Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures (IEEE 802.11 Wireless Networks) James Burrell Research project submission for the partial fulfillment of the requirements for the degree of Master of Science in Telecommunications Advisor Dr. Jeremy Allnutt Director, M.S. Telecom Program George Mason University School of Information Technology & Engineering December 2002
41
Embed
Wireless Local Area Networking (WLAN) Security …telecom.gmu.edu/.../files/publications/Jim-Burrell-December-2002.pdf · Wireless Local Area Networking (WLAN) Security Assessment
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures
(IEEE 802.11 Wireless Networks)
James Burrell
Research project submission for the partial fulfillment of the requirements for the degree ofMaster of Science in Telecommunications
Advisor
Dr. Jeremy AllnuttDirector, M.S. Telecom ProgramGeorge Mason UniversitySchool of Information Technology & Engineering
December 2002
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Introduction To WLAN Technology
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Introduction
Wireless networking technologies offers many advantages over traditional wired (or physical) network connectivity, to include:
!Mobility support
!Rapid deployment of network resources
!Flexible implementation
!Scalability
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Basic WLAN Components
Wireless Network Interface Card(PCMCIA)
Wireless Access Point
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Spectrum Allocation
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Spectrum AllocationISM FREQUNCY BANDS
Frequency (Lower Limit) Frequency (Upper Limit) Total Bandwidth
902 MHz 928 MHz 26 MHz
2.4 GHz 2.4835 GHz 83.5 MHz
5.725 GHz 5.850 GHz 125 MHz
Industrial, Scientific, and Medical (ISM) Frequency Allocations (Source: Bruce)
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Standards
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Standards802.11b HomeRF IrDA 802.11a 802.11g Bluetooth
Max Speed 11Mbps 10Mbps 4Mbps 54Mbps 54Mbps 1 Mbps
Frequency 2.4GHz 2.4 GHz Light waves 5GHz 2.4GHz 2.4 GHz
Indoor Range
150-300 feet 150 feet 1 meter 150-300
feet150-300
feet 30 feet
Application WLAN WLAN Device
Beaming WLAN WLANPersonal
Area Network
Wireless Networking Standards and Specifications (Source: Anderson)
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Transmission Technologies
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WLAN Transmission Technologies
• Spread Spectrum
• Narrowbeam Microwave
• Infrared
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Denial of Service *************!Implement measures to secure against unauthorized access
Insider Threat *********************!Background investigations!Require change of encryption key upon employee termination/dismissal
Compromised Devices*********************
!Security awareness!Reporting requirement for lost or stolen devices!Require change of encryption key if compromise is suspected
Illicit Access Point Deployment *********************!Limit physical access to wired network infrastructure!Conduct routine monitoring for illicit/improperly configured access point
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WEP Authentication / Encryption
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WEP Encryption ProcessPLAINTEXT MESSAGE CRC
ENCRYPTED MESSAGE
GENERATED ENCRYPTION SEQUENCE
IV
LEGENDCRC Cyclic Redundency
CheckIV Initialization Vector
Logical Exclusive-Or (XOR)Operation
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Weaknesses of WEP AlgorithmThe primary issues that have led to the defeating the security provided by WEP, is related to the:
!Implementation of the encryption algorithm
!Relatively short length of the shared encryption key
!IV being transmitted with its associated encrypted message
!Static nature associated with WEP encryption key management
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
WEP Encryption Process
ENCRYPTED MESSAGEIV
Initialization Vector (IV)used to generate the
psuedo-random encryptionsequence is transmittedalong with the encrypted
message
ENCRYPTED MESSAGEIV
Initialization Vector (IV)used to generate the
psuedo-random encryptionsequence is transmittedalong with the encrypted
message
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
RF Signal Limiting
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
SNR Measurements At Selected Distances
(100mW Output Power)
0
10
20
30
40
50
60
10'
20'
100'
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
SNR Measurements For Selected Output Power Levels
0
20
40
60
80
100
120
0 20 40 80 100
Distance (Feet)
SNR
(dB) 100mW
50mW
5mW
1mW
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
RF Interference Source
Figure X.X Microwave Interference Source Effect On WLAN Transmissions(Distance From Wireless Device – 10 Feet)
0
10
20
30
40
50
60
Norma l
Int e rfe re nc e S ourc e
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Maximum Distances For Output Power Levels
0
200
400
600
800
1000
1200
100 50 5 1
Output Pow er (mW)
Dis
tanc
e (F
eet)
IEEE 802.11b2.4 GHz Wireless Access Point
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Firewall / Intrusion Detection System / VPN Integration
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Firewall Integration Into A Wireless Network Segment
PDA
LANSwitch
Laptop
Wireless AccessPoint
Wireless Network SegmentFirewall
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
IDS Integration Into A Wireless Network Segment
PDA
LANSwitch
Laptop
Wireless AccessPoint
Wireless Network SegmentFirewall
Intrusion DetectionSystem
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
VPN Integration Into A Wireless Network Segment
PDA
LANSwitch
Laptop
Wireless AccessPoint
Wireless Network SegmentVPN
Gateway
VPN / IPSec Tunnel
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Emerging Security Technology and Standards
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Emerging Security Technology and Standards
•IEEE 802.11e - Quality of Service (QoS)
•IEEE 802.11g - 54 Mbps over 2.4 GHz band
•IEEE 802.11h – Spectrum Manager 802.11a
•IEEE 802.11i - Enhanced security
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Summary / Conclusion
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Summary! The optimal security solution for WLANs involves a
combination of security technologies
! A detailed threat risk assessment and analysis is essential to determine which security measures, or combination of measures are the most effective
! The implementation of preventive and protective end-to-end security measures, such as firewalls, intrusion detection, and VPN technologies, provides the most secure and effective defense against the threats associated with the transmission of data over an insecure wireless medium
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Summary
! Requires implementation of policy requirements to ensure the effectiveness of security solutions
! Training information will emphasize the importance of security to network users
Wireless Local Area Network (WLAN) Network Security Assessment And Countermeasures
Conclusion
• A combination of security measures will further increase the security offered by WLAN technologies
• Increased security will support new WLAN applications
• Emerging security technology will reduce the increasing security threats associated with providing wireless network connectivity