Operating Systems Security - Chapter 2



Operating Systems Security - Chapter 8

Wireless Security

Chapter Overview

In this chapter, you will learn how wireless networks work, and understand their security problems and the security measures for blocking threats to these networks. Attackers know the ins and outs of wireless networks, which means that network administrators need to know the same information to effectively block attackers. You will begin by learning the basics of wireless networking and then learn two popular wireless networking protocols: IEEE 802.11x and Bluetooth. Next, you’ll learn the types of attacks used against wireless networks. Finally, you will learn wireless security measures and how to implement them in client operating systems.

Learning Objectives

After reading this chapter and completing the exercises, students will be able to:

□ Explain wireless networking and why it is used

□ Describe IEEE 802.11x (a, b, g, & n) radio wave networking

□ Explain Bluetooth networking

□ Describe attacks on wireless networks

□ Discuss wireless security measures

□ Configure security for wireless interfaces in workstation operating systems

Lecture Notes

An Introduction to Wireless Networking

Wireless networking has informal and formal roots. The informal beginning of wireless networking is in amateur radio. Amateur (Ham or shortwave) radio operators (also called hams) are licensed by the Federal Communications Commission (FCC) to transmit voice, Morse code, data, satellite, and video signals over radio waves and microwaves.

In the 1980s, licensed amateur radio operators received permission from the FCC to transmit data on several radio frequencies, with 50.1 to 54.0 MHz being the lowest and 1240 to 1300 MHz being the upper ranges. The hertz (Hz) is the unit of measurement for radio frequencies. Technically, one hertz represents a radiated alternating current or emission of one cycle per second. Radio frequencies (RFs) are the range of frequencies above 10 kilohertz (KHz) through which an electromagnetic signal can be radiated into space.

In the Telecommunications Act of 1996, Congress further set the stage for wireless communications by implementing wireless communications “siting” (location) and emission standards, and by providing incentives for future development of telecommunications technologies, including wireless communications. Today, wireless networks are designed and installed to accommodate all types of needs, which include the following:

□ Enabling communications in areas where a wired network would be difficult to install

□ Reducing installation costs

□ Providing “anywhere” access to users who cannot be tied down to a cable

□ Enabling easier small and home office networking

□ Enabling data access to fit the application

Attacks on Wireless Networks

The widespread use of wireless networks has interested attackers for reasons that parallel the advantages just mentioned in the text:

□ The use of wireless networks in hard-to-wire locations is attractive to attackers, because the same locations are of interest to the attackers, and a wireless network is easier to tap into without creating attention than is a hard-wired network.

□ Just as wireless networks can be less expensive to install than wired solutions, it is relatively inexpensive for an attacker to acquire gear to tap into a wireless network.

□ The “anywhere” access provided by a wireless network also gives the attacker similar options for “anywhere” access (or attacks).

□ The common use of wireless networks in small and home offices creates more potential target sites for attackers.

□ Just as wireless networks can be tailored to fit the user’s application, wireless networks appeal to attackers who prefer working with wireless communications, including wireless receiving devices and antennas.

Wireless Network Support Organizations

Several organizations exist to promote wireless networking. One such organization is the Wireless LAN Association (WLANA), which is a valuable source of information about wireless networks. WLANA is supported by wireless network device manufacturers and promoters, including Alvarion, Cisco Systems, ELAN, Intermec, Intersil, Raylink, and Wireless Central. WINLAB is a consortium of universities researching wireless networking, located at Rutgers University.

Why a Wireless Network Might Be Used Instead of a Wired Network

A wired network can be difficult or even impossible to install in some situations. Many organizations use an integrated network that combines wired and wireless networks.

|Quick Reference |Discuss the implementation of wired and wireless networks. |

Radio Wave Technologies

Network signals are transmitted over radio waves in a fashion similar to the way your local radio station broadcasts, but network applications use much higher frequencies. A line-of-sight transmission is one in which the signal goes from point-to-point, following the surface of the Earth, rather than bouncing off the atmosphere to skip across the country or across continents (like shortwave radio). Most wireless radio waves network equipment employs spread spectrum technology for packet transmissions. This technology uses one or more adjoining frequencies to transmit the signal across greater bandwidth.

Radio wave communications can save money where it is difficult or expensive to run cable. There are some disadvantages to radio wave communications. One is that many network installations are implementing high-speed communications of 100 Mbps and higher to handle heavy data traffic, including transmission of large files.

IEEE 802.11 Radio Wave Networking

There are several types of radio wave wireless communications in use, but the types that offers significant advantages in terms of compatibility and reliability are the IEEE 802.11x standards. Many wireless network users are deploying IEEE 802.11x devices because these devices do not rely on proprietary communications, particularly in the lower (and slower) 902-928 MHz range common to older wireless devices (like wireless telephones), and so that 802.11x devices from different vendors can be intermixed.

The IEEE 802.11x standards are also called the IEEE Standards for Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. The standards encompasses wireless data communications stations that are either fixed or mobile. The 802.11x standards involves two kinds of communications. The first is asynchronous communications, in which communications occur in discrete units, with the start of a unit signaled by a start bit at the front and a stop bit at the back end. The second type consists of communications governed by time restrictions, in which the signal must reach its destination within a given amount of time, or it is considered lost or corrupted.

Wireless Components

Wireless communications usually involve three main components: a wireless network interface card (WNIC) that functions as a transmitter/receiver (transceiver), an access point (AP), and antennas. The transceiver card is a wireless NIC (WNIC) that functions at both the physical and data-link layers of the OSI model. Most WNICs are compatible with Microsoft’s Network Driver Interface Specification (NDIS) and Novell’s Open Data-link Interface (ODI) specification.

An access point is a device that attaches to a cabled network and that services wireless communications between WNICs and the cabled network. An antenna is a device that sends out (radiates or transmits) and picks up (receives) radio waves.

Directional Antenna

A directional antenna sends the radio waves in one main direction and generally can amplify the radiated signal to a greater degree than an omnidirectional antenna. Amplification of the radiated signal is called gain. In wireless networking, a directional antenna is typically used to transmit radio waves between antennas on two buildings connected to access points, as shown in Figure 8-2 on page 367t.

Omnidirectional Antenna

An omnidirectional antenna radiates the radio waves in all directions. Because the signal is more diffused than the signal of a directional antenna, it is likely to have less gain. In wireless networking, an omnidirectional antenna is often used on an indoor network, in which users are mobile and need to broadcast and receive in all directions.

Wireless Networking Access Methods

There are two access methods incorporated into the 802.11x standards: priority-based access and Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). In priority-based access, the access point also functions as a point coordinator. The point coordinator establishes a contention-free period, during which stations cannot transmit, unless first contacted by the point coordinator. Priority-based access is intended for communications that are time-sensitive. Priority-based access is also called point coordination function in the 802.11x standards.

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is a more commonly used access method in wireless networking, and is also called the distributed coordination function. In CSMA/CA, a station waiting to transmit listens to determine if the communication frequency is idle. It determines if the frequency is idle by checking the Received Signal Strength Indicator (RSSI) level. If the frequency remains idle for DIFS seconds, stations avoid a collision because each station needing to transmit calculates a different amount of time to wait (the backoff time) before checking the frequency again to see if it is idle.

Handling Data Errors

Wireless network communications are subject to interference from weather, solar flares, competing wireless communications, physical obstacles, and other sources. Any of these forms of interference can corrupt the successful reception of data. The automatic repeat request (ARQ) characteristic in the 802.11x standards help wireless devices take these possibilities into account. With ARQ, if the station sending a packet does not receive an acknowledgement (ACK) from the destination station, the sending station automatically retransmits the packet.

Transmission Speeds

The 802.11x wireless transmission speeds and related radio wave frequencies are defined through four current standards: 802.11a, 802.11b, 802.11g and 802.11n. (The transmission speeds in these standards correspond to the physical layer of the OSI reference model.) The 802.11a standard outlines the following specs in the 5-GHz frequency range for wireless networking:

□ 6 Mbps ( 9 Mbps ( 12 Mbps ( 18 Mbps

□ 24 Mbps ( 36 Mbps ( 48 Mbps ( 54 Mbps

The 802.11a standard is performed at the physical layer of the OSI reference model, and it uses orthogonal frequency-division multiplexing (OFDM) to radiate the data signal over radio waves. The 802.11b (and 802.11g) standards use in the 2.4 GHz frequency range. 802.11b offers data transmission speeds that include:

□ 1 Mbps ( 2 Mbps ( 10 Mbps ( 11 Mbps

The 802.11b standard uses direct sequence spread spectrum modulation (DSSS), which is a method for radiating a data-carrying signal over radio waves. DSSS first spreads the data across any of up to 14 channels, each 22 MHz in width. Table 8-1 on page 372 summarizes the characteristics of 802.11a , 802.11b, and 802.11g.

Infrared Wireless Networking

An alternative to using radio wave communications is the 802.11R standard for infrared transmissions. Infrared light can be used as a medium for network communications. Infrared can be broadcast in a single direction or in all directions, using a light-emitting diode (LED) to transmit and a photodiode to receive.

There are also some significant disadvantages to this communications medium. One is that data transmission rates only reach up to 16 Mbps for directional communications, and they can be less than 1 Mbps for omnidirectional communications. Another disadvantage is that infrared does not go through walls. Diffused infrared transmits by reflecting the infrared light from the ceiling, as shown in Figure 8-4 on page 374. The IEEE 802.11R standard is for diffused infrared communications, enabling a transmission range between 30 and 60 feet, depending on the height of the ceiling.

Using Authentication to Disconnect

One function of the authentication process is disconnecting when a communication session is complete. The authentication process during disconnects is important because it prevents two communicating stations from being inadvertently disconnected by a non-authenticated station.

802.11x Network Topologies

Two general topologies are used in the 802.11x standards. The first topology, the independent basic service set (IBSS) topology is the simplest, consisting of two or more wireless stations that can be in communication with one another.

The extended service set (ESS) topology deploys a more extensive area of service than the IBSS topology by using one or more access points. An ESS can be a small, medium-sized, or large network and can significantly extend the range of wireless communications. The ESS topology is shown in Figure 8-6 on page 375. In terms of security, the ESS topology is more secure, because security that is configured through access points is typically stronger than security configured at workstations for the IBSS topology.

Multiple-Cell Wireless LANs

When an ESS wireless topology employs two or more access points, it becomes a multiple-cell wireless LAN. In this topology, the broadcast area around a single access point is a cell. A PC or hand-held device equipped with a WNIC can move from cell to cell, which is called roaming.

Although 802.11x does not specifically define a standard for a roaming protocol, one protocol developed by wireless vendors, called Inter-Access Point Protocol (IAPP), does generally conform to the 802.11 standard.

Bluetooth Radio Wave Networking

Bluetooth is a wireless technology defined through the Bluetooth Special Interest Group. Bluetooth uses frequency hopping in the 2.4-GHz frequency range (2.4-2.4835 GHz) designated by the FCC for unlicensed ISM transmissions.

Frequency hopping means that transmissions hop among 79 frequencies for each packet that is sent. Bluetooth uses time-division duplexing (TDD), which means that packets are sent in alternating directions, using time slots.

Anatomy of Attacks on Wireless Networks

One of the first steps in an attack is locating wireless network targets. To do this, there are four main elements that an attacker may use:

□ An antenna

□ A wireless network interface card

□ A GPS

□ War-driving software

Rogue Access Point

A rogue access point is one that is installed without the knowledge of the network administrators and that is not configured to have security. Whether innocently installed or not, the rogue access point provides an attacker with an unsecured entryway to the packet communications in that portion of the network. One way to limit the possibility of rogue access points is to create and publish an organizational policy that prohibits users from installing their own wireless devices, specifically access points and WNICs.

Attacks Through Long-Range Antennas

An attacker from the inside of a network can equip a rogue access point with a long-range antenna (high decibel gain) to increase the reach of a signal, so that it is possible to monitor a network from a greater distance without being observed.

Man-in-the-Middle Attacks

Some wireless networks are particularly susceptible to man-in-the-middle attacks. A man-in-the-middle attack occurs when the attacker is able to intercept a message meant for a different computer. The attacker is literally operating between two communicating computers and has the opportunity to:

□ Listen in on communications

□ Modify communications

Pitfalls of Wireless Communications

When you plan for wireless communications, you should consider the following approaches:

□ Avoid using wireless communications on a network that transports extremely sensitive information, such as financial information, company strategies, and organizational secrets.

□ Configure the tightest security available on all wireless devices.

Wireless Security Measures

There are many wireless security measures that can be taken. A sampling of the most common follows:

□ Open system authentication ( Shared key authentication

□ Wired Equivalent Privacy (WEP) ( Service set identifier (SSID)

□ 802.1x security ( 802.11i security

Open System Authentication

In open system authentication, any two stations can authenticate each other. The sending station simply requests to be authenticated by the destination station or access point.

Shared Key Authentication

Shared key authentication uses symmetrical encryption, in which the same key is employed for both encryption and decryption. The authentication technique is challenge/response, because the computer being accessed requests a “shared secret” from the computer initiating the connection, such as the encryption key both will use to encrypt and decrypt information.

|Quick Reference |Discuss the general steps used in wireless communication shown on page 380. |

Wired Equivalent Privacy (WEP)

In 802.11 communications, the shared secret is the Wired Equivalent Privacy (WEP) key used for encryption and decryption, --and the key itself is encrypted. WEP was developed by the IEEE. When you configure a simple wireless network, plan to configure all devices to use WEP, if it is offered.

Service Set Identifier

When you purchase wireless devices, ensure that they support a service set identifier (SSID). The SSID is an identification value that typically can be up to 32 characters in length. SSID is not truly a password, but rather a value that defines a logical network for all devices that belong to it –similar to a workgroup name. The SSID is typically used in ESS topology networks, and not in IBSS topologies.

802.1x Security

802.1x is a wireless and wired authentication approach offered by the IEEE, and is supported in some operating systems, such as in Windows XP and Windows Server 2003. This is a port-based form of authentication, in which communications are defined to occur over a specific port (wireless or LAN-based port).

|Quick Reference |Discuss the general steps used in 802.1x for authentication in wireless communications as shown on|

| |page 382 of the text. |

For best security, the authentication server should be a different computer than the authenticator.

802.1i Security

A relatively new currently proposed standard for 802.11 security is 802.1i, which builds on the 802.1x standard. Not only is 802.1i compatible with 802.1x, but it also uses the Temporal Key Integrity Protocol (TKIP) for creating random encryption keys from one master key. TKIP is similar to the block cipher method, with the block being equivalent to a packet.

Configuring Security for Wireless Interfaces in Workstation Operating Systems

Windows 2000/XP, Windows Server 2003/2008, Windows Vista, Linux, and Mac OS X are all examples of operating systems that support the use of wireless network interface cards.

Configuring Security for Wireless Connectivity in Windows 2000 Professional

Windows 2000 Professional supports the use of WNICs and the following security techniques:

□ Open system authentication ( Shared key authentication

□ WEP (40-bit and 104-bit keys) ( SSID

□ 802.1x ( EAP

□ Authentication through RADIUS

Configuring Security for Wireless Connectivity in Windows XP Professional

Windows XP Professional supports a broad range of WNICs for wireless connectivity. When a WNIC is installed, Windows XP Professional supports the following security:

□ Open system authentication ( Shared key authentication

□ WEP (40-bit and 104-bit keys) ( SSID

□ 802.1x ( EAP and EAP-TLS

□ Authentication through RADIUS ( PEAP

Configuring Security for Wireless Connectivity in Linux

Linux also supports the use of WNICs. A WNIC is installed and configured through the GNOME desktop Network Device Control tool. Linux currently supports:

□ Open system authentication ( Shared key authentication

□ WEP (40-bit and 104-bit keys) ( SSID

□ 802.1x

Configuring Security for Wireless Connectivity in Mac OS X

Mac OS X and Apple’s iMac, iBook, Powerbook G4, and Power Mac G4 computers come with built-in compatibility for AirPort WNICs and base stations (access points). AirPort is compatible with 802.11b wireless communications, and AirPort WNICs and base stations currently support the following security:

□ Open system authentication ( Shared key authentication

□ WEP (40-bit and 104-bit keys) ( SSID

□ RADIUS authentication ( Firewall protection

Discussion Questions

1) Discuss the different strategies used in the implementation of a wireless network.

2) Discuss the different strategies used for implementing strong security in a wireless network.

Additional Activities

1) Utilizing the Internet, research the advantages and disadvantages of wireless networking.

2) Prepare a chart depicting the procedures used in configuring security in a wireless network for each operating system discussed in this lesson.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download