Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Wireless networks do not have the inbuilt physical security of wired networks, and are unfortunately
more prone to attacks from intruders. Once unauthorized access is gained to the wireless network , the
intruder would be able to easily access the resources of the corporate, internal network. To complicate
matters, there are numerous tools which attackers can use to detect and connect to a wireless network,
thus making abusing a wireless network not an intricate task.
The types of attacks that wireless networks are vulnerable to are listed below:
• Eavesdropping: In this attack, the intruder attempts to capture traffic when it is being transmitted
from the wireless computer to the wirelessaccess point (WAP).
• Masquerading: Here, the intruder masquerades as an authorized wireless user to access network
resources or services.
• Denial of service (DoS): The intruder attempts to prevent authorized wireless users from accessing
network resources by using a transmitter to block wireless frequencies.
• Man-in-the-middle attack: If an intruder successfully launches a man-in-the-middle attack, the
attacker could be able to replay, and modify wireless communications.
• Attacks at wireless clients: The attacker starts a network attack at the actual wireless computer
which is connected to an untrusted wireless network.
To secure wireless networks and wireless connections, administrators can require all wireless
communications to be authenticated and encrypted. There are a number of wireless security
technologies that can be used to protect wireless networks from the different types of attacks that it is
vulnerable to. The more common technologies used to protect wireless networks from security threats
are:
• Wired Equivalent Privacy (WEP)
• Wi-Fi Protected Access (WPA)
• IEEE 802.1X authentication
•
Wired Equivalent Privacy (WEP) Overview
Wired Equivalent Privacy (WEP) is a wireless security protocol that uses a shared key, to encrypt traffic
prior to it being transmitted. The encryption algorithm used by WEP is the RC4 encryption
algorithm which is a stream cipher. Shared key authentication enables wireless communication to be
encrypted and decrypted. The IEEE 802.11 standard defines WEP for providing protection from casual
eavesdropping. What this means is that WEP was designed to provide data privacy.
WEP does not work well where high levels of security are required. Authentication, access control and
virtual private networks should be used where high levels of security are required. This is because the
shared secret of WEP can be easily discovered by analyzing captured wireless traffic. In fact, numerous
readily available tools exist that can be used to decipher WEP encryption and capture and analyze
wireless traffic.
However, if WEP is used correctly, it can provide some degree of security. This would involve:
• Enabling sufficient encryption wherever possible.
• Not using the default WEP options.
• Implementing stringent key management processes.
To provide protection from casual eavesdropping, there are a number of options which WEP provides,
including the following:
• 64-bit encryption: Here, the length of the encryption key defines the degree of encryption that is
provided to secure transmissions.
• 128-bit encryption: 128-bit encryption provides greater security than 64-bit encryption.
• No encryption: When WEP is configured with the No encryption option, all transmissions are sent in
clear-text.
As mentioned earlier, the encryption algorithm used by WEP is the RC4 encryption algorithm which is a
stream cipher. The stream cipher is used by the sender and receiver to create pseudorandom strings
from the shared key.
The process that occurs when WEP is used for securing transmissions is explained below:
1. The plaintext message is passed through the CRC-32 integrity check algorithm to generate the
integrity check value (ICV).
2. The integrity check value (ICV) is then appended to the end of the plaintext message.
3. The random 24-bit initialization vector (IV) is produced next, and is then added to the beginning of
the secret key.
4. The random 24-bit initialization vector (IV) is used in the Algorithm (KSA) to create a value for the
WEP pseudorandom number generator (PRNG).
5. The WEP PRNG produces the encrypting cipher stream.
6. The encrypting cipher stream is XOR’ed with the message to create the WEP ciphertext.
7. The WEP ciphertext is next added with the IV, and is then encapsulated and sent.
8. Each frame uses a new IV, which means that the RC4 key has a different value.
A few advantages of using WEP to prevent intruders from examining traffic being transmitted between
the AP and clients are summarized below:
• WEP is easy to implement. You only have to configure the encryption key on the APs and your
clients.
• WEP can provide basic security for WLAN applications.
• Transmission privacy is ensured through RC4 encryption. This means that the shared secret key
has to be used for decryption.
• Transmission integrity is ensured by the CRC-32 checksum.
The main disadvantages associated with using WEP are:
• WEP has weak cryptography. It has been proven that the shared secret used by WEP can easily be
discovered by analyzing captured traffic.
• For providing WLAN security, WEP is inadequate. You have to use it together with another
technology.
• You have to ensure that WEP is implemented on all APs and on all clients for it to operate.
• WEP is difficult to manage because it provides no mechanism to change the shared secret. If you
want to change the secret key, all APs and all clients must be simultaneously changed.
The WEP standards provide the following types of two authentication methods:
• Open authentication: Open authentication offers no user authentication. Any client can connect
without providing a password, and all requests are allowed.
• Shared key authentication: Wireless clients are required to authenticate by means of a shared
secret. Shared key authentication makes use of cryptographic mechanisms used by WEP for
authentication. The process that occurs when shared key authentication is used is outlined below:
1. The client or requestor transmits a request for a connection.
2. The AP or authenticator receives the request and then generates a random challenge text.
3. The authenticator sends the random challenge text to the client.
4. When the client receives the random challenge text, the client uses a secret key to encrypt
the challenge text.
5. The client returns the encrypted challenge text to the authenticator.
6. When the authenticator receives the encrypted challenge text, it decrypts the challenge text
and then compares the decryption to the original.
The terminology typically used when discussing 802.1X authentication is listed below.
• Port; a single point of connection to the network.
• Extensible Authentication Protocol Over LAN (EAPOL); the 802.1X defined standard for
encapsulating EAP traffic to enable it to be dealt with by the LAN MAC service.
• Extensible Authentication Protocol over Wireless (EAPOW); EAPOL messages which are
encapsulated over 802.11 wireless frames.
• Authentication server; the server that verifies whether the supplicant (see below) is authorized to
access the authenticator
• Port access entity (PAE); controls the protocols and algorithms of the authentication technologies of
the port.
• Authenticator PAE; implements authentication before granting access to resources that exist
beyond the port.
• Supplicant PAE; accesses the resources which are permitted by the authenticator.
The process that occurs when a client attempts to connect to a wireless network that uses the 802.1X
authentication is explained next:
1. The client attempts to connect to the SSID of the wireless access point (WAP).
2. The client has to authenticate to the WAP if shared network authentication is enabled. The network
key is used to authenticate the client.
3. The WAP sends an authentication challenge to the client.
4. The WAP next creates a channel to enable the client to communicate directly with the RADIUS
service.
5. When the client initially interacts with the RADIUS server, it first needs to verify that the RADIUS
server is in fact who it is. To verify the identity the RADIUS server, the client checks the public key
certificate of the RADIUS server.
6. Once the client has verified the identity the RADIUS server, the client has to use 802.1X
authentication to authenticate to the RADIUS service.
7. If the RADIUS service and the client are set up to use EAP-TLS authentication, public key
certificates are used to authenticate the client to the RADIUS service.
8. If the RADIUS service and the client are set up to use Protected EAP (PEAP) authentication, then
a Transport Layer Security (TLS) session is established between the client and the RADIUS
service. Once the Transport Layer Security (TLS) session is established, the client starts sending
its security credentials to the RADIUS service.
9. When the RADIUS service receives the credentials of the client, it verifies the received credentials
to its directory.
10. Access is granted to the client when the following occurs:
• The RADIUS service is able to authenticate the credentials of the client through its
authentication database.
• The access policy allows the client to establish a connection.
11. At this stage, the RADIUS service sends the dynamic shared secret to the WAP, and informs the
WAP that access was granted for the client.
12. The shared secret is used to encrypt and decrypt communication transmitted between the client
and WAP.
Wi-Fi Protected Access (WPA) Overview
Wi-Fi Protected Access (WPA) was developed by the Wi-Fi Alliance to address a few of the weaknesses
of the WEP protocol. WPA can use the identical authentication mechanisms and encryption algorithms
as the WEP protocol. This allows some degree of support for WPA to be added with only a simple
firmware upgrade.
The two encryption methods which can be used with WPA are:
• Temporal Key Integrity Protocol (TKIP): While WEP also uses the TKIP encryption algorithm, the
use of TKIP is improved on by WPA. When WPA and TKIP are used, TKIP generates a unique
encryption key for each frame. With WPA, initialization vectors (IVs) are less regularly used which
makes it harder for an intruder to break encryption.
• Advanced Encryption System (AES): The Advanced Encryption System encryption algorithm is
more secure than the TKIP encryption algorithm. The downfall of the AES encryption algorithm is
that you have to upgrade your hardware to support the algorithm.
The primary benefits of using WPA encryption are summarized below:
• WPA provides better security than what WEP does.
• WPA uses a unique encryption key for every packet that is transmitted.
The main disadvantages of WPA encryption are summarized below:
• Some wireless network hardware does not support WPA. WEP on the other hand is generally
supported.
• Windows 2000 and all prior versions do not include integrated support for WPA.
• You have to manually configure WPA on Windows XP clients.
16. The New Preferred Setting Properties dialog box opens. This is the where the following elements
are configured:
• The default SSID for the organization.
• Enable/disable WEP.
• Enable/disable Shared mode authentication.
• Specify whether the WEP key is provided automatically.
• Disable Infrastructure mode.
17. The settings typically configured on the Network Properties tab of the New Preferred Setting
Properties dialog box are:
• The Data Encryption (WEP enabled) checkbox is selected.
• The Key Is Provided Automatically checkbox is selected.
• The Network Authentication checkbox is left at its default setting of not selected.
18. Click the IEEE 802.1X tab on the New Preferred Setting Properties dialog box.
19. Click the Enable Network Access Control Using IEEE 802.1X checkbox to select this configuration
setting.
20. In the EAP Type list, select the setting that matches to the setting configured on the IAS server:
• Smart Card Or Other Certificate
• Protected EAP
21. Select the Authenticate As Computer When Computer Information Is Available checkbox if you
want to administer the computer when users are not logged on.
22. If you want to configure the EAP type, click Settings.
23. Use the dialog box to further define the EAP type that you have selected. Click OK.
24. Click OK to close the New Preferred Setting Properties dialog box.