- By Michael Gregg
- Objective 1.1: Explain the security function and purpose of network devices and technologies
- Objective 1.2: Apply and implement secure network administration principles
- Objective 1.3: Distinguish and differentiate network design elements and compounds
- Objective 1.4: Implement and use common protocols
- Objective 1.5: Identify commonly used default network ports
- Objective 1.6: Implement wireless networks in a secure manner
Objective 1.6: Implement wireless networks in a secure manner
In this exam Objective, you might be tested on how to implement wireless in a secure manner. Wireless is an important topic because it is all around us. Organizations and individuals use it at home, work, and when traveling. Therefore, securing it is of the utmost importance.
Exam need to know…
Describe common wireless LAN vulnerabilities and how you can deal with them
For example: Do you know that unencrypted wireless offers attackers easy access to a network?
WEP was developed to protect wireless connections
For example: Do you know that WEP has been broken?
WPA is an improvement to WEP and is backward compatible
For example: Do you know that WPA was designed to overcome the weakness of WEP?
WPA2 is the newest form of wireless protection, using of a 265-bit key
For example: Do you know that WPA2 is the newest form of wireless protection?
Explain how MAC filtering is used
For example: Do you know that MAC filtering can be used to block or allow devices based on their MAC address?
Wi-Fi Protected Access (WPA) is the successor to WEP. WPA delivers a level of security far beyond that offered by WEP. It was a temporary fix until the new 802.11i amendment was approved. WPA uses Temporal Key Integrity Protocol (TKIP). TKIP scrambles the keys by using a hashing algorithm and adds an integrity-checking feature that verifies that the keys haven’t been tampered with. WPA improves on WEP by increasing the Initialization Vector (IV) from 24 bits to 48. Rollover has also been eliminated, which means that key reuse is less likely to occur. WPA also avoids another weakness of WEP by using a different secret key for each packet. Another improvement in WPA is message integrity. WPA addressed a message integrity check (MIC) that is known as Michael. Michael is designed to detect invalid packers and can even take measures to prevent attacks.
True or false? WPA is a totally secure solution to wireless communication.
Answer: False. WPA is an improvement to WEP, but it is not fully secure. It uses TKIP and employs a secret passphrase.
In 2004, the IEEE approved the next upgrade to wireless security: WPA2. It is officially known as 802.11.i. This wireless security standard makes use of the Advanced Encryption Standard (AES) and Cipher Block Chaining Message Authentication Code Protocol (CCMP). Key sizes of up to 256 bits are now available, which is a vast improvement from the original 40-bit encryption that WEP used.
True or false? 802.11.x and WPA2 are indeed different names for the same protocol.
Answer: False. 802.11.i and WPA2 are different names for the same protocol. 802.11.x is a standard for port-based authentication.
The original security mechanism for wireless networks was Wired Equivalent Privacy (WEP). This protocol was developed to address the basic security issues of a wireless network and provide at least the same level of protection as that offered by a wired network. WEP is based on the RC4 symmetric encryption standard and uses either a 64-bit or 128-bit key. WEP makes use of a 24-bit IV to provide randomness. So, the “real key” is actually 40 or 104 bits long. There are two ways to implement the key. First, there is the default key method, which shares a set of up to four default keys with all of the wireless APs. Second is the key mapping method, which sets up a key-mapping relationship for each wireless station with another individual station. This method offers slightly more security, but it entails more work. Consequently, most WLANs use a single shared key on all stations, which makes it easier for a hacker to recover the key. WEP was cracked almost as soon as it was released; in fact, it can be easily cracked in less than five minutes. Luckily, there are replacements to WEP, such as WPA and WPA2.
True or false? WEP uses an asymmetric algorithm.
Answer: False. WEP uses RC4, which is a symmetric algorithm.
True or false? In WEP, RC4 was weakened by using 20 bits for an IV.
Answer: False. RC4 was weakened, but the IV is 24 bits. This reduced the key size to either 40 or 104 bits.
Extensible Authentication Protocol (EAP) is an authentication framework that is used in wireless networks. EAP defines message formats and then leaves it up to the protocol to define a way to encapsulate EAP messages within that protocol’s message. There are many different EAP formats in use, including EAP-TLS, EAP-PSK, and EAP-MD5.
True or false? EAP is a specific authentication mechanism.
Answer: False. EAP is not a specific mechanism of authentication; rather, it is an authentication framework.
Protected Extensible Authentication Protocol (PEAP) encapsulates EAP within a secure tunnel. The purpose for this was to correct deficiencies in EAP. PEAP provides authentication and encryption. PEAP was jointly developed by Microsoft, RSA Security, and Cisco Systems. PEAP makes use of TLS and corrected the security issue of unencrypted EAP communications.
True or false? PEAP was developed as a Microsoft-specific solution.
Answer: False. PEAP was developed by Microsoft, Cisco Systems, RSA Security, and others as an open standard. PEAP tunnels traffic by using TLS.
Lightweight Extensible Authentication Protocol (LEAP) provides user name/password–based authentication between a wireless client and a RADIUS server. LEAP is a Cisco alternative to TKIP that was developed to overcome existing vulnerabilities.
LEAP provides security by using a dynamic key delivery. This eliminates static key vulnerabilities. However, LEAP has been found to be vulnerable to certain attacks such as man-in-the-middle attacks and session hijacking. EAP-TLS is seen as an acceptable alternative.
True or false? LEAP was developed to address issues with PEAP.
Answer: False. PEAP was developed to address issues with TKIP. PEAP was created before the 802.11i/WPA2 system was ratified as a standard.
Another potential security measure that might work, depending on the organization, is to limit access to the wireless network to specific network adapters; some switches and wireless access points have the ability to perform media access control (MAC) filtering. MAC filtering uses the MAC address assigned to each network adapter to enable or block access to the network. Probably one of the easiest ways to raise the security of the network is to retire your WEP devices. As discussed earlier in this chapter, no matter what the length of the key, WEP is vulnerable. Moving to WPA makes a big improvement in the security of your wireless network. Be aware, however, that using WEP or WPA will not prevent an attacker from sniffing the MAC addresses, because that information is sent in the clear.
True or false? MAC address filtering can be used to prevent all hackers from gaining access to a wireless network.
Answer: False. MAC address filtering can be used to help prevent hackers or others from accessing your network, but it is not 100 percent secure. MAC addresses can be sniffed and spoofed, allowing an attacker to bypass MAC address filtering.
The service set identifier (SSID) is a 32-character unique identifier that acts as a network name and is used to identify the wireless network to specific devices. All devices attempting to connect to a specific wireless access point must use the same SSID. The SSID is used to differentiate one wireless network from another. Because the SSID can be sniffed, it does not supply any security to the network. Some security professionals set it to a non-broadcast mode; however, disabling the SSID only obscures the network, because the SSID is still needed. It is still discoverable with a wireless packet sniffer.
True or false? An SSID acts as a strong password.
Answer: False. An SSID is more like an identifier than a password. The SSID is broadcast on a regular basis within a special packet known as the beacon frame. This can be disabled to make it more difficult for an attacker to find the wireless network.
Temporal Key Integrity Protocol (TKIP) was designed as a replacement to WEP that doesn’t require a hardware upgrade. TKIP scrambles the keys by using a hashing algorithm and adds an integrity-checking feature that verifies that the keys haven’t been tampered with. TKIP added security to WEP by implementing a key mixing function that combines the secret root key with the initialization. It also implemented a sequence counter to protect against replay attacks and added a 64-bit Message Integrity Check (MIC).
True or false? TKIP was designed as a replacement for WPA.
Answer: False. TKIP was actually designed as a replacement for WEP and was implemented under the WPA standard.
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol designed to replace wireless products that use WEP. CCMP was designed to address the vulnerabilities found in TKIP. It uses AES (Advanced Encryption Standard) with a 128-bit key. CCMP provides data confidentiality, authentication, and access control.
True or false? CCMP uses RC4 and supports a 40 or 104-bit key.
Answer: False. CCMP uses AES with a 128-bit key.
In certain situations, you might find it necessary to alter the placement of an antenna. It might be that clients near the edge of reception sometimes have problems maintaining a connection, or that walls, beams, or supports are blocking wireless signals. The best approach when placing an antenna is to find a central location that is free of physical obstructions. You will also want to place it at a distance from other devices that can cause interference, such as cordless phones and microwave ovens. Even when a site seems suitable, don’t decide on it prematurely. Test the signal strength of various devices before permanently mounting the antenna. You should also consider the signal emanation outside the building.
True or false? Wireless antennas are not affected by reflective or flat metal surfaces.
Answer: False. Wireless antennas are affected by many types of obstructions, including reflective or metal surfaces.
Power level control
With some wireless APs, you can manually adjust the power or allow a user to change antennas. These are typically altered after a site survey has been performed or a determination that power levels are too high or low. For situations in which walls or other barriers are present, the user might want to increase power to deal with these forms of interference. For other situations in which bleed-over is a problem, you might want to decrease the power level to reduce the range of the AP. Regardless of what changes you make, be sure to initially note the settings on the device so that you can easily revert to the default value, if needed.
True or false? Power level controls should always be set to the maximum possible value.
Answer: False. Power level controls should be set high enough to maintain connection with all devices, which might not necessitate maximum power.
Can you answer these questions?
You can find the answers to these questions in the section that follows.
What encryption algorithm is used by WEP?
What protocol was designed as a backward replacement to WEP?
What is the maximum key size in WPA2?
What are three benefits that CCMP provides?
Is EAP an improved wireless messaging format?