Security is a top concern for all WLAN network deployments. As with any wired network, WLAN security focuses on data privacy and access control. The security of WLAN networks can be divided into two main components:
Authentication: Strong authentication mechanisms enforce access control policy to allow authorized users to connect to the wireless network.
Encryption: Data encryption helps ensure that only authorized recipients understand the transmitted data.
WLAN networks are widely deployed today and have become frequent targets for unauthorized access as well as a means to break into the internal network without having to connect through the wired network. WLAN networks are prone to unauthorized access as data is transmitted over the air on unlicensed frequencies, and if not encrypted, any intruder can intercept the open radio frequency range and view the data.
Using packet-sniffing software, data transmitted over the air can be easily intercepted within any unencrypted wireless network, and all contents can be viewed. In addition, the intruder can gain unauthorized access to internal networks or access to free Internet.
Most vendors are shipping wireless products with an "open-access" policy—that is, with no security features enabled by default. Although an open-access policy is suitable for public locations, such as hot spots, airports, coffee shops, and other free access zones, it is not feasible for private and enterprise networks. Wireless security features must be enabled to safeguard networks from being exposed to unauthorized access and wireless threats and attacks.
These and other security concerns have caused organizations to avoid WLAN network deployments, regardless of the numerous benefits that they provide. Securing a WLAN network is not difficult, as long as proper security solutions are selected and applied. Cisco Unified Wireless Network provides a comprehensive solution to security a WLAN network.
The following features and technologies are available to secure WLAN networks:
Service Set Identifiers (SSID)
MAC authentication
Client Authentication (Open and Shared Key)
Static WEP
WPA, WPA2, and 802.11i (WEP enhancements)
802.1x and EAP
WLAN NAC
WLAN IPS
VPN IPsec
SSID is an arbitrary ID or name for a wireless LAN network that logically segments the subsystem. SSID provides basic access control mechanisms. All wireless devices in a specific WLAN subsystem require attachment through the SSID to bind with the WLAN network. Although SSID is not designed to be used as a security mechanism, nor does it provide data privacy or authentication, it can prevent unauthorized access to clients that do not have the valid SSID to connect to the WLAN network.
By default, an AP will broadcast its SSID in plain text to all wireless devices in the frequency range. Network sniffer tools can be used to eavesdrop on over-the-air transmission and capture SSID beacon messages to determine whether the SSID is used in the network. Therefore, it is recommended that you disable the SSID broadcast option. Network administrators should provide the SSID information to authorized wireless users to allow connection to the wireless network AP.
Although disabling the SSID broadcast may prevent someone from inadvertently connecting to your network, it is not an effective security mechanism. Disabling SSID broadcasting also breaks the Windows Wireless Zero Configuration feature. Disabling SSID does not provide complete protection from unauthorized access because some packet-sniffing software can monitor network transmission over the air to discover and learn the correct SSID in use.
Another common feature is the use of MAC address-based authentication. MAC-based authentication allows network access to known MAC addresses. The access point verifies the client MAC address against a locally configured list of allowed addresses or against an external authentication server. Access points can be preconfigured with all the wireless client MAC addresses in the MAC table that is maintained on the access point. When a client requests association to the access point, the MAC table is checked, and if the MAC address of the client matches, the authentication is successful. The client is associated to the access point and can transmit data through the AP. MAC-based authentication is very simple to configure, and most wireless vendors, including Cisco, support this feature. Note that the MAC authentication feature can be easily circumvented by using a MAC spoofing technique, in which the attacker sniffs your currently associated MAC address and spoofs it to get associated connection information, which results in an unauthorized connection. There are several techniques to combat MAC spoofing, as discussed in Chapter 7, "Attack Vectors and Mitigation Techniques."
Note
MAC authentication is not specified in the IEEE 802.11 standard, but many vendors, including Cisco, support it.
The IEEE 802.11 standards support the following client authentication mechanisms that provide a rudimentary level of access control:
Open authentication: In addition to SSID, open authentication can be implemented to provide an additional layer to the access control on the access point. Open authentication involves the use of wired equivalent privacy (WEP) keys, which allow authorized clients with the correct WEP key to associate with access points and transmit and receive data through the access points.
Shared-key authentication: Shared-key authentication is similar to open authentication, but in this case the access point sends the client a challenge packet. The client replies to the challenge packet by encrypting it with its WEP keys. If the WEP keys are correct, the access point will be able to decrypt the packet, and the client will be associated to the access point and be able to transmit and receive data through the access point. Without the correct WEP keys, authentication will fail and the client will not be able to associate with the access point. Shared-key authentication is not considered very secure because the intruder can sniff both the clear-text challenge packet and the encrypted challenge reply with a WEP key and decipher the WEP key.
Static WEP is another common type of client authentication. A static WEP key is composed of either 40 or 128 bits that is statically defined by the user on the access point and on all individual wireless clients that need to associate with the access point. This approach is not very scalable because it requires entering the static WEP key on each wireless device in the WLAN network. A static WEP key can be sniffed using tools such as AirSnort and deciphered. The attacker must capture enough packets with a weak initialization vector to computationally compute the WEP key.
Enhancements are required to mitigate the WEP vulnerabilities that were discussed in the previous section. The IEEE group introduced the 802.11i standard to include two encryption enhancements for all known WEP vulnerabilities in the original 802.11 security implementation:
Temporal Key Integrity Protocol (TKIP): An IEEE 802.11i standard that provides software enhancements to the RC4-based encryption algorithm used in WEP. TKIP enhances the WEP security by adding measures such as per-packet keying (PPK), message integrity check (MIC), and broadcast key rotation to address known WEP vulnerabilities.
Advanced Encryption Standard (AES-CCMP): An encryption protocol in the IEEE 802.11i standard upon the Counter Mode with CBC-MAC (CCM) of the AES encryption algorithm. CCM is the algorithm providing data privacy. The Cipher Block Chaining Message Authentication Code (CBC-MAC) component of CCMP provides data integrity and authentication. AES is a stronger alternative to the RC4 encryption algorithm.
These enhancements are leveraged by the new security feature WPA and WPA2. The section that follows details the WPA, WPA2, and 802.11i standard.
IEEE 802.11i defines the core security standards for WLAN networks. The IEEE 802.11i standard provides stronger encryption, authentication, and key management approaches to secure wireless data. It includes two new confidentiality protocols as mentioned previously—the TKIP and AES. Both are used for confidentiality, with a key system for each traffic type, key caching, and preauthentication mechanisms.
Wi-Fi Protected Access (WPA) is a standard security solution from the Wi-Fi Alliance that addresses all known WEP vulnerabilities in the original IEEE 802.11 security implementation and provides protection from known WLAN attacks. WPA uses the Temporal Key Integrity Protocol (TKIP) for encryption, based on the RC4 algorithm. WPA supports the preshared key (PSK) and IEEE 802.1x/EAP modes of operation for authentication. The PSK verification works via a password or a passphrase on both the client device and the access point. If the password on the client matches with the access point, verification is successful, and the client is authenticated. WPA is supported by the Cisco Unified Wireless Network solution.
WPA2 is the next generation of wireless security. It is the Wi-Fi Alliance's interoperable implementation of the ratified IEEE 802.11i standard. WPA2 provides a stronger encryption mechanism through AES encryption algorithm using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). WPA2 supports the PSK and IEEE 802.1x/EAP modes of operation for authentication. WPA2 is also supported by the Cisco Unified Wireless Network solution.
Both WPA and WPA2 offer a high level of assurance by providing data privacy and strong access control to restrict network access to authorized users.
WPA and WPA2 have two operation modes. Both modes provide encryption and authentication support to meet the various needs of the different market segments (refer to Table 12-1):
Personal Mode: Personal Mode supports wireless products by using the PSK mode of operation for authentication. A preshared key is required to be configured manually on both the access point and clients. An authentication server is not required. Personal Mode is targeted to Small Office Home Office (SOHO) environments.
Enterprise Mode: Enterprise Mode supports wireless products by using both the PSK and IEEE 802.1x/EAP modes of operation for authentication. A AAA server using the RADIUS protocol is required when using the IEEE 802.1x mode for authentication, key management, and centralized management of user credentials. (Refer to Chapter 11, "Layer 2 Access Control," for more details on implementing 802.1x solutions.) Enterprise Mode is targeted to enterprise environments.
Table 12-1 illustrates the summary of WPA, WPA2, and a comparison of the two operation modes.
Note
The information in Table 12-1 is taken from "Cisco LAN Security - Cisco Wi-Fi Protected Access, WPA2 AND IEEE 802.11I" at http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd801e3e59.html.
Note
The Enterprise Mode of both operation modes uses IEEE 802.1x and Extensible Authentication Protocol (EAP) for authentication.
As discussed in Chapter 11, the Cisco IBNS solution extends network access security based on the 802.1x technology by using EAP. EAP can be used for wired and wireless LANs, but is commonly used for wireless LAN networks. The WPA and WPA2 standard officially adopts the EAP method types for authentication.
Note
RFC 4017 describes the specification and the requirements for EAP methods used in WLAN authentication.
EAP is a universal authentication framework, not a specific authentication mechanism. EAP provides common functions and communication specifications for an authentication mechanism.
These varying mechanisms are called EAP methods, and there are currently about 40 different EAP methods.
Several variations in EAP methods can be used in the 802.1x solutions to provide identity-based network access control. Choosing an EAP mechanism depends on the clients, the policy, and the existing infrastructure, as illustrated in the following questions that must be answered:
Is there a Certificate Authority PKI infrastructure available within the network?
Is there any existing authentication system?
Is there a requirement to support multiple EAP mechanisms?
The following sections describe support for some of the common EAP methods used in access control solutions:
EAP Message Digest 5 (EAP-MD5)
EAP Transport Level Security (EAP-TLS)
EAP Flexible Authentication via Secure Tunneling (EAP-FAST)
Protected EAP (PEAP)
Cisco Lightweight Extensible Authentication Protocol (Cisco-LEAP)
EAP-MD5 (Extensible Authentication Protocol-Message Digest 5) is one of the IETF open standard, nonproprietary EAP types. EAP-MD5 is popular because of the ease of deployment. However, it is not one of the most secure EAP types because the MD5 hash function is susceptible to various attacks, such as offline dictionary attacks. EAP-MD5 does not support mutual authentication or key generation, which makes it unsuitable for use with dynamic WEP, WPA, or WPA2 environments.
EAP is defined in RFC 3748 (which replaces RFC 2284). MD5 is defined in RFC 1321.
The following list outlines the authentication process that takes place when an IEEE 802.1x supplicant connects to the wireless network using the EAP-MD5 authentication method. Figure 12-2 illustrates the EAP-MD5 message exchange between the client supplicant, the authenticator (switch or access point), and the authentication server (RADIUS), as explained in the list that follows.
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) is another open standard IETF standard, which is developed by Microsoft Corporation as an extension of Point-to-Point Protocol (PPP) to provide authentication within PPP, with TLS providing integrity of negotiation and key exchange. EAP-TLS provides greater security by using TLS, which is considered the successor of the SSL standard and therefore one of the most secure EAP methods available.
EAP-TLS offers per-packet confidentiality and integrity to protect identification and a standardized mechanism for key exchange.
EAP-TLS uses the X.509 PKI infrastructure to provide certificate-based 802.1x port-based access control. EAP-TLS addresses a number of weaknesses in other EAP protocols such as EAP-MD5.
Deployment of EAP-TLS increases in complexity because it requires mutual authentication, negotiation of encryption methods, and, most important, requires installing certificates on the client supplicant and server.
EAP-TLS is defined in RFC 2716.
The following authentication process takes place when an IEEE 802.1x supplicant connects to the wireless network by using the EAP-TLS authentication method. Figure 12-3 illustrates the EAP-TLS message exchange between the client supplicant, the authenticator (switch or access point), and the authentication server (RADIUS), as explained in the list that follows.
The client replies with an EAP Identity Response to the authenticator.
EAP-TTLS was codeveloped by Funk Software and Certicom. EAP-TTLS is widely supported across wireless platforms because it offers the same level of security and integrity as EAP-TLS without the overhead of installing PKI certificates on the client. EAP-TTLS requires a server-side certificate only on the authentication server. Note that despite the fact that EAP-TTLS requires only a certificate on the server side, the server is still able to authenticate the client after the secure tunnel has been established.
EAP-TTLS is described in an IETF Internet draft "draft-funk-eap-ttls-v1-01.txt." The draft can be found at http://tools.ietf.org/id/draft-funk-eap-ttls-v1-01.txt.
Here is a snippet from the abstract of the Internet draft:
"EAP-TTLS is an EAP type that utilizes TLS to establish a secure connection between a client and server, through which additional information may be exchanged. The initial TLS handshake may mutually authenticate client and server; or it may perform a one-way authentication, in which only the server is authenticated to the client."
Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) was developed by Cisco Systems, and an initial draft was submitted to the IETF in February 2004. The draft was revised and resubmitted in April 2005. EAP-FAST was developed to address the weaknesses of LEAP.
EAP-FAST uses the TLS tunnel, thereby providing a strong level of encryption. Similar to other EAP types that use the TLS approach, EAP-FAST offers confidentiality and integrity to protect user identification.
Although the concept is similar to other EAP types using TLS tunnel, the major differentiator is that EAP-FAST does not use the PKI infrastructure for user identity (server certificate is optional) to establish the tunnel. The client server architecture in EAP-FAST is based on strong shared secret keys that are unique on every client. These shared secret keys are called Protected Access Credential (PAC). The shared secret keys are distributed automatically to the client device via in-band provisioning or manually via out-band provisioning.
EAP-FAST is significantly faster because of the PAC architecture that expedites the tunnel establishment. Tunnel establishment using a shared secret key is inherently faster than using a PKI certificate-based exchange method. EAP-FAST remains popular among the other EAP-based solutions that provide encrypted EAP transactions.
EAP-FAST negotiation occurs in two phases:
In Phase 1, the supplicant client and the authentication server perform mutual authentication using the PAC and establish the TLS tunnel.
In Phase 2, the client exchanges the user credentials using the protected tunnel.
Figure 12-4 shows the details of the Phase 1 and 2 message exchange.
The following authentication process takes place when an IEEE 802.1x supplicant connects to the wireless network by employing EAP-FAST using the EAP-GTC (Generic Token Card) authentication method that is embedded in a TLS-protected tunnel. Figure 12-4 illustrates the EAP-FAST message exchange between the client supplicant, the authenticator (switch or access point), and the authentication server (RADIUS), as explained next:
The client confirms the cipher trust protocol set.
Protected Extensible Authentication Protocol (PEAP) is another open standard EAP type that was jointly developed by Cisco Systems, Microsoft Corporation, and RSA Security.
PEAP is a hybrid authentication protocol that creates a secured TLS tunnel and design architecture that is similar to EAP-TTLS discussed earlier. To establish the TLS tunnel, both PEAP and EAP-TTLS require server-side certificates only. PEAP is unique in that any EAP method type can be encapsulated in a TLS tunnel to provide a secure connection between the client and server.
To date, the following two PEAP subtypes are certified for the WPA and WPA2 standard:
PEAPv0 with EAP-MSCHAPv2
PEAPv1 with EAP-GTC
As shown in Figure 12-5, PEAP establishes the TLS tunnel in Phase 1, thereby creating a secure channel that can then be used to initiate any other EAP type that uses the protected tunnel in Phase 2. Theoretically, any EAP type can be wrapped within the TLS tunnel.
As discussed in the EAP-MD5 section and shown in Figure 12-2, challenge authentication and negotiation is in clear text without encryption. Although challenge exchange provides better protection, it is still susceptible to offline dictionary attacks. With PEAP, challenge exchange is protected with the strong security of the TLS channel.
The authentication processes outlined in the steps that follow take place when an IEEE 802.1x supplicant connects to the wireless network by using the PEAP-MSCHAPv2 authentication method. Figure 12-5 illustrates the PEAP message exchange among the client supplicant, the authenticator (switch or access point), and the authentication server (RADIUS), as explained in the list that follows.
Lightweight Extensible Authentication Protocol (LEAP) is a Cisco proprietary EAP method.
Cisco was a pioneer in introducing EAP support for WLAN devices. Cisco introduced LEAP in 2000 offering the first WLAN authentication method.
Cisco LEAP is a mutual authentication algorithm that uses a logon password as the shared secret that is known by the client and is used to respond to the challenges between the client and the authentication server. LEAP provides dynamic per-user, per-session encryption keys.
Most password-based authentication algorithms are susceptible to dictionary attacks, and the most effective way to safeguard against dictionary attacks is to create a strong password policy. Because Cisco LEAP uses password-based authentication, Cisco LEAP is also known to be susceptible to offline dictionary attacks, just like any other EAP type that uses a challenge response. At the DEFCON convention in 2003, a presentation was delivered that explored mechanisms that could make it easier for someone to write a tool to launch an offline dictionary attack on password-based authentications that leverage Microsoft MS-CHAP.
Cisco published a white paper, which is available on Cisco.com, to respond to the offline dictionary attacks on Cisco LEAP. EAP-FAST is one of the Cisco-suggested EAP methods to mitigate the offline dictionary attacks against MS-CHAP in LEAP.
Note
"Cisco Response to Dictionary Attacks on Cisco LEAP" can be found at http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_bulletin09186a00801cc901.html.
Newer protocols such as EAP-TTLS and PEAP do not have this problem, because the challenge response is tunneled within a secure encrypted TLS tunnel.
Table 12-2 provides a summary comparison of PEAP, EAP-FAST, Cisco LEAP, and EAP-TLS standards.
Note
The information in Table 12-2 is taken from "Cisco Aironet 1200 Series – Q&A" at http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item0900aecd801764fa.shtml.
Network Admission Control (NAC) for WLANs is a set of technologies and solutions used to enforce security policy compliance on all devices seeking network access and resources, thereby limiting damage from emerging security threats.
NAC is an industry initiative led by Cisco Systems and is part of the Cisco Self-Defending Network initiative that improves the network's capability to automatically identify, prevent, and adapt to security threats.
The WLAN NAC solution is available with the Cisco Unified Wireless Network solution.
Cisco Access Points offer an Intrusion Prevention System (IPS) for WLANs to provide intrusion detection capability while simultaneously forwarding data over the air. This allows an access point to monitor real-time wireless data, scanning for potential security threats to wireless devices. At this time, Cisco is the only vendor providing a WLAN solution that offers simultaneous wireless protection and data delivery.
WLAN IPS is part of the Cisco Self-Defending Network initiative, and is the first in the industry to offer an integrated wired and wireless IPS security solution.
A WLAN IPS solution is available with the Cisco Unified Wireless Network solution.
Virtual Private Network IP Security (VPN IPsec) is a framework and architecture of open standards for ensuring secure private communications over IP networks. VPN IPsec offers the confidentiality, integrity, and authenticity of data communications across shared or public networks.
IPsec can also be used as a solution (out-of-band) to secure WLAN traffic that is encapsulated in the IPsec tunnel.