Chapter Contents

Wi-Fi Security
Requirements
Authentication
User Authentication
Server Authentication
Privacy
Wired Equivalent Privacy
WEP Security Issues
Lost Hardware
Flawed Cryptography
Dynamic WEP Keys
Wi-Fi Protected Access
WPA Personal
WPA Enterprise
A WPA Enterprise Walk-Through
The Future of WPA
Best Practices
Deploy WPA Enterprise
Protect Against Rogue Access Points
Do Not Rely On Physical Boundaries
Hide Your SSID
Protect Internal Services

Wi-Fi networks have created productivity improvements in organizations, providing greater mobility to users by untethering them from the corporate network. This ease of access has also created new security headaches for network administrators: the same roaming access available to legitimate users is also available to potential attackers.

Requirements

The requirements for Wi-Fi security can be broken down into two primary components: authentication and privacy. Authentication ensures that only users who have been granted access to the Wi-Fi network are able to access the network, and privacy ensures that data transmitted on the Wi-Fi network is unavailable to unauthorized users. This chapter will discuss the issues involved in securing your Wi-Fi network and how Elektron helps solve the security problems associated with Wi-Fi networking.

Authentication

A critical element of Wi-Fi security is keeping unauthorized users off the network. Authentication is used to confirm the actual identity of a user or machine on a Wi-Fi network. Once a user’s identity has been verified, the decision whether or not to allow access to the network can be made (in a process called authorization). Without performing strict identity checking on a network, attackers could access protected resources on your network, either by pretending to be an authorized user and accessing the corporate network directly or by spoofing the corporate network and convincing legitimate users to login to the attacker’s own false network.

In the context of Wi-Fi network security, there are two authentications being formed: the server that protects network access (e.g., Elektron) must authenticate the identity of the user attempting to access the network, and the user accessing the network must confirm the identity of the server.

User Authentication

The task of user authentication is performed by your Elektron server. In a typical Wi-Fi network login, a user will identify herself to the Elektron server by providing a username and password. Elektron will then verify that the username exists, and if so, that the password provided matches the password associated with the username in Elektron’s database. If both conditions are met, the user is granted access to the network.

A risk in using password-based authentication is that during the login process the user must send to the server their username and password before the secure wireless channel has been established. This would leave the login prone to passive eavesdropping by an attacker. Secure Wi-Fi logins avoid this problem by establishing a encrypted channel that is used only for the login process prior to sending usernames and passwords. Once the user’s identity has been established and access to the Wi-Fi network has been granted, the encrypted login channel is torn down and all wireless communications between the access point and the client are encrypted using a dynamic encryption key separate from that used during the login.

Standards bodies have defined a number of different methods of password-based user authentication. A number of these do not send the password in plaintext form, but rather as a cryptographic digest, in an attempt to mask the password from potential attackers. Some of these methods are also designed to provide mutual authentication (i.e., the server can authenticate the client and the client can authenticate the server). However, none of the methods provide protection against man-in-the-middle attacks, nor do they protect the username in anyway. In order to protect against these and other attacks, Elektron encrypts all password-based logins (with the exception of LEAP, which we recommend against using if your client software supports either PEAP or TTLS).

Server Authentication

While Elektron is responsible for verifying the identity of users attempting to login to your Wi-Fi network, users have the responsibility to verify the identity of the Elektron server. This is an important and sometimes overlooked aspect of network security. It is arguably the more difficult of the two authentications performed for Wi-Fi network access, as it requires configuration of each client machine that will be accessing the network.

Unlike users, which typically identify themselves using a username and password, Elektron proves its identity using a digital certificate. Validating the server’s digital certificate can happen automatically within the user’s wireless networking client software, provided the client software has been pre-configured to recognize the certificate authority that issued the server’s certificate (client configuration of the Windows 2000 and XP clients and the Mac OS X client is covered in the chapter “Configuring Client Software”, while digital certificates are discussed in the chapter “Digital Certificates”).

In order to verify the server’s identity, users must perform digital certificate chain validation (as described in the chapter “Digital Certificates”). If the digital certificate validation fails, then the Elektron server’s identity could not be verified and the Wi-Fi network access attempt should be terminated by the user. Such a failure can be indicative of a attacker attempting to lure a legitimate user into logging into fake network, thus fooling the user into giving up their username and password. Once armed with the user’s credentials, the attacker can then use them to login to legitimate corporate network.

Privacy

In addition to authentication, a secure wireless network requires privacy. A traditional wired network can rely on its physical security to remain protected. So long as an attacker cannot physically connect to the wired network, the attacker cannot access data flowing across the network. A wireless network does not respect an organization’s physical boundaries, so an attacker need only be in proximity to a wireless network to compromise it.

While authentication can prevent an attacker from actively joining a wireless network, encryption can prevent passive eavesdropping of user data. An attacker with a packet sniffer sees only scrambled bits. This keeps sensitive business information such as email and files private as users access corporate servers via the wireless network.

Wired Equivalent Privacy

The first attempt at keeping wireless networks private was a protocol known was Wired Equivalent Privacy (WEP). It was designed to be easy to deploy, and as its name suggests, to provide a level of security equal to that of a wired network. For a time it was the only means of security available in wireless hardware.

WEP Security Issues

WEP clients and access points encrypt their communications using a key shared amongst all users. This makes for easy configuration: simply enter the key into each piece of wireless hardware that will be on the network. However, while having shared keys makes system administration easier, it is also WEP’s Achilles’ heel, introducing two significant security holes into the protocol.

Lost Hardware

The first security hole associated with the use of shared keys is the potential abuse of lost or stolen hardware. Laptops, PDAs, and other Wi-Fi devices must have the network WEP key stored in order to participate in the network. If the device is lost, that key could fall into the hands of an attacker. If an attacker has possession of the network WEP key, then the attacker can participate on the network as well as decrypt the data encrypted by any other device on the network.

If a Wi-Fi device is lost or stolen, the network WEP key must be changed in order to maintain the security of the network. Because the key is shared by every device on the network, this mean re-configuring every device on the network.

Flawed Cryptography

The WEP protocol contains a serious flaw in its use of cryptography. WEP uses the RC4 algorithm to encrypt data packets. The RC4 algorithm is a well-known and widely used algorithm, and is safely used in many non-WEP applications. It is a stream cipher that supports variable-length keys, including the 40 bit and 128 bit keys used by WEP.

Researchers have discovered flaws in how WEP uses the RC4 algorithm. An attacker can passively eavesdrop on network traffic, and in a relatively short period of time recover the network WEP key. The attacker, armed with this key, can become a full-fledged user of the network.

Dynamic WEP Keys

The flaws in WEP and the lack of a viable alternative led some access point makers to come up with an interim solution: dynamic WEP keys. With dynamic WEP keys, each network user gets their own WEP key, which in turn is changed frequently. This solves the lost hardware problem, since no WEP key is stored. The flawed cryptography problem is mitigated by the frequently changing keys. The attacks on WEP’s cryptography rely on a large number of packets being encrypted using the same key. Frequent key changes limit the number of such packets.

The method used to login to the wireless network and generate dynamic keys is defined in IEEE standard 802.1X. This is the same method used by WEP’s successor, Wi-Fi Protected Access. Although Elektron was intended to be used with WPA networks, it can also provide services to WEP/802.1X networks as well.

Wi-Fi Protected Access

As wireless networking gained in popularity, its security shortcomings became increasingly apparent. In response, the IEEE began work on a new standard designed to address these shortcomings. This new standard, dubbed 802.11i, began to work its way through the lengthy IEEE review and approval process. In the meantime, the Wi-Fi Alliance, an industry trade group, created an interim standard called Wi-Fi Protected Access (WPA).

The primary new feature of WPA is the appearance of the Temporal Key Integrity Protocol (TKIP) in place of basic RC4 encryption. TKIP continues to use RC4, but in a more secure way than WEP. The initialization vector in TKIP is increased from 24 bits to 48 bits, per-packet key mixing is added to increase the difficulty in divining a network key, as well as a Message Integrity Check (MIC) to confirm that a packet has not been tampered with.

WPA is available in most Wi-Fi hardware produced today. In order to be considered “Wi-Fi Certified” by the Wi-Fi Alliance, access points and client hardware must support WPA.

WPA comes in two flavors: WPA Personal and WPA Enterprise. As the names suggest, the former was intended for small office/home office use, while latter was targeted toward large organizations. Elektron enables the use of WPA Enterprise for organizations of any size.

WPA Personal

In an effort to simplify WPA deployment for small networks, the Wi-Fi Alliance defined the WPA Personal mode. This mode is also known as WPA-PSK (Pre-Shared Key). Like WEP, it uses a single master key for all participants in the network. Thus, like WEP, it suffers from the security issues associated with using a single key for all users.

Like WEP, WPA Personal has its shortcomings, but is far better than no security at all. With WPA Personal enabled on their network, administrators can limit network access to users that have been provided the WPA key, while also encrypting data transmitted on the network.

WPA Enterprise

The WPA Enterprise mode is the most secure method available for locking down Wi-Fi networks, enhancing both authentication and privacy. WPA Enterprise provides for a separate username and password for each network user. It also generates dynamic keys that are unique to each user and that are changed frequently.

WPA Enterprise utilizes the 802.1X/EAP protocol to authenticate users, and thus requires a server to provide this authentication. This is the role filled by Elektron.

There are a number of advantages to using Elektron to provide WPA Enterprise services to your network over using WPA Personal:

  • User Management Each network user gets her own login, meaning that when if a user leaves your organization and will no longer have access to the network, only that user’s credentials are affected. Under WPA Personal, all systems must be reconfigured to use a new master key.
  • Authentication Elektron can maintain its own database of users, or use operating system services to check logins. On Windows, this means that the Active Directory or SAM database can be used, and on Mac OS X Open Directory can be used. This means that only one user database must be maintained, so changes such as adding or removing users need only happen once.
  • Auditing Because each user has her own username, it is easy to keep track of who is logging into your network, and when.
  • Encryption Dynamic encryption keys are generated for each user at each login, and then changed frequently. This means that attackers should be unable to determine any user keys. What’s more, because each user’s key is unique, no user will be able to decrypt another user’s network transmissions.

A WPA Enterprise Walk-Through

In order to connect to a WPA Enterprise protected network, a wireless client must go through several steps:

  1. First, upon initial connection to the wireless access point, the wireless client will be informed that WPA Enterprise authentication is required. At this point, the client is not allowed to forward any non-authentication related data packets to the wireless network.Mac OS X Install
  2. The wireless client initiates a WPA Enterprise login. Once the login process begins, the access point begins forwarding data received from the client to the Elektron server, and vice versa. It is Elektron’s responsibility to manage the client login; the access point merely forwards packets back and forth between the client and server. While in this state, the access point will continue to disallow any non-login related data packets from the client.Mac OS X Install
  3. The client creates a TLS connection to the Elektron server. This will establish the server’s identity and protect further communications from eavesdropping.Mac OS X Install
  4. While establishing the TLS connection, Elektron sends to the client its digital certificate. The client must verify the certificate’s authenticity in order to continue with the connection (see the chapter “Digital Certificates” for more information). If the server’s certificate cannot be authenticated, the client should terminate the login. Doing so can help prevent the client from inadvertently sending their login information to an attacker.Mac OS X Install
  5. After the TLS connection is established and the server’s identity is confirmed, the client sends her username and password. Elektron validates the username and password, sending either an “access-accept” or “access-reject” message to the client.Mac OS X Install
  6. If the result is “access-accept”, Elektron sends to the access point the dynamic keys to be used for encrypting the wireless session. The client computes these keys itself, and the secure wireless session begins.Mac OS X Install

The wireless login process is transparent to the user, with all of the details handled by Elektron and the client software.

The Future of WPA

As described above, WPA is an interim specification designed to bridge the gap between WEP and the adoption of IEEE 802.11i. The intent was to get stronger security into the hands of users as quickly as possible. WPA provides a subset of 802.11i that can be implemented by hardware manufacturers and software developers without having to require replacement of existing equipment. In fact, most Wi-Fi equipment sold today is either WPA capable out of the box or is firmware-upgradeable to support WPA. The Wi-Fi Alliance requires that all “Wi-Fi Certified” equipment support WPA.

The future of WPA is the adoption of the full 802.11i specification rather than the subset supported now. Some of the new features of 802.11i are:

  • AES Encryption The option to use the federal Advanced Encryption Standard as the algorithm used to encrypt data packets in place of the Temporal Key Integrity Protocol (TKIP). Some Wi-Fi equipment makers are shipping AES with their products today.
  • Secure Fast Handoff This allows roaming between access points without requiring clients to fully re-authenticate to every access point. Re-authentication can slow roaming, disrupting real-time networking applications like multimedia or VoIP.
  • Secure IBSS Independent Basic Service Set (IBSS) wireless topologies, sometimes called ad-hoc networks, receive new security features in 802.11i.

Best Practices

There are a number of actions that a network administrator can take to ensure that their wireless network is as secure as possible.

Deploy WPA Enterprise

If you are reading this manual, chances are that you’ve already made the decision to deploy WPA Enterprise security on your wireless network. Elektron is a key component of a WPA Enterprise network, providing the necessary RADIUS/802.1X authentication services to the network’s access points.

Protect Against Rogue Access Points

A rogue access point is any access point not officially installed by the network administrator as part of the secure wireless network. Typically, there are installed by legitimate users who have decided not to wait for the network administrator to install Wi-Fi or have decided on their own to extend the Wi-Fi network’s range. While their intentions may be good, these users can inadvertently open up gaping security holes in the corporate network.

In more extreme cases, a rogue access point could be installed by an attacker as means to compromise a network. By installing a rogue access point, an attacker need only physically break into a network once (for the initial access point installation). Any future network intrusions can be made remotely via the rogue access point.

Protecting against rogue access points can be difficult. Network administrators can use the same tools that wardrivers use to find open access points, such as NetStumbler, to home-in on rogue access points. There are also dedicated systems specifically designed to track down rogue access points on a network. And because the rogue access point must at some point connect to the wired network, an administrator can also monitor ethernet switches and hubs to ensure that no unauthorized devices are connected.

Do Not Rely On Physical Boundaries

There is no reliable way to ensure that the RF signals on your wireless network stop at the physical boundaries of your company. Attackers using devices such as range-extending antennas may still be able to pick up your network’s signals. If you deploy a wireless network, you must assume that an attacker has access to it. For this reason, you must use all available means to lock down your network.

Hide Your SSID

Service Set Identifiers (SSIDs) are used by access points to advertise their availability to potential clients. Access points broadcast their SSID to client applications, which can present the user with a list of all nearby networks. Many access points allow the network administrator to remove the access point’s SSID, thus preventing the access point from broadcasting its availability.

Removing the SSID is far from foolproof security, but it does add at least a small extra layer of protection. Users must know the network SSID before logging into the network, which conceivably could keep intruders out.

Protect Internal Services

It’s good practice for network administrators to be paranoid. All network servers should be kept as secure as possible, with the assumption that attackers have access to the network. This includes maintaining a strong password policy and keeping Access Control Lists (ACLs) up to date in order to limit network resources to legitimate users.