You see wire telegraph is a kind of

You see, wire telegraph is a kind of very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is there is no cat. - Albert Einstein

Securing A Wireless 802. 11 b Home Network © 2004 ABACUS

Why wireless? ¨ Low infrastructure costs – no network cable to install or maintain ¨ Flexibility – computers can be added to, or removed from the network at any time ¨ Inexpensive – wireless devices have dropped in price due to Moore’s Law © 2004 ABACUS

Wireless disadvantages ¨ Interference – cordless phones and other devices use same frequency ¨ Range – about 50 - 200 feet from access point ¨ Security – anyone can eavesdrop on an unsecured wireless network © 2004 ABACUS

Wireless history ¨ 1902 – Guglielmo Marconi sends first radio transmission ¨ 1990 – Institute of Electrical and Electronics Engineers (IEEE) forms 802. 11 Working Group to set standards for wireless networking ¨ 1997 – IEEE publishes the first set of 802. 11 standards ¨ 1999 – IEEE publishes standard 802. 11 b © 2004 ABACUS

802. 11 wireless standards Standard 802. 11 Max. Rate Frequency Modulation FHSS 2 Mb/sec 2. 4 GHz DSSS 802. 11 b 11 Mb/sec 2. 4 GHz DSSS 802. 11 a 54 Mb/sec 5 GHz OFDM 54 Mb/sec 2. 4 GHz OFDM DSSS 802. 11 g © 2004 ABACUS

802. 11 (1997) ¨ Slow – 2 Mb/second data rate ¨ Interoperability problems – Implemented two different modulations: • FHSS (Frequency Hopping Spread Spectrum) • DSSS (Direct Sequence Spread Spectrum) – Devices with FHSS couldn’t talk to devices with DSSS and vice versa © 2004 ABACUS

802. 11 b (1999) ¨ Currently most common – Equipment is inexpensive ¨ Faster than 802. 11 – 11 Mb/second vs. 2 Mb/second nominal • Maximum data rate is 5 -6 Mbps due to overhead ¨ No interoperability problems – DSSS modulation only ¨ Security issues – Encryption can be broken © 2004 ABACUS

802. 11 a (1999 - first devices 2001) ¨ Faster than 802. 11 b – 54 Mb/second vs. 11 Mb/second ¨ Uses Orthogonal Frequency Division Multiplexing (OFDM) for modulation ¨ Not compatible with 802. 11 b – Uses 5 GHz frequency band vs. 2. 4 GHz for 802. 11 b – Shorter range than 802. 11 b due to higher frequency © 2004 ABACUS

802. 11 g (2003) ¨ Faster than 802. 11 b – 54 Mb/second vs. 11 Mb/second nominal • Max. realistic data rate about 25 -30 Mbps ¨ Better security than 802. 11 b ¨ Compatible with 802. 11 b – Most devices support OFDM and DSSS – Networks can use 802. 11 b and 802. 11 g equipment together © 2004 ABACUS

More 802. 11 b factoids ¨ First widespread implementation – Apple’s Airport in 1999 ¨ Also called Wi-Fi – Wi-Fi equipment has been certified for interoperability by the Wi-Fi Alliance, a group of wireless equipment manufacturers. • Every manufacturer’s Wi-Fi equipment should work with every other manufacturer’s WI-Fi equipment. © 2004 ABACUS

So what is the difference between a wired LAN (Local Area Network) and a wireless LAN? Aside from the obvious, let’s look at the details. © 2004 ABACUS

Wired LAN ¨ Devices being networked – Include desktop computers, laptop computers, printers, servers, PDAs, video game systems, even TV and stereo systems ¨ Devices for connecting the above – Include network adapters, hubs, switches, routers, gateways and more ¨ Connecting medium – Networking cable; most common is Category 5 or CAT-5 for short © 2004 ABACUS

Simple home wired LAN © 2004 ABACUS

Wireless LAN ¨ Devices being networked (same as for wired) – Include desktop computers, laptop computers, printers, servers, PDAs, video game systems, even TV and stereo systems ¨ Devices for connecting the above – Include wireless adapters, access points, bridges, base stations and more ¨ Connecting medium – Radio waves; per Einstein, there is no CAT-5 © 2004 ABACUS

Simple home wireless LAN © 2004 ABACUS

Securing your home LAN Preventing (or limiting) attacks against your network © 2004 ABACUS

Wired LAN outside attacks ¨ Must come in through Internet Gateway ¨ Attacks workstations and servers on the network ¨ Can be prevented by: – Installing a firewall (hardware and/or software) • This is often done on the Internet gateway – Turning off (or limiting) file-sharing and remote access © 2004 ABACUS

Wired LAN attack blocked by firewall © 2004 ABACUS

Wireless LAN outside attacks ¨ Even if you have a firewall installed on your Internet gateway, a wireless LAN attacker is, effectively, already inside your network – Wireless base station has to signal its existence so clients can connect ¨ Attackers of wireless LANs therefore need to be kept out by other means in addition to firewalls © 2004 ABACUS

Wireless attacker is inside firewall! © 2004 ABACUS

Types of attacks 1. Attack servers and workstations on the LAN 2. Steal information being transmitted over your wireless LAN 3. Steal Internet access through your Internet gateway © 2004 ABACUS

Server and workstation attacks ¨ ¨ ¨ Attacker attempts to steal data from hard drives Attacker attempts to damage the data on the hard drives Attacker plants malicious software to attack other computers – – ¨ Spam servers Denial of service attack software Worms Attacks can be traced to your computer, not his! Handled like attacks on wired LANs – – Firewalls on individual computers Turn off or limit file-sharing © 2004 ABACUS

Attacks to steal data being transmitted over wireless network ¨ Examples: – Personal information contained in e-mails – Copyrighted audio and video files being streamed over your wireless LAN – Financial information being shared between different computers on the network ¨ Prevented by encryption © 2004 ABACUS

Attacks to steal Internet access ¨ ¨ Attacker’s computer joins your network, uses your Internet gateway Attacker could be (for example): – – – ¨ Downloading copyrighted music files Downloading child pornography Performing DOS attacks on other computers Broadcasting spam These can be traced back to your Internet connection Prevented by encryption, closing the network and other tricks © 2004 ABACUS

How easy is it to attack a wireless LAN? ¨ Very easy – All an attacker needs is a laptop computer, a wireless card and some software – A directional antenna will increase the range over which the attacker can access your network • Directional antenna can be made from a Pringles potato chip can! – Attackers drive around with their computers looking for open wireless networks – Practice is called ‘wardriving’ © 2004 ABACUS

“Wardriving? ” ¨ From 1983 movie War Games – ‘Wardialing’ was the practice of using an automatic dialer program to get your modem to locate access numbers for unsecured computers and networks © 2004 ABACUS

There is even ‘warflying’ Open networks found by aircraft flying into San Carlos -- from Ars Technica © 2004 ABACUS

Why is it so easy to invade a wireless LAN? ¨ Ease of setup – Default settings allow even people with limited technical skills to set up and run a basic wireless network ¨ Allows wireless users to use open, public networks (usually for Internet access) – Such as the one at your local Starbucks © 2004 ABACUS

How do you keep attackers out of your home wireless LAN? ¨ Secure the network – Change the service set identifier (SSID) of your base station – Change your base station’s password – Close your network • Shut off your base station’s SSID broadcast – Change your base station’s IP address – Enable encryption (WEP) • Done on your base station and all the other wireless devices in your LAN – Other tricks ¨ Wireless security measures won’t completely protect your LAN, but all will help © 2004 ABACUS

Changing your SSID ¨ To access the LAN you need the service set identifier (SSID) of your base station ¨ Changing the default SSID reduces the chance the attacker will be able to guess it ¨ Like taking your keys when you park your car ¨ Works best with other security measures Each of these is an SSID (except Alviso) © 2004 ABACUS

Change your password ¨ To access the LAN you need the base station’s password ¨ Changing the default password (often ‘admin’ or ‘password’) drastically reduces the chance the attacker will be able get into your network ¨ Like locking your car when you park it © 2004 ABACUS

Close your network ¨ Shut off SSID broadcast ¨ Reduces chances that the attacker can see your network at all – Network beacon signals can still be detected ¨ Like parking your car in a closed garage – If the thief can’t see it, he won’t know that it’s available to steal If your SSID broadcast is off, you won’t even show up on this map © 2004 ABACUS

Change the IP address of your base station and other devices ¨ Changes the address ranges other devices on your network can use – Defaults are typically 192. 168. 0. x or 192. 168. 1. x – Available private address ranges: • 10. 0 - 10. 255 • 172. 16. 0. 0 - 172. 31. 255 • 192. 168. 0. 0 - 192. 168. 255 ¨ Also reduces the odds your neighbor’s wireless LAN will overlap yours ¨ Like using “The Club” in your car – Requires the thief have additional tools to steal your car © 2004 ABACUS

Enable wireless encryption ¨ Encrypt your network traffic (packets) – This has to be done on the base station and all access points, bridges, wireless adapters, etc. • All devices use the same WEP key ¨ WEP (Wireless Encryption Protocol) uses a key to encrypt each packet sent – Key can be generated using a pass phrase or entered directly in hexadecimal • Don’t forget yours; write it down – WEP slows network traffic slightly • Each packet has to be encrypted by sender; decrypted by receiver © 2004 ABACUS

How safe is WEP? ¨ WEP can be broken, but it takes time – How long? • Depends on network traffic volume – High traffic networks transmit lots of packets to analyze • WEP Keys can be broken quickly – Lower traffic networks generate fewer packets • Breaking WEP takes longer • Skilled professionals with custom tools have broken WEP keys in less than a week • Readily available tools, such as Airsnort or WEPCrack, in amateur hands, may take a lot longer © 2004 ABACUS

Increasing WEP security ¨ Use longer encryption keys – 128 -bit/104 -bit instead of 64 -bit/40 -bit • WEP key consists of two parts – A 24 -bit initialization vector (IV) – The user-generated portion (40 bits or 104 bits) – Together these are used to encrypt the packets • Unfortunately WEP sends the IV in clear (unencrypted), so most cracking software can use this as a starting point to break the whole key and read your packets ¨ Change your WEP keys often – This forces attackers to start decryption from scratch © 2004 ABACUS

Problem with longer WEP keys ¨ 128/104 -bit encryption was not part of the original 802. 11 b standard ¨ Different 802. 11 b equipment makers implemented 128 -bit encryption differently ¨ Hence, one maker’s 128 -bit keys may not work on another’s devices – To avoid this buy all your 802. 11 b devices from one manufacturer, if possible © 2004 ABACUS

Why is WEP security so bad? ¨ WEP was designed during a period when strong (i. e. , long-key) encryption systems were subject to export restrictions as weapons! ¨ WEP was intentionally made weak to allow WEP devices to be exported and/or made overseas ¨ Unfortunately, WEP was made too weak © 2004 ABACUS

WEP encryption is like a hidden ‘kill’ switch on your car’s ignition ¨ A car thief may be able to find the switch by tracing the wires, but it will take him time ¨ Similarly, WEP can be cracked, but it will take an attacker time to do so ¨ If it takes too much effort, he may look for an easier target – Easier targets may include retail stores! • Retailers often use wireless networking cash registers to connect to the store computer or the company network • If unencrypted, attackers can steal credit card and authorization numbers from the store’s network traffic © 2004 ABACUS

Other wireless security tricks ¨ Limit number of network users – Set a low limit to the number of users the base station will accept, or – Turn off DHCP (Dynamic Host Configuration Protocol) and assign each device in your network a static IP address ¨ Apply address filtering – Locks out devices from Internet access by either IP or MAC (hardware) address © 2004 ABACUS

Non-802. 11 security for wireless LANs ¨ Use 802. 1 x (Robust Security Network) – Provides additional layer of encryption over 802. 11 – Not all 802. 11 b devices support it – RSN encryption may be breakable ¨ Use a proprietary encryption scheme – Example: Buffalo Technologies’ AOSS – All wireless devices on LAN must be from same manufacturer ¨ Use a virtual private network (VPN) – VPNs use strong encryption – Not supported by all devices © 2004 ABACUS

Virtual Private Networks ¨ May be overkill for a home LAN ¨ VPNs can secure all network traffic, both wired and wireless – VPNs can securely connect computers up to thousands of miles apart over another network (such as the Internet) via a process called ‘tunneling’ – Tunneled VPN traffic can be seen by wireless attackers, but can’t be cracked © 2004 ABACUS

Tunneling and VPNs ¨ Three common VPN tunneling modes – Point-to-Point Tunneling Protocol (PPTP) – Layer Two Tunneling Protocol (L 2 TP) – IP Security (IPSec) ¨ All nodes on the network must use the same tunneling mode – Wireless base station must be: • Special router which supports VPN, or • Server computer w/ wireless adapter running VPN software – Wireless client computers must also have VPN software installed © 2004 ABACUS

Setting up wireless security ¨ Make security changes in all devices (routers, access points, bridges, adapters, etc. ) through a wired link – If you change a device setting through a wireless link, you could lose the connection when you apply the changes – Set up devices in this order: • Base station • Access points • Bridges and adapters – Test each device for connectivity before you install it in its final location © 2004 ABACUS

Wireless security is not perfect ¨ A determined car thief can steal almost any car if he wants it bad enough ¨ However, many simple measures can be taken to make his job harder ¨ If you make it difficult enough, most thieves will pick another target ¨ Wireless LAN security is similar; if you make it difficult enough, attackers will pick other targets © 2004 ABACUS

802. 11 g features ¨ Better security than 802. 11 b – Automatically changes keys ¨ Up to more than 4 times faster than 802. 11 b – Much faster than either DSL or cable broadband; the broadband connection is the bottleneck – Extra speed is only useful for such applications as streaming digital video over your network © 2004 ABACUS

The future of wireless LAN security ¨ 802. 11 i – Supposedly more secure than WEP – Supposedly compatible with older equipment (802. 11 b and 802. 11 g) • This doesn’t mean that 802. 11 b equipment will be able to use 802. 11 i security; it just means that 802. 11 b and 802. 11 i equipment can be used in the same network – Not available yet © 2004 ABACUS

To return to ABACUS September 2004 Links Page >>>Click here<<<