Wireless Home Network Security Model Overview

By: Paul Brown

When it comes to wireless networks probably the most overlooked as far as security is concerns is that of a home users
wireless network. More often than not a user opts to install a wireless router or access point just for convenience not
thinking anything of security. The average user of home wireless network does not know what an SSID is or the difference
between WEP and WPA. With that being said I would like to analyze my own personal network in terms of wireless
security. While I have previous experience with wireless technology I can tell you that even my network is not as secure as
it could be.

Before we start talking about how the network is setup and what can be changed I think it would first be wise to cover some
of the basics of wireless technology and security. Wireless technology takes advantage of radio frequencies (RF) between
2,412MHz and 2462MHz and depending on the hardware used can be transmitted up approximately 150ft (indoor) to 300ft
(outdoor) . What this means for a user is that anyone within that distance will be able to access the wireless signal.

This brings us to the next point which is how to stop those that are close enough from purposefully or accidentally
associating with your wireless network. At first there was only one method which was referred to as “Wired Equivalency
Protection”(WEP). WEP allowed a user to enter a pass phrase which could be used to generate a pre-shared key(PSK)
which could be shared amongst all of the users of the network. The key would be either 64bits (10 characters or 128 bits (26
characters). After WEP was implemented it was found to have many flaws and a new version of security was developed
called “Wi-fi Protected Access” (WPA). This version uses a technology called “Temporal Key Integrity Protocol” (TKIP)
which mixes up the key and also checks its integrity. Lastly an amendment was made to WPA called WPA2 which
incorporated the ability to use “Advanced Encryption Standard” (AES). One final method of security is that of a Remote
Authentication Dial In User Service (RADIUS). RADIUS uses “Authentication, Authorization and Accounting” (AAA) on
a dedicated machine for the sole purpose of keeping the network and its devices secure.

Now that we have a slight understanding of wireless and the different security methods we can begin to analyze my
network. Currently my network consists of a Linksys 802.11g wireless router, three laptops (2 with built in wireless and 1
with a PCMCIA card) and one desktop that is connected the switch on the Linksys with Ethernet cable. By default on the
Linksys there is no security set. The access point (AP) is set up with a default SSID or network name of "linksys" and the
user-name and password both set to "admin". This information can be found just about anywhere on the internet. One quick
Google search and you will find Linksys's site with all of the information in thier tech support pages. To some they might
not think much of it but for an attacker that means that if there is a "linksys" wireless network visible to them the default
pasword may still be the same as well, granting them full access to the network. Once an attacker is on the network they
have access to the wireless device and any other devices associated with it. The attacker will also be able to sniff the
network for the purpose of collecting a users private information such as names, addresses or even credit card numbers. So
the first step here would be to change the SSID to something other than "linksys". The next step is to disable broadcasting of
the SSID. The reason why you would not want the SSID broadcast is that if an attacker knows an SSID they have half the
information to associate with the network; the password is only a few more key strokes away.

So now that we have the SSID changed and hidden from plain sight we need to look at authentication. In this case the
authentication is the password that is used. This goes back to what we discussed earlier about WEP and WPA. Depending
on the method that you choose depends on the password and its ability to protect your network. With either WEP or WPA in
a residential setting you will likely use a pre-shared key(PSK) to make access easier when adding or removing devices to
the network especially if a relative might stop by and need to use the internet. At this point we could dive deep into how tha
algorithms work that are used for each method, but I think that is a little beyond the scope of this writing. For now all that
we need to know is that because of the algorithm used for WEP it makes no real difference if you use 64bit or 128 bit keys,
WPA uses Temporal Key Integrity Protocol (TKIP) and WPA2 uses Advanced Encryption Standard (AES). Just by seeing
the last statement it seems fairly easy to understand that as the protocols were updated the encryption has improved meaning
that WEP is on the low end and WPA2 is on top. Currently not all hardware supports WPA2 however it is now part of the
"Wi-fi Alliances" stamp of approval meaning that if a vendor wants a product certified it must have at least WPA2. WPA2
is also backwards compatible with TKIP used by the original WPA which makes it fairly easy to integrate. On my network
asside from having a custom SSID which is not broadcast I utilize "WPA2 TKIP+AES". Now to most people they might
assume that these two work together somehow to double encrypt the data, false; it actually allows the system to choose the
best suitable encryption depending on the end device. Currently all three of my laptops are able to utilize the AES option
which is good for me and bad for an attacker. As for the desktop there it cannot get much more secure since it is directly
connected.

At this point we can see that my network is set up with a custom hidden SSID and "WPA2 TKIP+AES" for most
applications this is fairly secure. As I stated before I have some experience when it comes to cracking wireless networks and
it is fairly complicate to capture the data needed when it is encrypted. Not to mention the only chance you have of crackcing
a WPA secured network is when a user authenticates with the AP which happens very quickly and since home network
useres dont disconnect and reconnect continuously it can be a pretty good challenge.

So now your probably wondering about the statement I made earlier about my network not being as secure as it could be.
Well one other option that I would have is to use the RADIUS server as I mentioned also. Remember the RADIUS server
not only handles authenticaton but authorization and accounting as well. What this means to us is that even if an attacker
authenticates with the network all activity will be accounted for and they will only be authorized with the priviledges
assigned to the account they are using. How exactly does the server know which account to use though. Well each computer
that connects needs to have client software installed that talks directly to the RADIUS server, through which they login with
a username and password assigned to each individual user. This definitely would make it hard on an attacker, and even if
they do get on to the network like I said it is accounted for and if done properly could be used as evidence against them if
caught.

Now the big question, what would it take to improve my network? We have already verified that the next solution
would be to use a RADIUS server, while not practical for home use it is still an option if privacy and security is a big
concern. When it comes to a RADIUS server we could go about this two way first is to use an open source solution which
would cost the price of a dedicated PC, and the electricity that it would use, that I could install software such as
"FreeRADIUS" on which is available free. The second option if I really wanted to get crazy is to pay for a third party
vendor to supply it for me. Just to show how important this type of authentication I will tel you that companies such as
Juniper Networks offers RADIUS servers between $4,000 and $26,000. I think that is a little pricey just to keep my photos
safe. The other issue of setting up a server of this sort is that it is time consuming to manage. First you have to setup the
hardware and install the software and then you have to set up accounts for each user. This means every admins nightmare
comes true whent he users come runing back saying that something wont work because of security restrictions. Now you
have to try to fine tune everyones access to an ever changing environment.

When comparing mine to the security model reference by Mark Ciampa's text book titled "Security+ Guide To Network
Security Fundamentals" (3rd Ed.) is appears that my network is about as secure as it needs to be for my situation. At the end
of the paper are the security models in which he referres to.

Resources:

Wikipedia List of RADIUS servers.

http://en.wikipedia.org/wiki/List_of_RADIUS_servers

"Security+ Guide To Network Security Fundamentals" (3rd Ed.)

Written By: Mark Ciampa

Security Uncorked

http://securityuncorked.com/2008/08/wep-sucks-so-why-are-you-using-it/