Wireless LANs are useful but often incredibly insecure. From poor encryption to improper configuration, the holes can leave your network wide open. Learn how to fix the leaks.

March 09, 2002
URL:http://www.drdobbs.com/lan-sharks/184414522

LAN Sharks

Does wireless networking set your LAN afloat or offer it as bait? Make sure your WLAN keeps the bad guys out

by Paul Sholtz

Wireless networking is quickly becoming one of the most exciting and fastest growing areas of high technology. Streaming video is now available on properly equipped cell phones, 3G networks are finally being rolled out, and the International Telecommunications Union predicts that the number of mobile phones in use worldwide will soon surpass 1 billion.

In fact, wireless networks are becoming so pervasive that you may encounter them in places you might not ordinarily expect to find them. One example is at the airport check-in counter, where wireless LAN (WLAN) technology is increasingly used for bag matching and curbside check-in applications. Yet despite the heightened state of alert following September 11, these systems are still sometimes deployed without adequate security controls in place.

According to reports recently issued by independent security consultants, WLAN systems at the American Airlines terminals at Denver International Airport and San Jose International Airport were operating completely in the clear, without any encryption in place at all. In one instance, the security experts witnessed an intrusion taking place while they were conducting their tests. In another case, the IP address of the curbside terminal was prominently pasted on the computer monitor. Access to a bag-matching system could, in theory, allow an attacker to manipulate flight information to show that luggage belonged to a boarded passenger, when in fact it did not.

These cases illustrate that even in places where you might expect to find exacting attention paid to security concerns, wireless technologies can still slip under the radar and create potential hazards. But that doesn't mean WLAN technologies should be abandoned. There are steps you can take to ensure that your WLAN deployment is as secure as possible.

The Rising Popularity of WLAN Systems

A WLAN is just what it seems like—a network without wires. WLANs use high frequency radio waves rather than wires to communicate and transfer data between nodes on the network. The simplest WLAN configuration is a peer-to-peer arrangement, also known as an ad hoc WLAN (see the "Ad Hoc WLAN Configuration" diagram). Ad hoc WLANs let desktop and laptop computers communicate wirelessly, as long as they're equipped with compatible WLAN adapters and are within range of one another.

Although ad hoc WLANs are certainly convenient, infrastructure WLANs are probably more common. In this case, WLAN technology is used to extend an existing wired LAN and provide cable-free connectivity between users and resources on the wired network segment. Two types of devices are used on an infrastructure LAN: an access point (see "In Depth" sidebar) and a PC (or PCI) adapter card. The access point is connected to a wired Ethernet network using an ordinary RJ-45 cable (see the "Infrastructure WLAN Configuration" diagram). Once attached, the access point acts as a wireless hub, passing data back and forth between the wired network and the wireless clients.

WLANs come in several different flavors. The two most common types are 802.11a and 802.11b. Both standards use the Ethernet transport protocol, making them compatible with higher-level protocols like TCP/IP. Where they differ is in the specifics of their transmission characteristics.

The 802.11b standard is the more common of the two. 802.11b transmitters operate at 2.4GHz and can transfer data at rates up to 11MBps using direct sequence spread spectrum modulation, also known as DS-CDMA. 802.11b networks are ideal if you're deploying a WLAN in a large facility with significant range requirements, for instance a warehouse or department store. Security experts studying WLANs have spent most of their time looking at 802.11b deployments, but many of the security concerns covered in this article are also common to other 802.11-based networks.

802.11a networks aren't as common as 802.11b, but with data transfer rates of up to 54MBps, they offer superior performance for bandwidth-hungry applications. 802.11a networks operate at 5GHz, a higher frequency than 802.11b systems. Unfortunately, that means they're constrained to a significantly smaller spatial range. 802.11a transmitters rarely send data farther than 60 feet, a far cry from the 300 feet that is common with 802.11b transmitters.

802.11a networks are ideal if you need high performance (for instance, if you're deploying voice or video applications over your WLAN), or if the 2.4GHz band is already somewhat crowded. Cell phones, microwave ovens, and Bluetooth devices all operate in the 2.4GHz band and can degrade the performance of an 802.11b WLAN, so operating an 802.11a network in the 5GHz band avoids this interference.

WLANs are becoming increasingly popular in venues where users demand the benefits of location independence and freedom of movement, or in places that can benefit from simplifying their IT infrastructure. Some examples include:

• Applications within the enterprise that require roaming and mobility across a floor, building, campus, or between facilities. This sector has been the largest driver of WLAN growth for the past several years.
• Vertical software applications that involve large amounts of data collection, such as bar codes and industrial automation solutions.
• Small businesses that can benefit from the simplicity and ease-of-use that WLANs offer.
• The residential and home-office markets, which have always been more difficult to wire than businesses.
• The hottest area of growth for WLAN technology over the next few years will probably be in public areas, including airports, hotels, convention centers, and even coffee shops.

In many ways, WLANs are a dream come true. They reduce calls to the company help desk, increase worker productivity, and can lower the total cost of LAN ownership. But WLANs also introduce a host of security risks that must be addressed and controlled before the technology becomes widespread.

The Weaknesses of WEP

The most infamous security problem associated with WLAN systems stems from flaws in a user authentication and data encryption protocol known as Wireless Equivalent Privacy (WEP). WEP was designed to provide security controls for 802.11 WLAN systems, and has two primary goals: to protect the confidentiality and integrity of message transmissions across the wireless network, and to protect access to the network infrastructure by rejecting all non-WEP packets.

WEP encrypts data using a secret, symmetric key that is shared between the communication endpoints (sender and receiver). WEP can be deployed using either a 40-bit or a 128-bit key.

WEP encryption is a two-step process: First, the data frame is checksummed using the CRC-32 algorithm to produce c(M), where M is the original message. M and c(M) are concatenated to create the plaintext P=(M,c(M)). Second, P is encrypted using the RC4 algorithm. RC4 is a stream cipher that requires the use of a keystream to encrypt data. The keystream is a function of an initialization vector (IV) v and the secret, shared key k. The keystream is notated as RC4(v,k). The ciphertext is produced by XORing the plaintext with the keystream. The ciphertext and the initialization vector are transmitted over the radio to the message recipient (see the "WEP Encryption Process" diagram).

Decryption is simply this process in reverse. Because the message recipient has a copy of the same shared, secret key and the initialization vector, she can use it to generate the identical key stream. XORing the key stream with the ciphertext reveals the original plaintext of the message.

In general, stream ciphers like RC4 are vulnerable to several types of attack. If an attacker is able to flip a bit in the ciphertext, then upon decryption, the corresponding bit in the plaintext will be flipped. Also, if an eavesdropper can intercept two ciphertexts encrypted with the same key stream, it's possible to obtain the XOR of the two plaintexts. Knowledge of this XOR enables statistical attacks to recover the plaintexts. Statistical attacks become easier as more ciphertexts that use the same key stream become known. Once one of the plaintexts is known, the others are recovered easily.

The weakness of WEP is the result of how the RC4 encryption algorithm is applied. WEP does have some protections against both types of attack:

• Integrity. To make certain that a packet has not been modified in transit, WEP uses an integrity check (IC) field in the packet.
• Confidentiality. To avoid encrypting two ciphertexts with the same key stream, an initialization vector (IV) is used to augment the shared secret key and to produce a different RC4 key for each packet.

However, both of these measures are implemented incorrectly in WEP, resulting in poor security.

WEP Integrity Vulnerability
WEP uses a CRC-32 checksum to calculate the integrity check field of the packet. However, because CRC-32 is linear, it's possible to compute the bit difference of two CRCs based on the bit difference of the messages over which they are taken. That means that flipping any particular bit in the message results in a deterministic set of bits in the CRC that must be flipped to produce a correct checksum in the modified message. Because bit flipping carries through after the RC4 decryption, this lets an attacker alter an arbitrary number of bits in an encrypted message, and then correctly adjust the checksum so that the resulting message appears to be valid.

WEP Confidentiality Vulnerability
That an attacker would go to such lengths to corrupt the integrity of WEP messages is possible, although somewhat unlikely. However, there is a much more dangerous problem with WEP that results from improperly implemented initialization vectors. The initialization vector is used to augment the shared secret key; thereby, theoretically producing a different RC4 key for each packet. However, the initialization vector used in WEP is only 24 bits long, which almost guarantees reuse of the same key stream. For instance, a busy access point sending 1,500 byte packets at 11MBps will exhaust this space of IVs after:

That's about five hours. Once an attacker recovers two ciphertexts that are encrypted with the same key stream, he or she can perform statistical analysis to recover the plaintext. This problem is much worse when all mobile stations use the same key, because this creates even more chances of an IV collision.

A variety of tools are readily available on the Internet to crack WEP in the manner just described. WEPCrack was the first publicly available code to demonstrate this attack. WEPCrack was released to bugtraq on August 12, 2001. A more well-known and easier to use tool is AirSnort, which was released by Jeremy Bruestle and Blake Hegerle about one week after WEPCrack. AirSnort operates by passively monitoring transmissions, and computing the encryption keys when enough packets have been gathered. AirSnort usually requires about 100MB to 1GB of data to be gathered prior to calculating the encryption keys. Once enough data has been gathered, an intruder can guess encryption keys in under a second.

In December 2001, RSA Security, in collaboration with Hifn, released a patch called Fast Packet Keying (FPK) designed to repair IV collision problems in WEP. Fast Packet Keying avoids IV collision by generating a unique RC4 key for each and every data packet sent over the WLAN. A special two-phase hashing technique guarantees uniqueness. Fast Packet Keying was selected over more traditional hashing techniques because of its ability to rapidly generate secure keys with RC4.

Whether Fast Packet Keying is really a permanent fix for WEP vulnerabilities remains to be seen. However, even if you can fix all of the problems associated with WEP itself, a lot of other security concerns still remain with WLANs.

What Else Can Go Wrong?

Another serious risk is that WLAN signals are prone to being intercepted far outside the facility in which the network resides. Combined with WEP's inherent weakness, the broad reach of WLAN signals outside the enterprise's physical walls has given hackers an entirely new way to compromise corporate networks. Called war driving, hackers can now find and penetrate unprotected WLANs just by driving around with a laptop and an 802.11 Ethernet card. Although most war drivers will probably just freeload off your Internet bandwidth for a short while, the more ominous possibility of data theft, Web site defacement, or virus planting is also present.

War driving is actually a more common and serious threat than it might initially appear. Although 802.11b wireless signals have a limited transmission radius outside of which computers cannot actively participate in the LAN (300 feet for 802.11b), the signal itself can propagate considerably farther (as far as 2,000 feet for 802.11b). War driving aficionados report that they can identify the presence of a WLAN from as far away as six city blocks using a simple omnidirectional antenna alongside their wireless NIC. Once they know where to look, it's often trivial to move in close enough to join the LAN.

Moreover, war driving is a demonstration of how life is getting easier for hackers. The level of sophistication required to compromise a corporate network is still rather high, but spying techniques that once required expensive hardware and custom software now require a $79 network card and some readily available open source code.

Disabling DHCP is one way to make life harder for war drivers. DHCP is an attractive feature to have on a WLAN, especially if you want to let clients roam between access points. However, it also automatically gives hackers who compromise your network a valid IP address. If you use static IP addresses, the intruder must make the additional effort of figuring out the legal range for IP addresses on your network. To make the network even more secure, keep the range of legal IP addresses small.

If roaming between access points is essential, consider a VPN solution. Layering IPSec, SSH, or SSL on top of WLAN transmissions can go a long way toward keeping eavesdroppers off the network. Vendors like SafeNet and Ashley-Laurent make popular VPN clients that help secure laptops for remote access. The same client software can be used to tunnel IPSec over wireless to a VPN gateway located between the access point and the rest of the corporate network. Wireless VPN solutions are also available from Net Motion Wireless, Columbitech, and Ecutel. Alternatively, you could consider an access point with built-in IPSec, like those offered by Colubris Networks.

WLAN Best Security Practices

Perhaps the most frustrating aspect of WLANs is that they can be deployed not just by properly trained IT folks, but by anyone who can plug a CAT5 cable into a hub. According to a recent report by Gartner, 30 percent of all companies with some type of computer network have a WLAN, either official or rogue. The first step in securing WLAN segments is to perform a network audit that identifies all rogue access points, which can then be brought into compliance with established policy or disabled completely. Network monitoring tool vendors like Sniffer Technologies and WildPackets have products that help administrators detect rogue WLAN traffic.

One fundamental security challenge with 802.11b is that it authenticates hardware, not users. Stolen laptops or forged media access control (MAC) addresses can be used to infiltrate the network. To protect against this, apply MAC filters to restrict access to authorized cards. Track inventory to make sure it stays in the hands of authorized employees, and block MAC addresses that belong to lost or stolen cards. You should also lock down access point management interfaces, just as you would on any perimeter device like a router or firewall. Installing anti-virus and personal firewall software on the wireless clients will keep them clean and prevent back-channels from forming.

Another common security risk introduced by WLANs is related to the Service Set Identifier (SSID). The SSID acts like a network identifier for packets sent over the WLAN. Each 802.11 WLAN access point must be assigned an SSID, and WLAN clients use the SSID when they associate with the access point. Clients that don't know the SSID cannot join the WLAN. So one way to thwart hackers is to keep the SSID as "secret" as possible.

Unfortunately, this is often somewhat difficult, as most access points broadcast their SSIDs. If your access point can be configured to suppress SSID broadcasts, take advantage of it. Otherwise, it's a good practice to change the default SSID that ships with the access point, and to change it regularly. You might even consider using password-generating software to derive new SSIDs.

A standard set of industry best practices has yet to emerge for WLAN security. In the meantime, it's a good idea to carefully consider how WLANs will impact your security policy before you deploy them. Defining an effective security policy means crafting a careful balance between risk assessment, cost, and convenience. The right balance is different for every organization.

Paul is the co-founder and CTO of PrivacyRight, a San Francisco, CA—based developer of secure enterprise middleware. You can contact him at [email protected].

Terms of Service | Privacy Statement | Copyright © 2024 UBM Tech, All rights reserved.