Wireless Security in Your
Enterprise
The fundamental premise of security in networked environments
is that no network is truly secure. Even a network that is not connected to the
Internet can be compromised if physical access can somehow be obtained. This
point further drives home the point that there is no perfect way to secure a
network.
To approach security, you need an awareness of the components
that determine how to secure your infrastructure while maintaining an attitude
of elevated paranoia. You should always assume that at some point in time there
will probably be an attempt to break into your network with the goal of
compromising intellectual property or disrupting your business.
Attacks don't necessarily come from the outside. Research from
the Computer Security Institute (CSI) and the FBI has shown that most security
attacks come from the inside of an enterprise: (http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml). (The
document is free after registering at the CSI website.)
These attacks can be intentional, such as a disgruntled
employee, or unintentional, as in the case where a computer is infected by a
virus. The unintentional act is more likely to happen and probably more
destructive. Armed with this state of healthy paranoia, you can strike the
delicate balance between how much you invest to secure your infrastructure and
the degree of difficulty an attacker needs to overcome.
Thinking Securely
The broadcast nature of a wireless network effectively raises
the importance of authentication, encryption, and
hashing. Starting with Authentication, you want to be sure
that only permitted parties can communicate with your APs. Because you are
effectively broadcasting your message over the ether, everyone can potentially
hear every communication. Encryption is, therefore, needed to ensure
communication privacy. Finally, the broadcast environment makes it relatively
easy to capture, modify, and resend a message. Hashing your messages will
address this problem.
Literature on information security typically uses the example
of communication between two people. This section does the same, using the
example of communication between Tony and Kelly. The specific security
challenges that Tony and Kelly face when communicating are
-
Tony and Kelly need to know that they are indeed communicating
with each other. This is known as authentication of the communicating parties.
-
Tony and Kelly want to be sure that only they can interpret the
message exchange. Encrypting the messages into
ciphers that only Tony and Kelly can decipher achieves this goal. Keys are used
to lock and unlock the messages. These keys can be static or dynamic, and
symmetric or asymmetric (Public/Private). The combination of the respective key
characteristics determines how secure the solution is but also the computational
cost.
-
Finally, Tony and Kelly want to be sure that the messages have
not been tampered with while the messages were in transit. This is achieved by
attaching a checksum (hashing) to the message
that is recomputed and compared upon receipt. If the checksum is the same, the
messages have not been tampered with.
It is not impossible to ensure secure wireless communications.
Securing WLANs is possible if done correctly. However, heightened awareness is
required to ensure that you don't overlook a critical component and thus create
a back door.
Note
It might not be possible for you to think like a hacker, but it
is not necessary, either. What is important is to establish a security posture
that identifies the parts of your network (or information that passes through
it) that are most sensitive and need protection.
Different Security Models
Depending on how you decide to combine the security elements
mentioned in the preceding section, different security models are appropriate.
This section describes the most commonly adopted models, which include the
following:
-
No authentication, encryption, or
hashing
-
Native encryption only
-
Native authentication only
-
User-based authentication
-
Machine-based authentication
-
Native encryption and authentication but no hashing
-
Authentication and encryption using overlay security solutions
No Authentication, Encryption, or
Hashing
By providing no method of authentication, encryption, or
hashing, your network is most open to attack. However, an attack doesn't
necessarily mean that an individual wants to break into your network with
malicious intent. It can also mean that an individual inadvertently attaches to
your WLAN and uses your network resources.
Even though this model leaves you most open to unauthorized use
of your WLAN, sometimes you will choose not to authenticate users or encrypt
data. One such situation is when you want to provide your guests with WLAN
connectivity.
Note
On occasion, little or no WLAN protection is available for
proprietary devices or unique operating systems.
Native
Encryption Only
Because WLANs use radio as a transmission medium, the first
line of defensephysical medium control and containmentas offered by wired
networks is not present. Indeed, LANs are somewhat protected by their physical
structure, with some or all parts in a building or underground. To provide some
kind of physical isolation similar to wired LANs, the 802.11b standard defined
the Wired Equivalent Privacy (WEP) security protocol. WEP intends to provide
some degree of privacy by encrypting the information between the radio
endpoints.
Because WEP was designed when WLANs were in their infancy, it
is not surprising to see that WEP turned out to be less effective than initially
expected. WEP does not provide true end-to-end security because it only operates
at the two lowest layers of the OSI model: the physical and data link
layers.
Note
Any time you expose a standard to the general community, you
risk compromising the standard because hackers can reverse-engineer the standard
to develop an exploit.
In addition, WEP uses a static symmetric key to encrypt the
data. The key's static nature is a challenge because key management becomes
complicated and a vulnerability is created that propagates to other parts of the
security chain. Key management challenges include
Finally, WEP employs a key length of 48 or 128 bits. Given the
continued and accelerated growth in computing power, standard desktops are now
capable of quickly breaking these keys through exhaustive searches.
Native
Authentication Only
Authentication and authentication protocols control access to a network. Keep in mind that authentication
does not secure the data that is transmitted on the network. Authentication
protocols are designed to ensure that the user or device that is attempting to
communicate is indeed whom it claims. It is analogous to a secured door in a
large office building. By swiping your identity card, you are "authenticating"
yourself. If the card is permitted access, the door is unlocked. Note that in
this analogy, the card is authenticated, not the person carrying the card.
Furthermore, the ID card does not provide security after you're inside the door.
As such, you can make the distinction between two forms of authentication: One
is authentication of the user, and the other is authentication of the device.
User-Based Authentication
User-based authentication is probably the most common form of
authentication deployed in today's enterprises. Users are given a password that
only they are supposed to know. A system challenges the user to provide a
username and password. After the pair is checked against a corresponding
database, the user is either granted or declined access.
This method's considerations and challenges include password
strength and password management. Because in-depth coverage falls outside of the
scope of this book, refer to other resources, such as Security and Usability: Designing
Secure Systems That People Can Use by Lorrie Faith Cranor and Simson
Garfinkel (O'Reilly Press, 2005), if you are interested in learning more.
Machine-Based Authentication
Machine-based authentication goes a step further and verifies
the identity of the devices that attempt to join your WLAN. Machine-based
authentication is credential-based with the credential hard-coded in the device.
This credential is a password of sorts for the machine. Like a person, the
machine must be registered to be able to use the network. This credential is
either derived or stored locally, or it can be dynamically assigned.
These methods will vary in complexity, but all are tied to an
authentication service that is present in the core infrastructure.
Native Encryption and Authentication But No Hashing
The most common mechanism used by enterprises to secure WLANs
is the incorporation of both encryption and authentication. Both can be provided
in numerous ways. Authentication and encryption have evolved to combat numerous
attacks, vulnerabilities, and protocol shortcomings. This evolution has also
increased their complexity.
Data encryption can be achieved in many ways. Encryption can be
performed using either symmetric or asymmetric, that is public/private, key
pairs, and the keys can be either statically or dynamically assigned. Asymmetric
keys are typically harder to break because it requires more computational
horsepower. Similarly, dynamically assigned keys generate more computational
overhead. However, the automation greatly simplifies key management. As the
computing power of clients has increased, the encryption on the WLAN has evolved
from the simple but hard to manage WEP to complex but easy to manage
certificate-based key pairing. The later section "Encryption" will go into more detail
on this subject.
Authentication and Encryption Using
Overlay Security Solutions
Overlay security solutions employ higher levels of the OSI
model to secure communications. Even at these higher levels, the same basic
security features exist: encryption, authentication, and hashing. However, given
the availability of additional information and embedded intelligence, the result
is a higher degree of security sophistication. As such, Virtual Private Networks
(VPN) and generic routing encapsulation (GRE) tunneling provide a more secure
form of end-to-end communications. Both solutions work on the premise that a
secure virtual communications tunnel is constructed between the communicating
endpoints through which all data is securely sent. The use of an overlay
security solution can sometimes cause disruption because the "tunnel" is a
virtual point-to-point connection that needs to be reestablished anytime the
connection is broken. Overlay solutions can also cause an added burden to the
user or administrator. The user must complete an additional layer of security
(setting up a VPN), and the administrator needs to manage all the virtual
tunnels.
Note
GRE tunnels are not the means of encryptionthey are only the
logical manner in which encrypted traffic is routed in the network. For the GRE
tunnel to be encrypted, it requires an underlying protocol, such as IPSec or
3DES. Both are commonly used for encryption today.
No WLAN
Although it is not practical, not allowing the use of WLANs is
one way to consider handling the issue of security. This book is an advocate of
deploying WLANs when they make the best business sense. In this case, "no WLAN"
should mean "No WLAN at this time." | 
Sections
Archive
Syndication
