the US for example, Starbucks is offering 802.11b access in some of its stores - it represents another security loophole for corporates that do not switch it off. Finally any MAC address can be change!

d to another (spoofed), so the use of ACL is not foolproof either.

Active

To implement an Active type of security, you need to implement the IEEE 802.1x security standard. This covers two areas – network access restriction through mutual authentication and data integration through WEP key rotation. Mutual authentication between the client station and the access points helps ensure that clients are communicating with known networks and dynamic key rotation reduces exposure to key attacks.

Due to weaknesses in WEP, some standard alternatives to WEP have emerged. Most of the Wi-Fi manufacturers have agreed to use a temporary standard for enhanced security called Wi-Fi Protected Access (WPA).

In WPA, the encryption key is changed after every frame using Temporary Key Integrity Protocol (TKIP). This protocol allows key changes to occur on a frame-by-frame basis and to be automatically synchronized between the access point and the wireless client. The TKIP is really the heart and soul of WPA security. TKIP replaces WEP encryption. And although WEP is optional in standard Wi-Fi, TKIP is required in WPA. The TKIP encryption algorithm is stronger than the one used by WEP but works by using the same hardware-based calculation mechanisms WEP uses.

Hardened

There are organisations like banks, which have very stringent security requirements. They need to implement the hardened type of security systems. These are solutions certified in accordance with the Federal Information Protection Standard (FIPS 1.40). Products in this category offer point-to-point security for wireless information communication and include offerings such as AirFortress and IPSec Virtual Private Networks (VPNs). A VPN will increase the cost of your network, but you can base your decision on whether to implement it by using the same course of action that you should be taking with all other parts of your infrastructure. Map the risks against the business data that you will be passing over radio, and assess the financial impact of a breach. If the data is too critical, reassess what should be passed over the network, or use a VPN to enhance your protection.

Summary

The vendors are working towards implementing newer standards and this year we should see products implementing IEEE 802.11i that will further the authentication and encryption gains implemented by WPA. Most notably, it will add a ground up encryption standard known as Advanced Encryption Standard (AES) as well as various other enhancements.

Newer standards apart, organisations must understand that achieving wireless security is essential and the good part is that it is easy. An organisation must define its security needs and use the features available in the systems accordingly. Choose a good vendor who can help you implement your requirements through standards based solutions. A good implementation must be supported by a security policy, which is well understood by everyone in the organisation. Make your employees aware that they all are responsible for security and share the cost of security breaches. Assign authority & ownership to few employees for the various parts in the security policy and make periodic reviews of their performance. Most important is to monitor your systems for any possible breaches and adapt if necessary. Never sleep well.