First up, let’s finish off a little theory to go with the first post.

Other WIFI Security Measures

WEP and the much improved WPA should not be considered alone. Security in general requires a holistic approach to determine what functionality the business requires, what techniques can be used to provide that functionality and then assurance of the security of those features. Below are two additional techniques regularly used in conjunction with WEP or WPA to improve the security of a WLAN.

MAC Address Filtering

A common feature available with wireless access devices is the means to restrict access to only wireless devices that have their network (MAC) address configured in a filter list. Therefore, any device that tries to authenticate with a MAC address not matching the list will be rejected.

This method is not foolproof. If traffic can be decrypted then a valid MAC address could be determined and used to access the network.

Separate VLAN/DMZ for Wireless LAN

Most medium to large networks utilise virtual LAN’s (VLAN’s) to separate IP networks into logical groupings for security, performance and management reasons. Most good quality layer 3 switches provide VLAN’s that allow you to define firewall rules or access lists to restrict what resources on the network that wireless networks clients can access.

For more protection, the wireless network can be placed behind a fully featured stateful firewall rather than a VLAN alone.

WPA Wireless Clients Sample Implementation

This section shows an example of implementing WPA Enterprise with PEAP. Three components are required.

• The supplicant (the WIFI client),
• The Authenticator (the Access Point) and;
• An Authentication Server (A Radius server such as Microsoft IAS Server).

In this example the Access Point is a Cisco Aironet 1310 Series Outdoor Access Point/Bridge1 running IOS 12.3(7)JA.

In addition, since we are using PEAP, we need a suitable certificate server and we have used Microsoft Certificate Services.

Since we are using Microsoft IAS for Radius, which integrates with Active Directory, we have created 2 new Active Directory groups called "Wireless Users" and "Wireless Computers" respectively. These groups will be used to determine what computers and users are allowed access to the WIFI network. This ensures a high level of granularity for IT staff to manage access.

Configuring IAS (RADIUS)

IAS is a free component that is supplied with Win2k/Win2003 but is not installed by default. It can be installed via the Control Panel->Add/Remove Programs/Windows Components applet.

Both IAS and the authenticating access point need to be configured to perform Radius authentication. Firstly, you need to register IAS in Active Directory, so that IAS policies can be used on Active Directory users and computers to govern access.

In the left hand pane of the IAS management console, select Internet Authentication Service (Local) and right click to select the Register Server in Active Directory option.

If the server is already registered in active directory, this message will be shown

Adding the Access Point as a Radius Client

In IAS, you create a new RADIUS client and enter a shared secret.

Adding the IAS Server as a Radius Server on the Access Point

On the access point, the detail of the IAS server is entered.

Next we need to configure the Access Point to accept WPA clients and authenticate them to Radius. To do this, we first set encryption to WPA/TKIP.

Next we set the SSID to use Open Authentication and Network/EAP authentication. Network EAP is the better of the two, but Cisco have noted that ‘Some non-Cisco Aironet client adapters do not perform 802.1x authentication to the access point/bridge unless you configure Open authentication with EAP.’

We have already configured the RADIUS server, so we just use the default list. Under Key Management, we set it to mandatory and choose WPA. Accounting can also be enabled, and log on and log off events will be sent to the RADIUS server.

Configuring a Digital Certificate for the IAS Server.

If the server running IAS is already part of Active Directory, and there is a Certificate Server on the Active Directory Domain, the IAS server will already have a computer certificate installed. This can be verified using the Certificate Services MMC Span-In.

Open the Local Computer certificate store, choose Personal/Certificates and you should find a certificate matching the name of this computer. For example:

If you do not have a computer certificate, you need to obtain one via a certificate authority. This is not covered in this document.

Configuring IAS Wireless Policy

At this point we now need to configure the policy on the Radius server so that when a wireless device connects, the conditions that allow it to join the network are defined. The policies set will be to ensure the computer and user id supplied are members of the "Wireless Users" and "Wireless Computers" active directory groups.

User Access

The first policy to be created is for the user accounts that will be connecting to the wireless network. The wireless connection type will be defined and then the appropriate active directory security group will be specified.

In IAS Management console, create a new Remote Access Policy, select "Set up a custom policy" and enter "WFIC Wireless User Access" as the Policy name.

Now we add the conditions required for this remote access policy

Select Client-IP-Address, Add the IP address of the Wireless Access Point and click Ok

Select Windows-Groups and then click Add. Enter the wireless user groups "Wireless Users" and "Wireless Computers" as described earlier and click OK

Now we have completed the conditions for using this wireless policy. Click Next and grant remote access permission.

Now we have to specify the PEAP settings. Click Profile

Select the Advanced tab, highlight the Framed-Protocol (RADIUS Standard PPP) attribute and click Remove

Select the Encryption tab

Select the Encryption tab and remove all tick boxes, leaving only the Strongest Encryption (MPPE 128-bit) option ticked

Select the Authentication tab

Select the Authentication tab and click EAP Methods

Click Add to add an EAP type

Select PEAP and click OK. Now Click Edit to modify the PEAP type

Ensure that the certificate is the correct and ensure that MSCHAP is set as the EAP type

Back on the Authentication tab remove all other tick box options then click OK

You may see a message asking if you would like to view the online help to follow and configure dial-in settings

Click No and Next to continue. The wizard will now tell you the profile is complete and summarise the conditions and profile settings.

Computer Policy

Another policy can optionally be created for Domain Computers. The policy steps are identical to the steps outlined in the user policy except during the setting of policy conditions, you use the Active Directory group that the wireless computers are a member of.

Granting Active Directory Rights

The last step is to ensure that the user and computer accounts in Active Directory have rights to ‘dial in’ – which is Microsoft’s term for using Radius Authentication.

A user account needs "Control Access through Remote Access Policy" set.

A computer account needs the same setting.

Wireless Client Configuration Settings

This section only deals with the configuration of Windows XP Clients

Digital Certificate

Using PEAP, the WIFI clients do not need to use a digital certificate. Only the server uses one to identify itself to the client. However, the clients need to trust the certificate authority (CA) that issued the server certificate. To do this, the certificate of the CA needs to be added to the trusted certificate list on the client.

If the computer is a member of the Active Directory Domain, the CA certificate is likely already installed. This can be checked using the same steps defined in the section "Configuring a Digital Certificate for the IAS Server" except you go to the "Trusted Root Certification Authorities" store to find the CA certificate.

If the certificate is not installed and if the CA certificate Using Microsoft Certificate Services, it is easy to obtain and install it. The certificate can be installed by double clicking on the certificate file stored on a shared folder, floppy or USB device. Alternatively, the client can request the CA certificate from the CA website.

Wireless Networking Configuration

In the properties of the wireless network adapter, add a new wireless network, specifying WPA and TKIP

On the authentication tab, choose PEAP as the EAP type

Click Properties and tick ‘validate server certificate’ and ensure the CA that issued the server certificate is selected.

If the certificate authority is not listed above, than this machine does not trust it and it needs to be added to the trust list as per section titled "Digital Certificate"

Ensure ERP-MSCHAPv2 is selected at the ‘select authentication method’ list and click ‘properties’.

This dialog box allows you to select if XP will attempt user authentication based on the currently logged in user, or prompt for credentials to be entered. If this workstation is a member of the domain, and the user logs into it via a domain account, this should be ticked.

Click OK and OK again to return to the Wireless network properties screen.

If a computer authentication policy has been chosen as per section entitled "Computer Policy", tick the "Authenticate as computer when computer information is available".

At this point the wireless client should be able to connect to the wireless network if the user and computer credentials are valid. The event logs on the IAS server now will show detailed records of all wireless network authentication attempts including username, date/time, IAS policy used and whether access was granted or denied.

Below is a sample IAS log entry from an access point using the IP address 192.168.100.26 and an IAS policy called "AP Test".

Event Type:    Information

Event Source:    IAS

Event Category:    None

Event ID:    1

Date:        20/01/2006

Time:        4:45:07 PM

User:        N/A

Computer:    MYSERVER

Description:

User DOMAIN\some guy was granted access.

Fully-Qualified-User-Name = domain.net/MY Company/DOMAIN/Some Guy

NAS-IP-Address = 192.168.100.26

NAS-Identifier = bridge

Client-Friendly-Name = AP Test

Client-IP-Address = 192.168.100.26

Calling-Station-Identifier = 0013.ff10.427c

NAS-Port-Type = Wireless – IEEE 802.11

NAS-Port = 282

Proxy-Policy-Name = Default Connection

Authentication-Provider = Windows

Authentication-Server = <undetermined>

Policy-Name = Test – Wireless

Authentication-Type = PEAP

EAP-Type = Secured password (EAP-MSCHAP v2)

                      

No Tags

Like my posts on IT governance standards, I produced this training material some time back when I was doing a lot of IT security work. I’ve since moved onto other IT disciplines, but I hope that this article is of some use to those looking for an introduction to WIFI security. I have divided the material into two parts. The first half is background and theory, and the second half of a practical example.

I remember when writing it, my audience, although technically savvy did not a have a strong background in cryptography or security. So I tried to make it easy to read, rather than too technical. Not sure if I succeeded!

A Security Primer – Security Principles

The ISC2 common body of knowledge (CBK) is the basis for the Certified Information Systems Security Professional (CISSP) certification.

The CBK defines 3 major security principles known as the CIA triad: Confidentiality, Availability and Integrity.

• Confidentiality is the principle that information will not be disclosed to unauthorized subjects. Unauthorized Network sniffing is an example of a violation of confidentiality.
• Integrity is trust that can be placed in the information. Data integrity is having assurance that the information has not been altered between its transmission and its reception. Data integrity can be compromised when information has been corrupted, willfully or accidentally, before it is read by its intended recipient.
• Availability defines that information or resources are available when required and are accurate, relevant and timely. It is certainly possible that a confidentiality and integrity are protected, but an attacker causes resources to become less available than required, or not available at all, eg Denial of Service.

Identification, Authentication, Authorisation and Accountability

• Identification describes a method of ensuring that a subject (user, program or process) is the entity it claims to be
• Authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program.
• Authorisation is the process of verifying that a known person has the authority to perform a certain operation.
• Accountability, is synonymous with non-repudiation. The non-repudiation of receipt of information means that an agent can’t deny receiving information. The non-repudiation of sourcing information means that an agent can’t deny sending information.

Encryption, Integrity and Authentication: WEP vs. WPA vs. WPA2

WEP

Everyone who has ever site up wireless will know WEP. They will also likely know that WEP is a ‘bad thing’. Here we explain why WEP is now considered to be a very poor choice for wireless security and what was done to fix it.

The original Wired Equivalent Privacy (WEP) algorithm was used to protect wireless communication from eavesdropping. It uses predefined ‘WEP keys’ to encrypt the traffic using the RC4 encryption algorithm. It also ensures data integrity by using an "Integrity Check Value". This is 4 bytes and appended to the end of each packet.

One of several security problems with WEP is that using a static, unchanging WEP key means that brute force efforts can be undertaken to ‘crack’ the key by capturing enough encrypted packets. WEP also uses an Initialisation Vector (IV) which is used to ensure that text encrypted with the same encryption key translates to a different ciphertext value. Unfortunately, IV is too small and is vulnerable to attacks that make the IV easy to determine. In addition, the size of the key – 40 bits – has been cited as a weakness of WEP. When the standard was written in 1997, 40-bit keys were considered reasonable for some applications. Since the goal was to protect against "casual eavesdropping" it seemed sufficient at the time. The U.S. did not tightly control exports of 40-bit encryption, and the IEEE wanted to ensure exportability of wireless devices.

The WEP Integrity Check Value (a fancy name for a hash) is based on CRC-32, an algorithm for detecting noise and common errors in transmission. CRC-32 is an excellent checksum for detecting errors, but a poor choice for a cryptographic hash. Better-designed encryption systems use algorithms such as MD5 or SHA-1 for their Integrity Check Values. The CRC-32 Integrity Check Value has a weakness that allows an attacker to modify an encrypted message and easily fix the Integrity Check Value so the message appears authentic.

So in relation to encryption and integrity, WEP fares rather badly. How does WEP fare in the areas of identification, authentication, authorisation and accountability? Not well either.

WEP defines two forms of authentication: Open System (no authentication) and Shared Key authentication. These are used to authenticate the wireless client to the access point. The idea was that authentication would be better than no authentication because the user has to prove knowledge of the shared WEP key, in effect, authenticating himself. In fact, the exact opposite is true: If you turn on authentication, you actually reduce the total security of your network and make it easier to guess your WEP key.

Shared Key authentication involves demonstrating the knowledge of the shared WEP key by encrypting a challenge to the access point, and the access point successfully decrypting that challenge. The problem is that a monitoring attacker can observe the challenge and the encrypted response. From those, he can determine the RC4 stream used to encrypt the response, and use that stream to encrypt any challenge he receives in the future. So by monitoring a successful authentication, the attacker can later forge an authentication.

So with open authentication, any wireless device that knows the WEP key will be accepted by the access point.

Hence, WEP is now considered to be a very poor choice for WIFI security. In response, the Wi-Fi Alliance, an industry trade group, created a standard called Wi-Fi Protected Access (WPA).

WPA

At the time, elements of WPA were actually taken from a work in progress IEEE standard called 802.11i. 802.11i was a new, in development standard aimed at a new generation of devices and had no backward compatibility requirements for WEP, meaning completely new wireless hardware would have to be produced to take advantage of it.

Thus, WPA in effect an interim measure designed to work with the constraints of WEP based systems, so that rather than a wholesale change/removal of wireless hardware, customers could upgrade software and firmware to gain the benefits of WPA. This was an attractive proposition from the point of view of the device manufacturers as it reduced redevelopment costs. But was it enough?

WPA offered a set of new features to alleviate the problems of WEP. A protocol called TKIP was added to WEP encryption. TKIP has been designed to ‘wrap’ around WEP and improve the main security issues.

• The size of the IV has been doubled to 48 bytes which is also added to the MAC address and original WEP key per frame.
• TKIP offers ‘re-keying’, where multiple encryption keys are changed on the fly at a configurable timeframe (defaults to per 10000 frames).

(WEP alone uses the same encryption key. Thus with WPA, even if you managed to determine an encryption key, you have a very limited time in which you can use it to decrypt data before it changes again.)

WPA also has replaced the ICV with the Message Integrity Code (MIC) which eliminates some of the weaknesses with ICV.

CISCO and CKIP

While the WPA and WPA2 standards were being agreed to, Cisco added an extra feature to WEP to improve one of its major weaknesses – that of poor confidentiality via encryption. This is called the CKIP protocol. CKIP is a Cisco proprietary protocol that essentially does the same thing as TKIP does in WPA. This was designed to alleviate the immediate encryption concerns with WEP. CKIP however was not widely adopted as most vendors (Cisco included) opted to use the WPA standard as the interim measure.

WPA2

WPA2 is simply the complete 801.11i standard that was referred to earlier. It is actually very similar to WPA, as WPA used much of this standard. The main difference is the inclusion of the AES encryption protocol, which is an alternative to TKIP/WEP encryption. To support AES you need specialised hardware and thus require a new generation of wireless devices to support.

Advanced Encryption Standard (AES), also known as Rijndael, is an encryoption algorithm adopted as an encryption standard by the US government and is designed to replace the widely used by aging Data Encryption Standard (DES)

Frame integrity is now handled by a protocol called CCMP (with the simple name of "Counter Mode with Cipher Block Chaining Message Authentication Code Protocol"). CCMP is built around AES.

802.1x / EAP Authentication

Encryption is only part of the WIFI security picture. Even with an unbreakable encryption algorithm, if a malicious user was able to authenticate to the access point, they would be able to participate on the wireless network like any other authorised wireless client as the access point would exchange encryption keys with this seemingly ‘trusted’ client.

WPA/WPA2 adopted IEEE 802.1x / EAP authentication (WPA Enterprise), rather than re-invent the wheel. 802.1x was originally designed as a port based network access control that ensured that a user could not access the network unless authorised. Note the word "user", whereas WEP could only offer "system" authentication.

EAP is a complex standard described in detail later. However the IEEE did recognise that EAP added complexity and thus, added pre-shared keys for authentication (WPA Personal).

Note: Pre shared keys are common in IPSEC/L2TP for authentication as well.

WPA Personal

When WPA Personal uses pre-shared keys (PSK) for authentication, a common password or passphrase is configured on each wireless device and the access point. This is used to authenticate the client with the access point. Once this takes place, encruption keys can be exchanged and traffic can flow between client and access point.

However, if you do not make your pre-shared key long, you are susceptible to an offline dictionary attack where an attacker grabs a few packets at the time a legitimate station joins the wireless network and then can take those packets and attempt to recover the PSK used.

In addition, management of the PSK as the network grows becomes a major issue. It needs manual configuration on all WIFI clients. Thus, changing the PSK would be time consuming and result in downtime.

WPA Enterprise

WPA adopted 802.1x / EAP for authentication. EAP is an authentication framework, not a specific authentication mechanism. The EAP provides some common functions and a negotiation of the desired authentication mechanism. Such mechanisms are called EAP methods and there are a myriad of options and standards available. This flexibility has the disadvantage of being complex and difficult to understand the intricacies of every option.

The table below is a summary of the most applicable options. They are not the exhaustive list, but the others are not listed because they are either not applicable or are missing required features.

LEAP

The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary EAP implementation by Cisco Systems.

There is no native support for LEAP in any Windows operating system but is supported by third party supplicants (IEEE speak for client software). Support for other operating systems is unclear. This protocol is known to be vulnerable to dictionary attacks as it is based on shared secret passwords. Cisco still maintains that LEAP can be secure if sufficiently complex passwords are used.

EAP-TLS

EAP-TLS is an IETF open standard, and is well-supported among wireless vendors. It offers a good deal of security, due to using digital certificates and Public Key Infrastructure (PKI). Its main disadvantage is the management overhead to set up and maintain a PKI as well as client-side certificates. This factor has led to few deployments compared to other EAP solutions.

The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. A compromised password is not enough to break into EAP-TLS enabled systems because the hacker still needs to have the client-side certificate. When the client-side certificates are housed in smartcards, this offers the most secure authentication solution available because there is no way to steal a certificate from a smartcard without stealing the smartcard itself. Any physical theft of a smartcard would be immediately noticed and revoked and a new smartcard would be issued.

There are client and server implementations of it in Microsoft, Cisco, Apple, Linux, and open source. EAP-TLS is natively supported in MAC OS 10.3 and above, Windows 2000 SP4, Windows XP, Windows Mobile 2003 and above, and Windows CE 4.2.

EAP-TTLS and PEAP

EAP-TTLS and PEAP both do not use client side certificates. Instead they use PKI certificates only on the authentication server which is used to create a secure TLS tunnel to protect user authentication. PEAP was developed by Microsoft and Cisco and EAP-TTLS developed by Funk Software.

PEAP is natively supported in MAC OS 10.3 and above, Windows 2000 SP4, Windows XP, Windows Mobile 2003 and above, and Windows CE 4.2.

The server side implementation of PEAP/EAP-MSCHAPv2, called IAS (Internet Authentication Service), is also included in Windows 2003 server.

We will not discuss the differences between PEAP and EAP-TTLS here, except to say that PEAP has now overtaken EAP-TTLS in terms of popularity.

802.1x Components

802.1x consists of 3 main components.

• A client (supplicant)
• An ‘authenticator’ (access point)
• An ‘authentication server’ (RADIUS).

EAP is the mechanism used by all 3 components to communicate authentication information.

RADIUS Server

In a large wireless network, a means is required to provide central authentication for clients. A RADIUS server fills this need. The RADIUS protocol is the industry standard for AAA (Authentication, Authorisation and Accounting). Many Radius servers exist, and Microsoft provide a built in Radius Server with Windows Server called IAS which integrates with Active Directory. Other Radius servers can integrate with 3rd party authentication mechanisms (RSA keys and smartcards for example)

Bringing it all together

The key goal of any wireless network is to ensure confidentiality, integrity and availability. Without proper authentication, encryption is of limited value as it would be impossible to determine if the data has been tampered with.

802.1x / EAP provide the means to centrally manage who and what can access the wireless network. This also provides us with detailed accounting records of who or what has attempted to access the network (Accountability).

The mutual authentication offered by some EAP methods also means that a client can be sure that it is accessing the correct access point and not a malicious access point set up to lure clients into connecting to it and giving up sensitive information.

TLS and PEAP are the two best choices for wireless authentication. TLS offers more security than PEAP due to client certificates required as well as user credentials (two factor authentication). However PEAP is much easier to set up and deploy than TLS because you do not have to implement a PKI solution (which is a whole project in itself). In addition, when using an Active Directory integrated Radius server, authentication can be restricted to particular groups of users and computers and AD account lockout policies will be enforced.

If we combine this with the MAC address filtering and VLAN access lists described in section 2.1.4 we have a holistic solution that addresses the key security requirements.

We have:

• An encryption mechanism that changes keys frequently and is unique for each client, so that by the time you have brute forced a encryption key, it has already been discarded and a new key has been generated
• An authentication mechanism that requires the user to have a valid Active Directory user account, optionally a valid Active Directory Computer Account and optionally a valid client certificate issued by a trusted Certificate Authority (EAP/TLS)
• An authentication mechanism that ensures that the client can ensure that the access point it is connecting to is known and trusted via a server side digital certificate.
• An authentication mechanism that is centrally managed, so when users or computers are disabled they are unable to access all wireless services.
• Centralised location for logging of access requests and their outcomes
• Filtering so that only pre-defined MAC addresses can authenticate to an access point
• Access lists that ensure that the Wireless VLAN can only access authorised parts of the network.

In the next part to this post, we will discuss some additional security mechanisms for WIFI, as well as a WPA/PEAP example implementation.

                      

No Tags