INTRODUCTIONWireless Protocols802.11a802.11b802.11d802.11g802.11i802.1XBluetoothPhysical Wireless ConfigurationWireless Security ChecklistsLevel 1 -- Default “out of the box” installationLevel 2 -- Closed mode with EncryptionLevel 3 -- Virtual Private Network (VPN) high securityVirtual Private Network configurationAnalysis of Security SoftwareNetStumblerMiniStumblerKismetKisMACEtherealAirSnortWEPCrackOther Wireless Security ProgramsOther useful Wireless Security EquipmentWireless Intrusion ExperimentConclusionDefensive Strategies for Establishing a Secure Wireless Network (December 2003) Captain Jay A. Crossler, United States Air Force Abstract—This paper recommends configuration procedures to be used for securing a Wireless Local Area Network (WLAN), and details possible methods and software that could be used to attack such configurations. The procedures are based on an experiment testing how vulnerable 30 local WLANs are to intrusion with security tools freely available from the Internet. This paper also details the ease of penetrating 28 of the local wireless systems, and should illustrate that wireless users are not adequately securing their systems. This paper is presented as a high-level overview of current known wireless vulnerabilities, specifically those within the IEEE 802.11b implementation. A description of the intrusion tools used along with an evaluation of their usefulness in testing WLAN security is also presented. Index Terms— Computer Security, Radio Communication, Wireless LAN. I. INTRODUCTION wT here are many recommended procedures for securing a ireless network. Most of the commonly proposed ones from technical magazines, websites and product brochures are worthless in terms of security. This paper will present a comparison of three separate wireless configuration methodologies and show how seven wireless vulnerability “hacking” tools can assault each configuration. This project began small and quickly grew in scope and complexity. My original goal was to create a small map of local wireless networks and attempt to compare various wireless network vulnerability assessment tools against them. I was quickly overwhelmed at the number of wireless networks around, and amazed at the almost complete lack of security on any of them. I decided that a better use of this paper would be to also provide an optimal secure wireless configuration method to recommend to users of wireless systems. Manuscript received December 6, 2003. This work was NOT sponsored or condoned by the US Air Force or the Defense Information Systems Agency. It is entirely a personal exploration of the level of information security within a small uncontrolled test population accomplished for a research project and not under the auspices of the US Government. J. A. Crossler is with the Defense Information System Agency, Pentagon, VA 22202 USA (corresponding author to provide phone: 703-693-3598; fax: 703-692-2587; e-mail: [email protected]). My initial use of wireless underscores the importance of security. When I first plugged in my wireless router and network card, everything immediately worked without requiring any configuration beyond inserting a disk with LAN card drivers. I was connected, right out of the box! I soon noticed that whenever I surfed the web (and generated wireless traffic), the light on my router indicating wireless activity did not flash. I was also slightly confused -- I didn’t recognize the name of my wife’s computer on our windows network neighborhood. After double-clicking on a shared drive on this computer, it opened to a directory with a file named “My Microsoft Money.mny.” Opening this revealed it to be the bank accounts, account pass codes and complete financial records of my neighbor! I quickly shut down this connection, knocked on his door and explained that his bank accounts were completely visible to the world. Together, we added some security to his network (and relocated all of his account information to a computer with no external connection). This first foray into wireless networking opened my eyes to the dangers of this technology. Most users of personal wireless systems have left their computers completely vulnerable to the world. I have catalogued 30 different local wireless networks over a 1-month period. 23 of the systems have not changed their default wireless router password. Once an attacker has access to a router’s password, they can setup a proxy and can interject send any information they desire (a Trojan Horse file embedded in a web page that looks like their homepage works well). Three of the networks had changed the default password and disabled network name broadcasting. Four had enabled the 64 bit Wireless Encryption Protocol. Only two of these used any further protection (they used 128 bit WEP1 keys, and could possibly also be also using a VPN for extra encryption). With freeware tools, I successfully gained read access to traffic on 28 out of these 30 systems. 1 WEP (Wireless Encryption Protocol) is a component of the IEEE 802.11 Wireless LAN standard. Its primary purpose is to provide for confidentiality of data on wireless networks at a level equivalent to wired LANs. This is accomplished by encrypting data with the RC4 encryption algorithm.Jay A. Crossler Defensive Strategies for Establishing a Secure Wireless Network (Dec 03) Page 2 For legal and ethical reasons, I did not look at any files beyond the initial un-encoded packet or shared directory structure without also notifying system owners of my intent. II. WIRELESS PROTOCOLS Wireless Local Area Networks (WLANs) protocols are defined within the IEEE 802.11 standards group. Each protocol has a sub-committee or sub-group that defines it. Most wireless equipment being sold today is advertised as following the 802.11a, 802.11b, 802.11g or 802.11i protocols. A. 802.11a IEEE 802.11a is the standard for high speed WLANs in the 5 GHz band of the radio spectrum. The standard defines data rates from 6-54 Mbps with 6, 12 and 24 Mbps required for any implementation. WEP provides security for 802.11a. Hardware transmission devices for 802.11a are costly and consume a greater amount of power than other standards. They are also more susceptible to blocking by walls. As equipment using this frequency is becoming scarce, some networks are using this standard as a means of
View Full Document
Unlocking...