homepage security

WLAN Security Cheat Sheet

WARNING: Installing an access point in your office is like putting your switch in the parking lot!

4 Components of Wireless Security:

1. Authentication
-    MAC filtering
-    Shared key
-    802.1x with EAP

2. Data Encryption
-    WEP
-    TKIP
-    AES-CCMP at layer 2
-    IPSec at layer 3

3. User Access Control
-    Dynamic VLAN
-    User policies

4. Monitoring
-    syslog
-    Authentication Intrusion Detection
-    SNMP traps
-    Usage Reports

Static WEP:
-    very weak & easily cracked
-    based on RC4 with small Initialization Vector

Dynamic WEP:
-    uses 802.1x for strong authentication and rotates unique WEP keys for every user per sessions
-    with timed key rotation is well suited for enterprise

-    uses 802.1x for strong authentication
-    Temporal Key Integrity Protocol (TKIP) provide unique keys for every packet
-    MIC provide strong message integrity checking
-    larger Initialization Vector
-    not all NIC support

WEP: <-cracked
- encryption algorithm: RC4
- key length: 40 bit (required) 128 (optional)
- packet integrity: CRC32/MIC
- device authentication: none
- user authentication: none

- centralized authentication and dynamic key exchange
- EAP packets carried at layer 2, embedded in RADIUS command


mobile device ~~~~~~~~~~~~~ access point ------------ RADIUS server

             <---EAPOL---->             <---RADIUS--->

             <----- EAP-(TLS, TTLS, PEAP, LEAP) ----->

Types of 802.1x EAP Protocols:

EAP-MD5: base requirement, does not support WEP rotation
LEAP: Cisco’s proprietary lightweight EAP <- cracked
EAP-TLS: IETF standard, requires certificates on client device
EAP-TTLS: IETF draft (funk), does not require certificates on client device
PEAP: IETF draft (Cisco, M$, RSA), does not require certificates on client device

To be continued…

homepage $Date: Sun May16 18:47:50 CET 2004 $ © 2003-2004 Omar Gani