|
|
WLAN Security Cheat SheetWARNING: Installing an access point in your office is like putting your switch in the parking lot! 4 Components of Wireless Security: 1. Authentication - MAC filtering - Shared key - 802.1x with EAP 2. Data Encryption - WEP - TKIP - AES-CCMP at layer 2 - IPSec at layer 3 3. User Access Control - Dynamic VLAN - User policies 4. Monitoring - syslog - Authentication Intrusion Detection - SNMP traps - Usage Reports Static WEP: - very weak & easily cracked - based on RC4 with small Initialization Vector Dynamic WEP: - uses 802.1x for strong authentication and rotates unique WEP keys for every user per sessions - with timed key rotation is well suited for enterprise WPA (TKIP/MIC or AES-CCMP): - uses 802.1x for strong authentication - Temporal Key Integrity Protocol (TKIP) provide unique keys for every packet - MIC provide strong message integrity checking - larger Initialization Vector - not all NIC support WEP: <-cracked - encryption algorithm: RC4 - key length: 40 bit (required) 128 (optional) - packet integrity: CRC32/MIC - device authentication: none - user authentication: none 802.1x: - centralized authentication and dynamic key exchange - EAP packets carried at layer 2, embedded in RADIUS command SUPPLICANT AUTHENTICATOR AUTHENTICATION SERVER mobile device ~~~~~~~~~~~~~ access point ------------ RADIUS server <---EAPOL----> <---RADIUS---> <----- EAP-(TLS, TTLS, PEAP, LEAP) -----> Types of 802.1x EAP Protocols: EAP-MD5: base requirement, does not support WEP rotation LEAP: Cisco’s proprietary lightweight EAP <- cracked EAP-TLS: IETF standard, requires certificates on client device EAP-TTLS: IETF draft (funk), does not require certificates on client device PEAP: IETF draft (Cisco, M$, RSA), does not require certificates on client device To be continued… |
|
$Date: Sun May16 18:47:50 CET 2004 $ | © 2003-2004 Omar Gani |