540 likes | 740 Vues
Internet Security Principle Wireless LAN/WAN Protection. Group Member. Jia-Wei Tsay Taesun(Andy) Park . Contents. Introduction Applications Technologies Threats Recent security mechanism Protection solutions Conclusion Reference. Introduction. Abstract What is the wireless LAN
E N D
Group Member • Jia-Wei Tsay • Taesun(Andy) Park
Contents • Introduction • Applications • Technologies • Threats • Recent security mechanism • Protection solutions • Conclusion • Reference
Introduction • Abstract • What is the wireless LAN • What is the wireless WAN • The importance of wireless LAN/WAN protection
Abstract • Wireless LAN/WAN are becoming a respectable alternative in indoor communications. It offers flexibility and mobility in networking environments, as the user is not bound to a certain workplace anymore • Wireless technology allows the network to go where wire cannot go. Mobile workforce who require real time access to data benefit from wireless LAN/WAN connectivity since they can access it almost any time any place. Wireless LAN/WAN are also ideal for providing mobility in home and hot spot environments
Abstract(cont) • Unfortunately, disgruntled employees, hackers, viruses, industrial espionage, and other forms of destruction are not uncommon in today's Networks • This project addresses the vulnerabilities and the security to the wireless LAN/WAN
What is the wireless LAN • A wireless LAN (WLAN) is a flexible data communication system implemented as an extension to, or as an alternative for, a wired LAN within a building or campus. Using electromagnetic waves, WLANs transmit and receive data over the air, minimizing the need for wired connections. Thus, WLANs combine data connectivity with user mobility, and, through simplified configuration, enable movable LANs
What is the wireless LAN(cont) • A wireless local area network (WLAN) is a flexible data communication system using radio frequency (RF) technology to transmit and receive data over the air. It can be integrated with existing campus network seamlessly and easily so that we can enjoy network computing without looking for a physical network port • wireless LAN is a collection of two or more devices connected via an open air medium in order to share data
What is the wireless WAN • Wireless WANs, which can bridge branch offices of a company, cover a much more extensive area than wireless LANs. Unlike WLANs, which offer limited user mobility and instead are generally used to enable the mobility of the entire network, WWANs facilitate connectivity for mobile users such as the traveling businessman. In general, WWANs allow users to maintain access to work-related applications and information while away from their office.
What is the wireless WAN (cont) • In wireless WANs, communication occurs predominantly through the use of radio signals over analog, digital cellular, or PCS networks, although signal transmission through microwaves and other electromagnetic waves is also possible. Today, most wireless data communication takes place across 2G cellular systems such as TDMA, CDMA, PDC, and GSM, or through packet-data technology over old analog systems such as CDPD overlay on AMPS.
What is the wireless WAN (cont) • Although traditional analog networks, having been designed for voice rather than data transfer, have some inherent problems, some 2G (second generation) and new 3G (third generation) digital cellular networks are fully integrated for data/voice transmission. With the advent of 3G networks, transfer speeds should also increase greatly.
The importance of wireless LAN/WAN protection • Securityis an important aspect in wireless LAN/WAN since it is hard to restrict access to network resources physically, which can be made with wired LAN/WAN by physical access control in the premises
Application • Doctors and nurses in hospitals are more productive because hand-held or notebook computers with wireless LAN capability deliver patient information instantly. • Consulting or accounting audit engagement teams or small workgroups increase productivity with quick network setup. • Network managers in dynamic environments minimize the overhead of moves, adds, and changes with wireless LANs, thereby reducing the cost of LAN ownership.
Application(cont) • Training sites at corporations and students at universitiesuse wireless connectivity to facilitate access to information, information exchanges, and learning. • Network managers installing networked computers in older buildings find that wireless LANs are a cost-effective network infrastructure solution. • Retail store owners use wireless networks to simply frequent network reconfiguration.
Application(cont) • Trade show and branch office workersminimize setup requirements by installing preconfigured wireless LANs needing no local MIS support. • Warehouse workers use wireless LANs to exchange information with central databases and increase their productivity. • Network managers implement wireless LANs to provide backup for mission-critical applications running on wired networks. • Senior executives in conference rooms make quicker decisions because they have real-time information at their fingertips.
LAN/WAN Technologies • WAP • Bluetooth • AMPS • TDMA • CDMA • GSM • G3 IMT-2000 International Mobile • GPRS • LMDS • 100BaseRadio
WAP • WAP stands for Wireless Application Protocol • WAP is an application communication protocol • WAP is used to access services and information • WAP is inherited from Internet standards • WAP is for handheld devices such as mobile phones • WAP is a protocol designed for micro browsers • WAP enables the creating of web applications for mobile devices. • WAP uses the mark-up language WML
WAP(cont) • The WAP standard is based on Internet standards (HTML, XML and TCP/IP). It consists of a WML language specification, a WMLScript specification, and a Wireless Telephony Application Interface (WTAI) specification. • WAP is published by the WAP Forum, founded in 1997 by Ericsson, Motorola, Nokia, and Unwired Planet
Bluetooth • Bluetooth technology is a forthcoming wireless personal area networking (WPAN) technology that has gained significant industry support and will coexist with most wireless LAN solutions. The Bluetooth specification is for a 1 Mbps, small form-factor, low-cost radio solution that can provide links between mobile phones, mobile computers and other portable handheld devices and connectivity to the internet.
Bluetooth(cont) • This technology, embedded in a wide range of devices to enable simple, spontaneous wireless connectivity is a complement to wireless LANs — which are designed to provide continuous connectivity via standard wired LAN features and functionality
Wireless WAN (Summary) • 1G – First generation (Analog voice)AMPS • - Advanced Mobile Phone Service • 2G – Second Generation (Digital voice and messages) • - TDMA - Time Division Multiple Access (D-AMPS, NA-TDMA, IS-54, IS-136) • - CDMA - Code Division Multiple Access (CDMA-One, IS-95a) GSM - Global System for Mobile communication • 2.5G • - EDGE – Enhanced Data rate for Global Evolution • - GPRS – General Packet Radio Service • 3G – Third Generation (Broadband Data and Voice over IP) • - IMT-2000 – backbone of 3G world • - W-CDMA – Wideband CDMA • - Cdma2000 – Broadband CDMA • - LMDS / MMDS – Local Multipoint / Multipoint Microwave Distribution Systems
Wireless WAN (Summary) 2001 2002 2003 2004 Cingular VoiceStream GSM GPRS EDGE W-CDMA TDMA AT&T Wireless iDEN Nextel CDMA-2000 Verizon Wireless Sprint PCS CDMA 1x 3x Easy upgrade 2G 2.5G 3G Upgrade requires new modulation Upgrade requires entire new radio system
Wireless WAN • Cellular Telephony • - bandwidth: 9.6-14.4 Kbps (2G); 28.2-128 Kbps (2.5G); 200-2000 Kbps (3G) • - standards: GSM, CDMA, TDMA, GPRS common use: national coverage • Paging • - bandwidth: 9.6 Kbps standard: CDPD common use: two-way short text messages • Satellite • - bandwidth: 400-1500 Kbps (downlink); 256 Kbps (uplink)
AMPS - Advanced Mobile Phone Service • -First generation wireless tech • - analog cellular phone system (in USA and South Africa) • - uses FDMA - Frequency Division Multiple Access – • - (800-900)MHz frequency Spectrum Subdivided into 25 KHz Channels(4000 channels) • - one subscriber at a time to each channel (no sharing) • - the system based on fixed cells (geographic zones) • - 3 components: cellular phone, base station, MTSO - Mobile Telephone Switching Office
TDMA - Time Division Multiple Access (2G) • operate at 800 MHz (806-902 MHz; digital cellular system) or 1900 MHz (1850-1990 MHz; PCS - Personal Communication Service) • 1900 MHz system requires more cells than 800 MHz system • 30-KHz radio channels are divided into 6 time slots ( a fraction of the second). Each time slot is assigned among 8 subscribers • referred to as D-AMPS - Digital AMPS NA-TDMA- North America TDMA IS-54 - the first implementation of TDMA IS-136 - next generation TDMA (transmission up to 43.2 Kbps) • http://www.uwcc.org/ TDMA
CDMA - Code Division Multiple Access (2G) • operate at 800 MHz (digital cellular system) and 1900 MHz (PCS) frequency bands • 10-20 times the capacity of analog AMPS 4- 6 times the capacity of TDMA; up to 384 Kbps • referred to as IS-95 CDMA (or CDMA One) standard by TIA • CDMA assigns digital codes to activate subscribes ; CDMA divides the radio spectrum into channels that are 1.25 MHz wide • Lack of international roaming capabilities • there are 2 competing standards: cdma2000 • - American implementation, backward compatible with GSM and other second-generation wireless systems • - W-(for Wideband)-CDMA developed by European Telecommunications Standards Institute; Incompatible with existing CDMA or GSM infrastructure • http://www.3gpp.org/ CDMA
GSM - Global System for Mobile communication (2G) • European version of TDMA, very popular in Europe • support for "Short message service" (short test messages) • operates at 900 MHz and 1800 MHz (Europe); 1900 MHz in USA as PCS • very popular in Europe, Asia, India, Africa combination of FDMA and TDMA: FDMA divides the 25 MHz bandwidth into 124 carrier frequencies of 200 KHz each; each 200 Kbps channel in divided into 8 time slots using TDMA • up to 384 Kbps; based on 60 orbiting satellites • international roaming capabilities in more than 170 countries • Vendors: Alcatel, Ericsson, Lucent, Nokia, Nortel
G3 IMT-2000 International Mobile Telecommunication - Year 2000 • project started in 1992 • wireless access through satellite and terrestrial systems packet services: 144 Kbps, 384 Kbps, 2 Mbps • circuit-switched services: 144 Kbps, 284 Kbps, 2Mbps • 3 modes of operation: • - based on CDMA ONE • - IS 95B based on CDMA 2000 • - IXMC, IXTREME, HDR, 3XMC based on TDMA/GSM • - EDGE Global roaming • http://www.itu.int/imt2000/
GPRS, LMDS, 100 BaseRadio • GPRS – General Packet Radio Service (2.5 G) • - packet switched intermediate step to transport high-speed data efficiently over GSM- and TDMA-based networks • - GPRS uses 8 time slots in the 200 KHz channel and can support IP-based packet data speeds between 14.4 Kbps and 115 Kbps • LMDS - Local Multi-point Distribution Service • - not popular yet, terrestrial broadband wireless tech. - - versions: 24, 28, 31,38,40 GHz • - 1 Mbps - 45 Mbps • - operates at very high frequences • 100BaseRadio • - operates at 5.2 GHz, 5.3 GHz and 5.775 GHz • - the standard complies with IEEE802.3, 802.1d, VLANs
Wireless WAN (Summary) • 1G – First generation (Analog voice)AMPS • - Advanced Mobile Phone Service • 2G – Second Generation (Digital voice and messages) • - TDMA - Time Division Multiple Access (D-AMPS, NA-TDMA, IS-54, IS-136) • - CDMA - Code Division Multiple Access (CDMA-One, IS-95a) GSM - Global System for Mobile communication • 2.5G • - EDGE – Enhanced Data rate for Global Evolution • - GPRS – General Packet Radio Service • 3G – Third Generation (Broadband Data and Voice over IP) • - IMT-2000 – backbone of 3G world • - W-CDMA – Wideband CDMA • - Cdma2000 – Broadband CDMA • - LMDS / MMDS – Local Multipoint / Multipoint Microwave Distribution Systems
Wireless WAN (Summary) 2001 2002 2003 2004 Cingular VoiceStream GSM GPRS EDGE W-CDMA TDMA AT&T Wireless iDEN Nextel CDMA-2000 Verizon Wireless Sprint PCS CDMA 1x 3x Easy upgrade 2G 2.5G 3G Upgrade requires new modulation Upgrade requires entire new radio system
Threats • Inherent flaws • Hackers • Distribution file and quality of password • Interception • Masquerading • denial-of-service attack • transitive trust attack
Inherent flaws • Attacks from within the networks user community • Unauthorized access to network resources via the wireless hardware typically high capability receiver • Eavesdropping on the wireless signaling from outside the company or work group • In a wireless LAN cannot be physically restricted. Any registered user of the network can access data that he has no business accessing. Disgruntled current and ex-employees have been known to read, distribute, and even alter, valuable company data files.
Hackers • Remote access products allows people to dial in for their email, remote offices connected via dial-up lines, on-site Web sites, and "Extranets" that connect vendors and customers to own network which can make network vulnerable to hackers
Distribution file and quality of password • On the other hand, the user needs to have the file distributed when he wants to access the Intranet. Typically, this distribution file would reside on the hard disk of the user's personal laptop. The quality of the password that opens access to the keys in the file, is essential to the whole security of the system: if a malicious user finds out the password and gains access to the distribution file, she can log on to the server and thus create a tunnel to the intranet
Interception • A kind of identity interception, in which the identity of a communicating party is observed for a later misuse, or data interception in which an unauthorized user is observing the user data during a communication
Masquerading • Masquerading takes place when an attacker pretends to be an authorized user in order to gain access to information or to a system
DOS attack • A denial-of-service attack could be launched against a wireless LAN by deliberately causing interference in the same frequency band the wireless LAN operates • Due the nature of the radio transmission the wireless LANs are very vulnerable against denial of service attacks • If attacker has powerful enough transceiver, he can easily generate such radio interference that our wireless LAN is unable to communicate using radio path
Transitive trust attack • If the attacker can fool wireless LAN to trust the mobile he controls, then there is one hostile network node inside all firewalls of enterprise network and it is very difficult to prevent any hostile actions after that • fooling the mobile to trust the base controlled by attacker as our base
Recent security mechanism • Service Set ID (SSID) • Wired Equivalent Privacy (WEP) • Wireless Transport Layer Security (WTLS)
SSID • Service Set ID (SSID) is a network name. This name is sometimes considered secret • An access point can be configured either to allow any client to connect to it or to require that a client specifically must request the access point by name. Even though this was not meant primarily as a security feature, setting the access point to require the SSID can let the ID act as a password.
WEP • Wireless LANs using the IEEE 802.11b standard have been growing rapidly over the past two years • WEP is the optional security mechanism defined within the 802.11 standard designed to make the link integrity of the wireless medium equal to that of a cable • A WEP is based on protecting the transmitted data over the RF medium using a 64-bit or 128-bit seed key and the RC4 encryption algorithm
WTLS • WAP uses WTLS as the security mechanism • WAP uses WTLS which is a wireless relative of the more common SSL mechanism used by all major web browsers. WTLS resembles SSL in that both rely on certificates on the client and server to verify the identity of the participants involved. • While SSL implementations generally rely on RSA encryption, WTLS supports RSA, Diffie-Hellman, and Elliptic Curve encryption. WTLS doesn't provide for end-to-end security due to WAP's current architecture and limitations of server-side Transport Layer Security (SSL)
Problems • The SSID can typically be found by "sniffing" the network. Therefore this lends very little to securing a network • WEP, when enabled, only protects the data packet information and does not protect the physical layer header so that other stations on the network can listen to the control data needed to manage the network • WEP can be cracked by simply modifying several device driver settings on your wireless LAN-equipped mobile device
Problems(cont) • Weaknesses in the Key Scheduling Algorithm of RC4 which would allow an intruder to pose as a legitimate user of the network in WEP • Wireless network Wi-fi used by American Airlines, Starbucks and several hotel chains having no encryption at all, so almost everything sent from a customer's laptop can be picked up by a nearby hacker
Protection solutions • Use higher-level security mechanisms such as IPsec and SSH for security, instead of relying on WEP. • Treat all systems that are connected via 802.11 as external. Place all access points outside the firewall • users should augment the protocol with extra layers of security, such as a VPN (virtual private network) or a firewall
Protection solutions(cont) • Cisco is going to release in the up coming year x.509 certificate authentication. So each person will be required to unlock their x.509 certificate with a password and then present their certificate over an encrypted channel before they are allowed access to the network. Early indications from Cisco are that there will be some sort of session key based on this certificate. So even if you have the keys for the 128 bit encryption you will still not be able to understand or "sniff" the traffic without a session key produced when the individual is authenticated
Protection solutions(cont) • do not use the default key — change the key immediately and change it regularly; don't tell anyone the key, ever; and conduct WLAN audits regularly to ensure there are no rogue WLAN connections • The WAP Forum has addressed this issue in WAP 2.0, offering end-to-end security • You should now have an operating RADIUS server and access points that deny access to unauthorized users. Spoofing IP addresses won't work -- MAC addresses that don't successfully authenticate are not allowed to pass through the access point. Your wireless network is now secured against hackers
Conclusion • The only applications that should be developed for a wireless environment are those that are not mission-critical or that are protected with firewalls, token devices for authentication, encryption, and Intrusion Detection Systems • Despite proponents' claims to the contrary, wireless data technologies still possess a level of insecurity, particularly if custom security measures (such as encryption) are not put in place by the enterprise or application developer
Conclusion(cont) • These are among the security enhancements that are being proposed by Cisco, Microsoft, Intel and others to the 802.11 standards committee for stronger security capabilities in the standard • Only when these products and technologies are proven to be secure from end to end will mobile commerce begin to take off.