WIRELESS SECURITY
AAFREEN SINGH STUDENT C.S.E DIET
ABSTRACT
SHILPI STUDENT C.S.E DIET
lower installation costs. Wireless technologies cover a broad range of differing capabilities oriented toward different uses and needs. Wireless local area network (WLAN) devices, for instance, allow users to move their laptops from place to place within their offices without the need for wires and without losing network connectivity. Less wiring means greater flexibility, increased efficiency, and reduced wiring costs. Ad hoc networks, such as those enabled by Bluetooth, allow data synchronization with network systems and application sharing between devices. Bluetooth functionality also eliminates cables for printer and other peripheral device connections. Handheld devices such as personal digital assistants (PDA) and cell phones allow remote users to synchronize personal databases and provide access to network services such as wireless e-mail, Web browsing, and Internet access. Moreover, these technologies can offer dramatic cost savings and new capabilities to diverse applications ranging from retail settings to manufacturing shop floors to first responders. However, risks are inherent in any wireless technology. Some of these risks are similar to those of wired
The document addresses wireless technologies that agencies are most likely to employ: wireless local area networks (WLAN) and ad hoc or—more specifically—Bluetooth networks. The document also addresses the use of wireless handheld devices. The document does not address technologies such as wireless radio and other WLAN standards that are not designed to the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard. These technologies are out of the scope of this document. Wireless technologies are changing rapidly. New products and features are being introduced continuously. Many of these products now offer security features designed to resolve longstanding weaknesses or address newly discovered ones. Yet with each new capability, a new threat or vulnerability is likely to arise. Wireless technologies are evolving swiftly. Therefore, it is essential to remain abreast of the current and emerging trends in the technologies and in the security or insecurities of these technologies. Again, this guideline does not cover security of other types of wireless or emerging wireless technologies such as third-generation (3G) wireless telephony. INTRODUCTION Wireless communications offer organizations and users many benefits such as portability and flexibility,increased productivity, and
7
networks; some are exacerbated by wireless connectivity; some are new. Perhaps the most significant source of risks in wireless networks is that the technology’s underlying communications medium, the airwave, is open to intruders, making it the logical equivalent of an Ethernet port in the parking lot. The loss of confidentiality and integrity and the threat of denial of service (DoS) attacks are risks typically associated with wireless communications. Unauthorized users may gain access to agency systems and information, corrupt the agency’s data, consume network bandwidth, degrade network performance, launch attacks that prevent authorized users from accessing the network, or use agency resources to launch attacks on other networks.
to connect a user’s computer to the network, a WLAN connects computers and other components to the network using an access point device. An access point communicates with devices equipped with wireless network adaptors; it connects to a wired Ethernet LAN via an RJ-45 port. Access point devices typically have coverage areas of up to 300 feet (approximately 100 meters). This coverage area is called a cell or range. Users move freely within the cell with their laptop or other network device. Access point cells can be linked together to allow users to even “roam” within a building or between buildings. Bluetooth Bluetooth has emerged as a very popular ad hoc network standard today. The Bluetooth standard is a computing and telecommunications industry specification that describes how mobile phones, computers, and PDAs should interconnect with each other, with home and business phones, and with computers using short-range wireless connections. Bluetooth network applications include wireless synchronization, e-mail/Internet/intranet access using local personal computer connections, hidden computing through automated applications and networking, and applications that can be used for such devices as hands-free headsets and car kits. The Bluetooth standard specifies wireless operation in the 2.45 GHz radio band and supports data rates up to 720 kbps.5 It further supports up to three simultaneous voice channels and employs frequencyhopping schemes and power reduction to reduce interference with other devices operating in the same frequency band. The IEEE 802.15 organization has
Wireless Standards Wireless technologies conform to a variety of standards and offer varying levels of security features. The principal advantages of standards are to encourage mass production and to allow products from multiple vendors to interoperate. For this document, the discussion of wireless standards is limited to the IEEE 802.11 and the Bluetooth standard. WLANs follow the IEEE 802.11 standards. Ad hoc networks follow proprietary techniques or are based on the Bluetooth standard, which was developed by a consortium of commercial companies making up the Bluetooth Special Interest Group (SIG). These standards are described below. Wireless LANs WLANs allow greater flexibility and portability than do traditional wired local area networks (LAN). Unlike a traditional LAN, which requires a wire
8
derived a wireless personal area networking technology based on Bluetooth specifications v1.1.
to the network and consumes network resources. Industrial and foreign espionage involves gathering proprietary data from corporations or intelligence information from governments through eavesdropping. In wireless networks, the espionage threat stems from the relative ease with which eavesdropping can occur on radio transmissions. Attacks resulting from these threats, if successful, place an agency’s systems— and, more importantly, its data—at risk. Ensuring confidentiality, integrity, authenticity, and availability are the prime objectives of all government security policies and practices. The information must be protected from unauthorized, unanticipated, or unintentional modification. Security requirements include the following: • Authenticity—A third party must be able to verify that the content of a message has not been changed in transit. • Non repudiation—The origin or the receipt of a specific message must be verifiable by a third party. • Accountability—The actions of an entity must be traceable uniquely to that entity. Network availability is “the property of being accessible and usable upon demand by an authorized entity.”
Wireless Security Threats The NIST handbook An Introduction to Computer Security generically classifies security threats in nine categories ranging from errors and omissions to threats to personal privacy. 6 All of these represent potential threats in wireless networks as well. However, the more immediate concerns for wireless communications are device theft, denial of service, malicious hackers, malicious code, theft of service, and industrial and foreign espionage. Theft is likely to occur with wireless devices because of their portability. Authorized and unauthorized users of the system may commit fraud and theft; however, authorized users are more likely to carry out such acts. Since users of a system may know what resources a system has and the system’s security flaws, it is easier for them to commit fraud and theft. Malicious hackers, sometimes called crackers, are individuals who break into a system without authorization, usually for personal gain or to do harm. Malicious hackers are generally individuals from outside of an agency or organization (although users within an agency or organization can be a threat as well). Such hackers may gain access to the wireless network access point by eavesdropping on wireless device communications. Malicious code involves viruses, worms, Trojan horses, logic bombs, or other unwanted software that is designed to damage files or bring down a system. Theft of service occurs when an unauthorized user gains access
Risks in wireless networks are equal to the sum of the risk of operating a wired network (as in operating a network in general) plus the new risks introduced by weaknesses in wireless protocols. To mitigate these risks, agencies need to adopt security measures and practices that help bring their risks to a manageable level.
9
To date, the list below includes some of the more salient threats and vulnerabilities of wireless systems • Malicious entities may gain unauthorized access to an agency’s computer or voice (IP telephony) network through wireless connections, potentially bypassing any firewall protections. • Sensitive information that is not encrypted (or that is encrypted with poor cryptographic techniques) and that is transmitted between two wireless devices may be intercepted and disclosed. • Denial of service (DoS) attacks may be directed at wireless connections or devices. • Malicious entities may steal the identity of legitimate users and masquerade as them on internal or external corporate networks. • Sensitive data may be corrupted during improper synchronization. • Malicious entities may be able to violate the privacy of legitimate users and be able to track their physical movements. • Malicious entities may deploy unauthorized equipment (e.g., client devices and access points) to surreptitiously gain access to sensitive information. • Handheld devices are easily stolen and can reveal sensitive information. • Data may be extracted without detection from improperly configured devices. • Viruses or other malicious code may corrupt data on a wireless device and be subsequently introduced to a wired network connection. • Malicious entities may, through wireless connections, connect to other agencies for the purposes of
•
•
•
launching attacks and concealing their activity. Interlopers, from inside or out, may be able to gain connectivity to network management controls and thereby disable or disrupt operations. Malicious entities may use a third party, untrusted wireless network services to gain access to an agency’s network resources. Internal attacks may be possible via ad hoc transmissions.
SECURITY MEASURES: Networks to be protected Wireless networks are very common, both for organisations and individuals. Many laptop computers have wireless cards pre-installed for the buyer. The ability to enter a network while mobile has great benefits. However, wireless networking has many security issues. Crackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into non-wireless networks. Network administrators must be aware of these risks, and stay up-to-date on any new risks that arise. Also, users of wireless equipment must be aware of these risks, so as to take personal protective measures. (a)
Home
Wireless
Threats
The need to secure traditional wired Internet connections was felt long before. However, there is a growing trend of shifting to a wireless connection at homes. This involves a process where the user connects a device to his DSL or cable modem that broadcasts the Internet connection through the air over a radio signal to his computer. If traditional wired connections are susceptible to
10
security tribulations, there is a great risk of security breach that may arise when a user opens his Internet connection to the airwaves. An unsecured wireless network coupled with unsecured file sharing can be disastrous. There are, however, steps one can take to protect the wireless network.
(vii) Check internet provider’s wireless security options as it may provide information about securing your home wireless network, (viii) Do not auto-connect to open Wi-Fi (wireless fidelity) networks
The following are some of the possible security steps:
(ix) Turn off the network during extended periods of non-use, etc.
(i) Make the wireless network invisible by disabling identifier broadcasting,
(b)
Public
Wireless
Threats
The risks to users of wireless technology have increased exponentially as the service has become more popular. Currently, however; there are a great number of security risks associated with wireless technology. Some issues are obvious and some are not. At a corporate level, it is the responsibility of the Information Technology (IT) department to keep up to date with the types of threats and appropriate counter measures to deploy. Security threats are growing in the wireless arena. Crackers have learned that there is much vulnerability in the current wireless protocols, encryption methods, and in the carelessness and ignorance that exists at the user and corporate IT level. Cracking methods have become much more sophisticated and innovative with wireless. Cracking has become much easier and more accessible with easy-touse Windows-based and Linux-based tools being made available on the web at no charge. IT personnel should be somewhat familiar with what these tools can do and how to counteract the cracking that stems from them. Accessing the internet via a public wireless access point involves serious security threats. These threats are compounded by the inability to control
(ii) Rename the wireless network and change the default name. (iii) Encrypt the network traffic,
(iv) Change administrator’s password from the default password. If the wireless network does not have a default password, create one and use it to protect the network, (v) Use file sharing with caution. If the user does not need to share directories and files over his network, he should disable file sharing on his computers. (vi) Keep the access point software patched and up to date, 11
the security setup of the wireless network. The following steps can be taken to protect oneself at public places:
proprietary company information is exposed and now there could exist a link from one company to the other. This is especially true if the laptop is also hooked to a wired network.
(a) Be careful while dealing in an online environment if the network is not properly secured. Avoid online banking, shopping, entering credit card details, etc,
(b) Malicious Association: “Malicious associations” are when wireless devices can be actively made by crackers to connect to a company network through their cracking laptop instead of a company access point (AP). These types of laptops are known as “soft APs” and are created when a cracker runs some software that makes his/her wireless network card look like a legitimate access point. Once the cracker has gained access, he/she can steal passwords, launch attacks on the wired network, or plant trojans.
(b) Connect using a virtual private network (VPN) as it allows connecting securely. VPNs encrypt connections at the sending and receiving ends, and keep out traffic that is not properly encrypted, (c) Disable file sharing in public wireless spaces as it is more dangerous than it is on your home wireless network, (d) Be aware of your surroundings while using a public wireless access point. If an internet connection is not essential, disable wireless networking altogether. III. Corporate security The network of companies are equally vulnerable to various cyber attacks and if not properly secured may cost the company tremendous loss of information and money. The following are the types of unauthorised access generally found at companies networks:
(c) Ad-Hoc Networks: Ad-hoc networks can pose a security threat. Ad-hoc networks are defined as peer to peer networks between wireless computers that do not have an access point in between them. While these types of networks usually have little security, encryption methods can be used to provide security.
(a) Accidental Association: Unauthorised access to company wireless and wired networks can come from a number of different methods and intents. One of these methods is referred to as “accidental association”. This is when a user turns on their computer and it latches on to a wireless access point from a neighboring company’s overlapping network. The user may not even know that this has occurred. However, this is a security breach in that
(d) Non-Traditional Networks: Nontraditional networks such as personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk. Even bar code scanners, 12
handheld PDAs,and wireless printers and copiers should be secured. These non-traditional networks can be easily overlooked by IT personnel that have narrowly focused on laptops.
off due to freeware such as LANjack and AirJack automating multiple steps of the process. What was once done by cutting edge crackers can now be done by less knowledgeable and skilled crackers sitting around public and private hotspots. Hotspots are particularly vulnerable to any attack since there is little to no security on these networks.
(e) Identity Theft (MAC Spoofing): Identity theft occurs when a cracker is able to listen in on network traffic and identify the MAC address of a computer with network privileges. Most wireless systems allow some kind of MAC filtering to only allow authorised computers with specific MAC IDs to gain access and utilize the network. However, a number of programs exist that have network “sniffing” capabilities. Combine these programs with capabilities. Combine these programs with other software that allow a computer to pretend it has any MAC address that the cracker desires, and the cracker can easily get around that hurdle.
(g) Denial of Service: A Denial-ofservice attack occurs when an attacker continually bombards a targeted AP or network with bogus requests, premature successful connection messages, failure messages, and/or other commands. These cause legitimate users to not be able to get on the network and may even cause the network to crash. These attacks rely on the abuse of protocols such as the Extensible Authentication Protocol (EAP). (h) Network Injection: The final attack to be covered is the network injection attack. A cracker can make use of AP points that are exposed to non-filtered network traffic. The cracker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even reprogramming of all intelligent networking devices.
(f) Man-In-The-Middle Attacks: A manin-the-middle attack is one of the more sophisticated attacks that have been cleverly thought up by crackers. This attack revolves around the attacker enticing computers to log into his/her computer which is set up as a soft AP. Once this is done, the cracker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent cracking computer to the real network. The cracker can then sniff the traffic for user names, passwords, credit card numbers...etc. One type of man-in-themiddle attack relies on security faults in challenge and handshake protocols. It is called a “de-authentication attack”. This attack forces AP-connected computers to drop their connections and reconnect with the cracker’s soft AP. Man-in-themiddle attacks are getting easier to pull
Conclusion The growing penetration of Internet in the day to day affairs of Indian society has both positive and negative effects. The positive side of this is the advent of e-governance and e-commerce in India. The use of e-governance will provide a transparent, accountable and hassle free citizen and Government interaction.
13
Similarly, e-commerce is also facilitated with the use of ICT. The e-commerce is a well known phenomenon of the global trade that is gaining momentum in India. However, neither e-governance nor ecommerce can be a success in India till we also secure these infrastructures. Any ICT infrastructure is ineffective till we are capable of securing and protecting it. It must be appreciated that the ICT infrastructure of a nation can exist only to the extent it can be protected from internal and external online attacks. This “need” becomes a “compulsion” due to the provisions of IT Act, 2000 that fixes both civil and criminal liability for failure to act diligently. Both the citizens and companies are required to establish a sound and secure ICT infrastructure to escape the accusation of lack of “due diligence”. The need of the hour is to secure both home based and publicly situated wireless networks. The same cannot be a reality in India till we take immediate steps in this direction. Every base needs time to mature and its deficiencies can be removed only after it is established and analysed. It is futile to wait for several years and then adopt and
establish a base that is unsuitable to Indian conditions. The ICT strategy of India must be “futuristic” in nature that must anticipate and adopt future developments and trends. We are following those trends that have been discarded long before by developed countries. We must concentrate on “originality” and devote our time, money and energy to security and forensics researches rather than blindly following foreign standards. It is high time for “innovation” and “futuristic efforts” and giving a final farewell to dependence upon standards and technology left by developed nations. REFERENCES 1. http://www.zdnetindia.com (ZDNet India Magazine Web site provides white papers, surveys, and reports on wireless network security) 2. Wireless Network Security 802.11, Bluetooth and Handheld Devices Tom Karygianni ,Les Owens 3. Norton, P., and Stockman, M.Peter Norton’s Network Security Fundamentals.
14