Last week, I had the pleasure of attending Wi-Fi Planet’s conference in Toronto. This series of conferences is being held at a variety of locations worldwide (visit http://www.jupiterevents.com for dates and locations).
What I find most disconcerting about large conferences (those with thousands of attendees) is that focus and direction are most often lost. Yet specialization is becoming the norm in computer and network technology these days; not everyone can do everything. Luckily, this conference and its workshop sessions strictly revolve around aspects of Wi-Fi networking, with special attention given to Wi-Fi security specifically.
Being one of those security types, I made it a point to visit the Security Workshops on the first day. These sessions by Diana Kelley of Computer Associates and Lisa Phifer of Core Competence, were full of hands-on advice in setting up and configuring secure wireless networks. But it wasn’t limited to laptops either.
As I peered around the room, I saw numerous PDAs clicking along with many of the scanning experiments. Attendees were exposed to some of the ways that attacks slip in and how vulnerable information is. As many in the security industry, we are exposed to the risks that wireless technologies pose on a daily basis; still many administrators are sometimes unaware of these risks.
Given the vast amount of information presented, this workshop could have easily been a two-day event in and of itself. The workshop began with an understanding of 802.11 and general security concerns. These security concerns dealt with eavesdropping, MITM (Man in the Middle) attacks, rogue connections, spoofing, unauthorized access, DoS attacks, disconnection attacks, jamming and many others.
Methods of mitigating or preventing these issues were also highlighted along with methods of determining existing risks to Wi-Fi networks through the use of test tools like AirMagnet, AirSnort, NMap, and others. Network discovery tools that attackers might use (and that administrators could use to see what attackers see) included Aerosol, Kismet and Netstumbler; tools that are definitely in use by attackers as war driving aids.
Also highlighted was traffic analysis. Sometimes done as intrusion detection, traffic analysis can give you insights into performance issues as well as expose potential “no-no” activities.
Common open source tools like AirTraf and Ethereal were mentioned as well as tools like AirScanner Mobile Sniffer, Network Chemistry Packeteyzer and WildPackets’ AiroPeek. These sniffers can help pick up attackers using MITM techniques, associating and disassociating with APs and other activities. The workshop also delved into how to detect foot-printing techniques.
This, of course, leads to the concept of wireless IDS. I actually wasn’t aware that there were specifically made WIDS available. Given the lack of attention often given to wireless security, I had always figured that it was coming but wasn’t quite here yet.
Although not here in overwhelming numbers yet, there are certainly some options out there. AirMagnet has crafted its own product along with AirDefense, Computer Associates, WildPackets and Newbury. One open source project, perhaps the first open source WIDS out there, is WIDZ. The website’s name alone is worth the visit.
Page 2: Securing WLANs, Tracking Attackers and Pam (yes, the cooking spray) to the rescue!
Securing WLANs, Snaring Attackers and Pam (yes, the cooking spray) to the rescue!
The second portion of the workshop included a look at securing a WLAN. Through the use of some of the previously mentioned tools (particularly AiroPeek and AirMagnet), performance and security issues could be dealt with. The workshop also looked at the new WPA (Wi-Fi Protected Access). This relatively new security mechanism/band-aid was introduced early last year.
It is an interim step, if you will, between existing 802.11 security and the expected 802.11i level of security. In order to enable this, users will need a card and AP that supports it along with an OS patch/upgrade. The very existence of this new option showed that Wi-Fi doesn’t necessarily have to mean insecure. This might be enough to help companies that were leery about using Wi-Fi in their day-to-day business. (For more information on WPA, visit the Wi-Fi Alliance’s Website: http://www.wifialliance.com/OpenSection/protected_access.asp)
Eavesdropping also got its share of attentions as well as VPNs and other encrypted tunneling methods, plus the benefits and drawbacks to each. Call me old-fashioned, but I prefer the old SSH tunneling method. Of course, this has the drawback of not having multiple port options.
The last part of this workshop looked at the use of better access controls. Through the use of SSL, user authentication can be better encrypted and secured. Additionally, managing simple options for Aps, such as MAC controls and VLANs, identified ways to mitigate the “rogue station” problem.
Even simple, common sense concepts were brought to light such as changing a shared key regularly, ensuring that the key is not simple (multiple character types) and using a shared key to begin with. Lastly, we looked at various authentication methods such as EAP-TLS, EAP-TTLS, LEAP/Cisco-EAP and PEAP and how to choose the right one for an enterprise. If one wished to get fancy, one could include PKI as an option as well.
Now, remember, all of this was covered within was just the first day of a three-day conference!
The next day saw presentations on how to track down attackers through the use of tools from Airespace and Newbury Networks. It’s interesting that over the airwaves, you are actually better able to physically track down attackers, as they often need to be within a certain range of your network, unlike the wired equivalent.
This particular ability is best served, in my opinion, through the use of a good handheld. Handhelds lend themselves better to RF triangulation and RF fingerprinting since they are lighter and far more portable than even the slimmest laptops. The laptop I use, a Panasonic CF-48, weighs around 8 lbs. Even if the battery worked properly, this wouldn’t be that portable of a portable.
Then came a session on securing hotspots.
Now, hotspots are supposed to be open environments set up by businesses for use by their customers and guests. Large companies like McDonald’s and Starbucks have done this as part of enhancing their customers’ visits to their locations (and as a way to keep people in their establishments and buying more burgers and lattes, respectively). One of the best methods of helping to mitigate some of the risk is to limit what guest users are allowed to do over the network and, of course, enabling a firewall where the wireless network meets the wired one.
Out of all the sessions I saw on the third day, I was surprised as to the one I enjoyed the most. I’m an admitted security geek. If I’m not looking at ways to defend machines, I’m looking for ways that attackers break in so that I can build suitable defenses.
So going to a session on outdoor wireless networks may seem silly, but when you live in a country like Canada, administrators sometimes have to configure setups that just aren’t the norm. The best tidbit? To keep your AP from accumulating ice, spray it with Pam (yes, the cooking spray).
Perhaps the simplest solutions are the best.