Who should be concerned about WLAN security?

smileybloatΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

100 εμφανίσεις


Wireless Local Area Network Security



Wireless LANs (local area networks) are used in a wide variety of homes and home
offices, small and medium size businesses, as well a
s large, multi
-
location enterprises.


Agere Systems ORiNOCO


wireless networks, like m
any

other modern wireless
networks, are compliant with the Wi
-
Fi™ (Wireless Fidelity) standard.

Part of the Wi
-
Fi
standard includes a security protocol called WEP


Wireless Equivalent Privacy. Lately
there have been many ne
ws articles and research papers discussing WEP security
problems.


Many of these are valid. WEP was designed to only be the “gatekeeper” at the door.
However, to successfully intercept and crack wireless LAN keys requires locating and
compiling several di
fferent programs together, and then, after doing that, intercepting
enough data to actually crack the codes. Depending on how someone uses their
network, this could take a good deal of time.


Agere has been actively working on improving the WEP implementat
ion to block the
most successful attack method
s
.

We

have developed a software patch and have tested
it in our labs. This new patch for users of Agere Systems ORiNOCO will be distributed to
our major OEM customers and be available as a free download from

our web site
www.orinocowireless.com
.


Even though wireless LAN uses radio waves that can penetrate most walls and floors,
effective range is about 200 to 300 feet. Hackers who want to crack a system will
have
to physically position themselves close

to the home or business to get access. To restrict
access by outsiders, it makes sense to position your access point or wireless gateway in
the center of your building or home, rather than near windows.


Who s
hould be concerned about WLAN security?


It depends on how the wireless LAN is used. If an individual is not sending confidential
documents, there is little reason for someone to target them or their business. In addition
most Internet transactions are al
ready protected by SSL (secure socket layers) so even
if the info is intercepted, this transaction info is additionally encrypted.


Concerned home and small business owners can also utilize a few precautions. They
shouldn’t tell strangers about their wirel
ess networks or give out the access keys. They
should make sure that important files and folders are password protected. They should
turn Windows sharing off on sensitive files and directories. After setting up the wireless
network, they should change the
default passwords and network names provided by the
manufacturer. Create your own and use those instead. They can also use third party
encryption programs as well. There are many inexpensive or even free encryption
programs available that are almost unbrea
kable.


They can also use hardware or software firewall systems to make it more difficult for
hackers to retrieve data from the networked computers.


Most importantly th
ough, they should turn WEP encryption on. Various reports claim that
80

percent

to 90
percent

of all wireless networks are open, without any encryption at all.
Some public locations like coffee shops and airport waiting lounges are left open on
purpose to make accessing the network as easy as possible. Unfortunately, many
people and small
businesses simply forget or don’t know how to turn on basic 64
-
bit
WEP encryption.


Concerned users should change their keys regularly. If a user generates lots of wireless
traffic and confidential data, the Wireless Ethernet Compatibility Alliance (WECA)

recommends changing the WEP security keys on a daily or weekly basis. In addition,
Agere Systems provides a more secure 128
-
bit RC4 encryption level in most ORiNOCO
wireless network products. These 128
-
bit keys can also be changed regularly to
maximize s
ecurity.


What Should Enterprises and Big Companies Do?


Larger companies need to implement end
-
to
-
end security (VPNs, RADIUS, etc.). The
wireless link between an access point and the end users is only one small part of a
secure network. They can impleme
nt VPNs, firewalls, SSL, data encryption, manage
and change WEP keys and SSID (Service Set ID) names, and use MAC access control.


There are numerous types of Virtual Private Networks (VPNs) that can operate over a
wireless network and create a secure In
ternet tunnel from the end user back to their
corporate network. VPNs are strongly recommended for use travelers and remote
workers connecting back to their corporate networks, or even by staff working wirelessly
within the corporate facility.


The MAC a
ccess control feature uses lists of the various employees’ Ethernet MAC
addresses and helps provide protection against unauthorized network access. If their
MAC address is not on the list, they will not be able to access that specific wireless
network.


F
or an additional level of security, networks should be set up as a closed system. A
network name (SSID) is assigned to each user based on a shared secret. The access
control mechanism then operates in the closed network mode, which means that the
SSID is

not included in the beacon message and is not broadcast freely in the air.


For customers and businesses that determine they need advanced levels of security for
their wireless networks, products like the Agere Systems ORiNOCO Access Server 2000
(AS
-
200
0)
provide per user, per session encryption and Automatic Individual Encryption
Key Management, which generates a new, unique session key each time a user logs on
to the network. This system also supports roaming workers and provides unbreakable
security e
ven as they travel from one part of a facility to another.


The
AS
-
2000 also works with a RADIUS server to provide triple AAA (Authorization,
Authentication and Accounting). This enables IT managers to set up their wireless
network to only allow authorized

individuals (with a password and current account
status) to access the network.


Because the ORiNOCO A
S
-
2000 uses an alternate type of RC4 encryption, it is immune
to the WEP attacks as
discuss
ed in the papers from the Weizmann Institut
e (presented
in Toronto August 16/17) and the August AT
&
T
Labs
paper.


In addition, the IEEE

is working with the industry’s leading security specialists on a
security extension for the current WEP standard, which will address open issues and
provide further levels of security. The extension is expected later this year.


The major weakness of WEP based WLAN systems is their reliance on a single, static
WEP key that is shared among all the users. By using more advanced key control
techniques,
IT Managers can help defend their networks from attacks. They can use
RADIUS based systems like the Agere Systems
a
ccess
s
erver that control who gets on
the network
and

provide

advanced WLAN encryption that creates per session, per user
keys.



They can also utilize the new 802.1x security protocol that can change the WEP key on
a frequent basis and greatly reduces the risk of interception. 802.1x is supported with
the new Microsoft Windows XP operating system and is expected to also be supp
orted
under other older Windows operating systems.


By using 802.1X in combination with Agere Systems unique access point (AP
-
2000)
technology, IT managers can set up their wireless networks to provide an additional
provisionable re
-
key interval on top of

the provisionable re
-
authentication interval. After a
new station has authenticated, the
a
ccess
p
oint will automatically re
-
key all of the
stations at the provisioned frequency. In other words, the network can be set up to
check the status and authoriz
ation of all the network's active users on a regularly
scheduled basis (once every 2 hours or so). Using a separate schedule, the network can
also be set to change the encryption keys as well (once every 15 minutes).


This combination of ongoing authoriz
ation reviews and changing encryption keys can
make it very difficult for a hacker to successfully intercept confidential information.






September 2001