SY0-501 Section 1.5 -Given a scenario, troubleshoot security issues related to wireless networking.

WPA

WPA is Wi-Fi Protected Access, one of several popular standards for wireless network security. This WPA is not to be confused with Windows XP Product Activation, a separate technology that is also included with the Microsoft Windows operating system.

Before being able to use Wi-Fi WPA with Windows XP, you may need to upgrade one or more components of your network including the XP operating system and network adapters on some computers as well as the wireless access point

Follow these instructions to set up WPA on Wi-Fi networks having Windows XP clients.

Difficulty: Average

Time Required: 30 minutes

Here’s How:

1. Verify each Windows computer on the network is running Windows XP Service Pack 1 (SP1) or greater. WPA cannot be configured on older versions of Windows XP or older versions of Microsoft Windows

2. For any Windows XP computer running SP1 or SP2, update the operating system to XP Service Pack 3 or newer for best WPA/WPA2 support.

XP Service Pack 1 computers do not support WPA by default and cannot support WPA2. To upgrade an XP SP1 computer to support WPA (but not WPA2), either

install the Windows XP Support Patch for Wi-Fi Protected Access from Microsoft, or

upgrade the computer to XP SP2

XP Service Pack 2 computers by default support WPA but not WPA2. To upgrade an XP SP2 computer to also support WPA2, install the Wireless Client Update for Windows XP SP2 from Microsoft.

1. Verify your wireless network router (or other access point) supports WPA. Because some older wireless access points do not support WPA, you many need to replace yours. If necessary, upgrade the firmware on the access point according to the manufacturer’s directions to enable WPA on it.

2. Verify each wireless network adapter also supports WPA. Obtain a device driver upgrade from the adapter manufacturer if necessary. Because some wireless network adapters cannot support WPA, you may need to replace them.

3. On each Windows computer, verify that its network adapter is compatible with the Wireless Zero Configuration (WZC) service. Consult the adapter’s product documentation, manufacturer’s Web site, or appropriate customer service department for details on WZC. Upgrade the network adapter driver and configuration software to support WZC on clients if necessary.

4. Apply compatible WPA settings on each Wi-Fi device. These settings cover network encryption and authentication.

The WPA encryption keys (or passphrases) chosen must match exactly between devices

For authentication, two versions of Wi-Fi Protected Access exist called WPA and WPA2. To run both versions on the same network, ensure the access point is configured for WPA2 mixed mode. Otherwise, you must set all devices to WPA or WPA2 mode exclusively.

Wi-Fi products use a few different naming conventions to describe types of WPA authentication. Set all equipment to use either Personal/PSK or Enterprise/*EAP options

WPA2

In July 2004, the IEEE approved the full IEEE 802.11i specification, which was quickly followed by a new interoperability testing certification from the WiFi Alliance known as WPA2. WPA2 is based on the Robust Security Network (RSN) mechanism, which provided support for all of the mechanisms available in WPA, as well as:

Strong encryption and authentication support for infrastructure and ad-hoc networks (WPA is limited to infrastructure networks);

Reduced overhead in key derivation during the wireless LAN authentication exchange;

Support for opportunistic key caching to reduce the overhead in roaming between access points;

Support for pre-authentication, where a station completes the IEEE 802.1X authentication exchange before roaming;

Support for the CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) encryption mechanism based on the Advanced Encryption Standard (AES) cipher as an alternative to the TKIP protocol.

As of March 2006, the WPA2 certification became mandatory for all new equipment certified by the Wi-Fi Alliance, ensuring that any reasonably modern hardware will support both WPA and WPA2.

By leveraging the RC4 cipher (also used in the WEP protocol), the IEEE 802.11i task group was able to improve the security of legacy networks with TKIP while the IEEE 802.11i amendment was completed. It is important to note, however, that TKIP was designed as an interim solution for wireless security, with the goal of providing sufficient security for 5 years while organizations transitioned to the full IEEE 802.11i security mechanism. While there have not been any catastrophic weaknesses reported in the TKIP protocol, organizations should take this design requirement into consideration and plan to transition WPA networks to WPA2 to take advantage of the benefits provided by the RSN architecture

WEP

The privacy protocol specified in IEEE 802.11 to provide wireless LAN users protection against casual eavesdropping, WEP refers to the intent to provide a privacy service to wireless LAN users similar to that provided by the physical security inherent in a wired LAN.

When WEP is active in a wireless LAN, each 802.11 packet is encrypted separately with an RC4 cipher stream generated by a 64-bit RC4 key. This key is composed of a 24-bit initialization vector (IV) and a 40-bit WEP key. The encrypted packet is generated with a bitwise exclusive OR (XOR) of the original packet and the RC4 stream. The IV is chosen by the sender and can be changed periodically so every packet won’t be encrypted with the same cipher stream. The IV is sent in the clear with each packet. An additional 4-byte Integrity Check Value (ICV) is computed on the original packet and appended to the end. The ICV (be careful not to confuse this with the IV) is also encrypted with the RC4 cipher stream.

WEP has been widely criticized for a number of weaknesses:

Key management and key size

Key management is not specified in the WEP standard; without interoperable key management, keys will tend to be long-lived and of poor quality. Most wireless networks that use WEP have one single WEP key shared between every node on the network. Access points and client stations must be programmed with the same WEP key. Since synchronizing the change of keys is tedious and difficult, keys are seldom changed. Also, the 802.11 standard does not specify any WEP key sizes other than 40 bits.

The IV is too small

WEP’s IV size of 24 bits provides for 16,777,216 different RC4 cipher streams for a given WEP key, for any key size. Remember that the RC4 cipher stream is XOR-ed with the original packet to give the encrypted packet that is transmitted, and the IV is sent in the clear with each packet. The problem is IV reuse. If the RC4 cipher stream for a given IV is found, an attacker can decrypt subsequent packets that were encrypted with the same IV or can forge packets.

Weakness: The ICV algorithm is not appropriate

The WEP ICV is based on CRC-32, an algorithm for detecting noise and common errors in transmission. CRC-32 is an excellent checksum for detecting errors, but an awful choice for a cryptographic hash. Better-designed encryption systems use algorithms such as MD5 or SHA-1 for their ICVs.

Authentication messages can be easily forged

EAP

The Extensible Authentication Protocol (EAP) is best considered as a framework for transporting authentication protocols, rather than as an authentication protocol itself. EAP can be used for authenticating dial-up and VPN connections, and also Local Area Network (LAN) ports in conjunction with IEEE 802.1X.

In EAP, the party demanding proof of authentication is called the authenticator and the party being authenticated is called the supplicant. EAP defines four types of packet: request, response, success and failure. The authenticator issues request packets and they solicit a response packet from the supplicant. Any number of request-response exchanges may be used to complete the authentication. If the authentication is successful, a success packet is sent to the supplicant; if not, a failure packet is sent.

The basic EAP packet format is simple. A type field indicates the type of packet, such as a response or a request. An Identifier field is used to match requests and responses. Response and request packets have two further fields. The first, confusingly called ‘type’, indicates the type of data being transported (such as an authentication protocol), and the second, type-data, consists of that data. Note that EAP method is synonymous with type, and both are used frequently.

The EAP specification defines three ‘basic’ authentication EAP types (MD5-Challenge, OTP and GTC) and three non-authentication types (Identity, Nak,* and Notification). The three ‘basic’ authentication types are not considered secure for typical use, particularly in wireless environments. The authenticator to request the user name claimed by the supplicant uses the Identity type, and is typically the first packet transmitted. The Nak type is used by the peer to indicate that a type proposed by the authenticator is unacceptable (for example, the authenticator has proposed an authentication protocol that is unsupported by the peer, or policy forbids its use). If this happens then the authenticator may choose to try another, thereby allowing supplicant and authenticator to negotiate a mutually acceptable authentication protocol. The Notification type, which is rarely used, returns a message that must be displayed to the user.

Finally, EAP permits pass-through authentication. This allows the authenticator to forward all responses, using the RADIUS protocol, to a remote EAP server (in practice, most RADIUS servers also understand EAP). This server assumes the role of the authenticator for the remainder of the EAP session, and attempts to authenticate the supplicant against a user database server. Pass-through authentication, therefore, permits centralized management of authentication against large numbers of authenticators. Another advantage is that the authenticator does not need to support the type negotiated by the peer and the EAP server. An example EAP exchange is shown in the figure below. The peer refuses OTP authentication, but agrees to MD5-Challenge and is authenticated

EAP Types TLS, TTLS and PEAP

As previously mentioned, the ‘basic’ authentication types should not be used. They do not provide sufficient protection for use on a shared network and, in particular, do not allow negotiation of the keying material required for IEEE 802.11 wireless LAN encryption. Consequently, a number of more secure types have been developed. Of these, only three have been widely implemented: TLS, TTLS and PEAP.

The TLS EAP type is based on the Transport Layer Security (TLS) protocol, which uses public key cryptography for authentication and negotiation of keys that can beused to encrypt data. TLS is also the protocol used for securing HTTPS. The main difference is that HTTPS is transported over TCP, whereas EAP TLS is transported over the EAP session between the supplicant and EAP server. As in HTTPS, the supplicant authenticates the server’s identity using a locally stored root certificate. However, unlike most HTTPS transactions, EAP TLS uses a user certificate to authenticate the supplicant to the server.

This means TLS can only be used by organizations with a Certificate Authority (CA) that issues user certificates; as such, although it offers excellent security, it is not widely deployed. Instead, two further EAP types, Protected EAP (PEAP) and Tunneled TLS (TTLS), work around this problem. Both of these types also use TLS for server authentication and encryption, but avoid the need for user certificates by using a second authentication protocol between the supplicant and the server that is protected by theTLS encryption. This is very similar to conventional HTTPS authentication, where the user’s plain-text credentials are protected by TLS. The main difference between the types is that PEAP can only protect other EAP types, whereas TTLS can protect almost any authentication protocol. An overview of the protocol layering is shown in the figure below.

LEAP

The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic WEP keys and mutual authentication (between a wireless client and a RADIUS server). LEAP allows for clients to re-authenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don’t live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP.

Cisco LEAP, similar to WEP, has had well-known security weaknesses since 2003 involving offline password cracking. LEAP uses a modified version of MS-CHAP, an authentication protocol in which user credentials are not strongly protected. Stronger authentication protocols employ a salt to strengthen the credentials against eavesdropping during the authentication process. Cisco’s response to the weaknesses of LEAP suggests that network administrators either force users to have stronger, more complicated passwords or move to another authentication protocol also developed by Cisco, EAP-FAST, to ensure security. Automated tools like ASLEAPdemonstrate the simplicity of getting unauthorized access in networks protected by LEAP implementations.

MAC filter

Most Wi-Fi access points and routers ship with a feature called hardware or MAC address filtering. The manufacturer normally turns “off” this feature, because it requires a bit of effort to set up properly. However, to improve the security of your Wi-Fi LAN (WLAN), strongly consider enabling and using MAC address filtering.

Without MAC address filtering, any wireless client can join (authenticate with) a Wi-Fi network if they know the network name (also called the SSID) and perhaps a few other security parameters like encryption keys. When MAC address filtering is enabled, however, the access point or router performs an additional check on a different parameter. Obviously the more checks that are made, the greater the likelihood of preventing network break-ins.

To set up MAC address filtering, you as a WLAN administrator must configure a list of clients that will be allowed to join the network. First, obtain the MAC addresses of each client from its operating system or configuration utility. Then, they enter those addresses into a configuration screen of the wireless access point or router. Finally, switch on the filtering option.

Once enabled, whenever the wireless access point or router receives a request to join with the WLAN, it compares the MAC address of that client against the administrator’s list. Clients on the list authenticate as normal; clients not on the list are denied any access to the WLAN.

MAC addresses on wireless clients can’t be changed as they are burned into the hardware. However, some wireless clients allow their MAC address to be “impersonated” or “spoofed” in software. It’s certainly possible for a determined hacker to break into your WLAN by configuring their client to spoof one of your MAC addresses. Although MAC address filtering isn’t bulletproof, still it remains a helpful additional layer of defense that improves overall Wi-Fi network security.

Do not confuse MAC address filtering with content filtering. Content filtering on a wireless access point or router allows administrators to maintain a list of Web site URLs or addresses that should not be accessed from the home WLAN.

SSID broadcast

SSID (service set identifier) is a function performed by an Access Point that transmits its name so that wireless stations searching for a network connection can ‘discover’ it. It’s what allows your wireless adapter’s client manager program or Windows XP’s built-in wireless software to give you a list of the Access Points in range.

Having SSID broadcast disabled essentially makes your Access Point invisible unless a wireless client already knows the SSID, or is using tools that monitor or ‘sniff’ traffic from an AP’s associated clients.

Using the default SSIDs poses a security risk even if the AP is not broadcasting it, here are some standard ones that can possibly be probed by potenital attackers:

101 (3Com)

Compaq (Compaq)

compex (Compex)

Default SSID

intel (Intel)

linksys (Linksys)

RoamAbout Default Network Name (Lucent/Cabletron)

tsunami (Cisco)

Wireless

WLAN (Addtron)

Note that turning off SSID broadcast does not effectively protect the network from attacks, as network-monitoring tools like Kismet and airodump-ng can still easily find the SSID, often within minutes.

TKIP

Temporal Key Integrity Protocol (TKIP), as defined by the IEEE 802.11i specification, addresses the encryption part of the wireless security equation. (A different part of 802.11i addresses the per-message integrity problem) TKIP was designed with a very difficult constraint in place: it had to operate on existing hardware, and therefore it could not require computationally advanced encryption.

TKIP is a “wrapper” that goes around the existing WEP encryption. TKIP comprises the same encryption engine and RC4 algorithm defined for WEP. However, the key used for encryption in TKIP is 128 bits long. This solves the first problem of WEP: a too-short key length.

An important part of TKIP is that it changes the key used for each packet. This is the “Temporal” part of the picture. The key is created by mixing together a combination of things, including a base key (called a Pairwise Transient Key in TKIP parlance), the MAC address of the transmitting station, and the serial number for the packet. The mixing operation is designed to put a minimum demand on the stations and access points, yet have enough cryptographic strength so that it cannot easily be broken

Each packet transmitted using TKIP has a unique 48-bit serial number that is incremented every time a new packet is transmitted and used both as the Initialization Vector and part of the key. Putting a sequence number into the key ensures that the key is different for every packet. This solves another problem of WEP, called “collision attacks,” which can occur when the same key is used for two different packets. With different keys, there are no collisions.

Having the serial number of the packet also be the initialization vector helps to reduce yet another WEP problem, called “replay attacks.” Because a 48-bit sequence number will take thousands of years to repeat itself, no one can replay old packets from a wireless connection– -they will be detected as out of order because the sequence numbers won’t be right.

The last, and most important, piece that is mixed into the TKIP key is the base key. Without a way to generate unique base keys, TKIP would solve many of WEP’s problems, but not its worst one: the constant reuse of a well-known key by everyone on the wireless LAN. To deal with this, TKIP generates the base key that is mixed into the per-packet key. Each time a wireless station associates to an access point, a new base key is created. This base key is built by hashing together a special session secret with some random numbers (called nonce) generated by the access point and the station as well as the MAC address of the access point and the station. With 802.1X authentication, the session secret is unique and transmitted securely to the station by the authentication server; when using TKIP with pre-shared keys, the session secret is the same for everyone and never changes—hence the vulnerability of using TKIP with pre-shared keys.

Captive portals

Most public networks, including Wi-Fi hotspots, use a captive portal, which requires users to agree to some condition before they use the network or Internet. The condition could be to agree to the acceptable use policy, payment charges for the time they are using the network, and so forth.

One of the most popular implementations of captive portals is a Cisco application in their Identity Services Engine. However, there have been vulnerabilities identified with it, which allow attackers to intercept cleartext values:

Antenna types

Just as important as antenna placement is the type of antenna used. The default antenna on many (but not all) APs can be replaced to increase or decrease transmission range. The proper antenna can work around obstacles, minimize the effects of interference, increase signal strength, and focus the transmission (which can increase signal speed).

The antenna can be completely internal on an AP, or it can consist of one, two, or three external poles

An omnidirectional antenna is designed to provide a 360-degree pattern and an even signal in all directions, so you usually want to locate the AP in the middle of the area to be covered. A directional antenna, on the other hand, forces the signal in one direction, and since it is focusing the signal, it can cover a greater distance with a stronger signal.

All antennas are rated in terms of gain value, which is expressed in dBi numbers. A wire- less antenna advertised with a 20 dBi would be 20 times stronger than the base of 0 dBi. As a general rule, every 3 dB added to an antenna effectively doubles the power output.

Site surveys

An additional aspect of wireless systems is the site survey. Site surveys involve listening in on an existing wireless network using commercially available technologies. Doing so allows intelligence, and possibly data capture, to be performed on systems in your wireless network.

The term site survey initially meant determining whether a proposed location was free from interference. When used by an attacker, a site survey can determine what types of systems are in use, the protocols used, and other critical information about your network. It’s the primary method used to gather information about wireless networks. Virtually all wireless networks are vulnerable to site surveys.

As for interference, it can be unintentional (caused by other devices in the vicinity, for example) or intentional. When it is intentional, then it is referred to as jamming, as the intent is to jam the signal and keep the legitimate device from communicating. If wirelesses APs are installed in a building, the signals will frequently radiate past the inside of the building, and they can be detected and decoded outside the building using inexpensive equipment. The term war driving refers to driving around town with a laptop looking for APs to communicate with. The network card on the intruder’s laptop is set to promiscuous mode, and it looks for signals coming from anywhere. After intruders gain access, they may steal Internet access or corrupt your data.

Once weaknesses have been discovered in a wireless network, war chalking can occur. War chalking involves those who discover a way into the network leaving signals (oftenwritten in chalk) on, or outside, the premise to notify others that vulnerability exists there. The marks can be on the sidewalk, the side of the building, a nearby signpost, and so on.

img