Issues of ensuring security of corporate wireless networks.

Maxim Filippov,
project manager of the company OJSC “Elvis-Plus”

Source —

This article is an attempt to review the current state of wireless network security in order to answer the question: is it possible today to build a corporate wireless network that satisfies the network owner in terms of ensuring the required level of security, as well as in accordance with the requirements of Russian legislation and guidelines in the field of information security?

Wireless network technologies are widely used all over the world, attracting the attention of users with relatively low economic costs and ease of deployment, ease of use and flexible architecture. The undisputed leader in the wireless network market is equipment that meets the specifications of the 802.11 family of standards. Therefore, in the future, when using the term “wireless networks”, we will mean networks built on equipment compatible with the 802.11 family of standards.

One of the main segments of the wireless network equipment market is a solution for so-called “office or corporate” networks. A characteristic feature of such a solution is the creation of a continuous coverage area within an office building. This solution often requires the placement of a fairly large number of access points. And in this case, the task of monitoring and managing the wireless network becomes relevant. Therefore, already at the design stage, it is necessary to include in the solution the use of centralized management and monitoring of the network status, which in the future will significantly reduce the total cost of ownership (TCO) of the system. In the future, we will not return to TCO issues – this is the topic of a separate article and a separate discussion.

Another key issue in building wireless networks is, of course, the issue of ensuring the required level of security for information circulating in the network. First of all, the reason for the urgency of the issue is in the data transmission medium used—radio air. Unlike conventional networks, in which information is transmitted over wires, it is much easier to intercept information in the radio air—it is enough to have a set of equipment similar to the set of equipment of a wireless network subscriber. Therefore, the 802.11 standard specification pays special attention to security issues—the WEP (Wired Equivalent Privacy) wireless network security protocol is defined.

Of course, the security issue posed in this article is far from trivial, but we have to start somewhere… And in order to approach the solution of this issue, let's define the measures and means available to us that allow us to make a wireless network as secure as possible. So, we need to:

• Reduce the radio coverage area (of course, to the minimum acceptable). Ideally, the radio coverage area of ​​the network should not extend beyond the controlled territory.
• Change the default administrator password
• Enable MAC address filtering
• Prohibit broadcasting of the network identifier (SSID)
• Change the default network identifier (SSID)
• Periodically change the network identifier (SSID)
• Enable WEP functions
• Periodically change WEP keys
• Install and configure personal firewalls and antivirus programs for wireless network subscribers
• Make appropriate traffic filtering settings on telecommunications equipment and firewalls
• Ensure backup of equipment included in the wireless network
• Ensure backup of software and equipment configurations
• Perform periodic monitoring of the wireless network security status using specialized security analysis tools for wireless networks (see, for example, http://iss.net/, http://wildpackets/ or http://sniffer/ ).

All of these protection methods can be implemented today on equipment from virtually any manufacturer represented on the market of wireless networks of the 802.11 standard and having the Wi-Fi1 logo.

Let's call the set of above-mentioned protection measures the “initial” level, below which it is absolutely forbidden to go when designing a corporate wireless network.

Let's assume that the entire set of measures has been implemented, but, alas, given the known technical and technological problems of the WEP protocol, and as a consequence, the low level of complexity of hacking such a network, a wireless network with an “initial” level of security is best considered as a far from secure network. And, as a consequence, access points of such a network (even when using WEP) should not be connected to an internal wired network – they should be located on the outside of the firewall. Thus, it is impossible to process confidential information in a network with the initial level of security described above.

To remedy the situation, some manufacturers (e.g. Agere Systems, D-Link, US Robotics,) suggest using longer WEP2 encryption keys—128, 152, or even 256 bits—in order to improve the basic level of security. But this often results in a lack of compatibility with 802.11 equipment from other manufacturers. In addition, from an attacker's point of view, WEP traffic is a set of initial data for solving a cryptanalysis problem of the “chosen key attack” type3.

And given that the attacker knows the algorithm for changing keys defined by the WEP protocol, he will spend several hours 4 to solve this problem. After which we are provided with an unauthorized connection to our wireless network. Moreover, it will not be difficult for the attacker to replace the MAC address of his access card with the MAC address of the access card of a legitimate user, and it will become virtually impossible for us to detect such a hack. Increasing the key length even to 256 bits only increases the number of packets that the attacker must listen to (for example, using AirMagnet or AiroPeek packet analyzers), and the time required for the attacker to perform cryptanalysis.

The RC4 stream cipher, which is the basis of WEP encryption and was developed by American Ronald Rivest in 1987, has become widespread due to its successful combination of cryptographic strength and high speed. The vulnerabilities of the RC-4 protocol implementation in WEP have been studied by cryptographers for quite a long time5. According to many experts, it is necessary to replace the cryptographic toolkit of the WEP protocol with a more robust one.

So, the awareness of the problems of the WEP protocol did not come yesterday, so today there are already solutions on the market that make the use of the WEP protocol more secure. For example:

Using some protocols of the 802.1x standard (we will discuss them below) allows us to solve the problem of dynamically changing encryption keys for wireless devices.

The MIC (Message Integrity Check) protocol allows us to protect WEP packets from being changed or forged during transmission.

The TKIP (Temporal Key Integrity Protocol), also developed to improve the security situation of the WEP protocol, assumes the use of a unique key sequence for each device, and also provides a dynamic key scheme every 10,000 packets. However, just like WEP, the TKIP protocol uses the RC4 cryptographic algorithm for encryption. Note that to use the TKIP protocol, there is no need to abandon the existing 802.11 equipment, it is enough to update the software (of course, if the manufacturer has implemented support for this protocol).

Now let's turn to the issues of ensuring secure information interaction between wireless network users and corporate network resources. To solve this problem, we will need to implement authorization of wireless network users (in the WEP protocol, user authentication is not implemented at all), and also use stronger security methods capable of ensuring the required level of confidentiality and integrity of information. One of such methods is installation of an access control server using the EAP/802.1×6 standard protocols (LEAP; PEAP; EAP-TLS; EAP-TTLS) for the purpose of enhanced authentication of wireless network subscribers.

Let's look at this method in more detail. In our case, the 802.1x standard defines the interaction of a wireless network client with an access server at the stage of subscriber authorization in the system. The user authorization scheme in a wireless network is shown in Figure 1.

The most popular access servers today are Cisco Secure Access Control Server and Internet Authentication Service (IAS). The latter is built into the Microsoft Windows 2000 operating system.

Without going into technical details of the implementation of specific protocols of the 802.1x standard, it is necessary to note the following important points:

• This scheme requires installation of specialized software on the client side—the so-called “supplicant”. By default, support for the 802.1x authentication mechanism is built into the Windows XP operating system and is available for installation as a separate package for the Windows 2000 operating system (apparently, it will be included in the Service Pack #4 update package). The supplicant can also be supplied with the wireless network access equipment drivers.
• A number of 802.1x protocols use X.509 digital certificates in their work. Thus, the PEAP protocol uses the access server certificate to verify the access server by the user, and the EAP-TLS and EAP-TTLS protocols use X.509 certificates of both the access server and the client for mutual authorization. Note that it is possible to interact with the access server and an external storage of digital certificates, for example, via the LDAP protocol.

Due to the fact that the 802.1x standard is relatively young, today you can still encounter such “unpleasant” moments as:

• implementations of the same protocol by different manufacturers are not compatible with each other;
• lack of supplicants for some types of client devices for accessing the wireless network.

But despite all these unpleasant moments, it can be stated that the set of protocols of the 802.1x standard (LEAP; PEAP; EAP-TLS; EAP-TTLS) implemented by various manufacturers, allows today to choose and implement an authorization method that suits the owner of a wireless network.

We understand that our network may have different categories of users (subscribers). And it is quite natural that we will want to provide these different categories of users with different rights to access certain resources. The simplest example is presented in Table 1.

Obviously, after authentication of a wireless network subscriber, it will be necessary to assign a security policy corresponding to his category. One of the possible implementations of such an approach is:

Using the technology defined by the 802.1q standard, which allows authorized wireless network subscribers to be placed in different VLANs with a previously defined security policy for each of these VLANs (depending on the subscriber type).

So, using, in addition to the methods of the basic level of protection, the means of enhanced authentication according to the 802.1x protocol and the means of improving the security of the WEP protocol, today it is already possible to achieve an acceptable level of protection of information circulating in a wireless network.

Unfortunately, today only a narrow circle of companies can offer the above-described solutions. First of all, these are the leaders of the wireless network equipment market. Moreover, the undisputed trendsetter in the market of wireless network security solutions is Cisco Systems.

It should also be noted that the implementation of security tools in popular operating systems can significantly “pull up” the security level for wireless networks, partly removing this “headache” from equipment manufacturers. But the issue of compatibility of implementations of specific protocols by different manufacturers remains open.

Let's try to look into the future to understand what changes should be expected in the field of wireless network security in the near future. Here are two key points that should put an end to the question “Is it safe to use wireless networks?”:

• WEP is to be replaced by the 802.11i standard at the end of 2003, which will combine systems of enhanced authentication, dynamic key change, key management, packet authentication, etc. Instead of WEP encryption, it is planned to use AES (Advanced Encryption Standard—the Rijndael cryptographic protocol). However, this, in turn, will require the development of new, more expensive basic chip sets, and therefore additional costs from users to update equipment;
• The situation with compatibility of solutions from different manufacturers in the field of wireless network security will improve significantly. Thus, the WECA organization has already published the Wi-Fi Protected Access (WPA) specification, which is intended to clarify the issue of compatibility of security solutions from different manufacturers and defines the use of the TKIP protocol and authentication protocols of the 802.1x standard. Certification of equipment for compliance with the Wi-Fi Protected Access specification will begin in the first quarter of 2003, and by the time the 802.1i standard is approved, a new version of this specification will be released – Wi-Fi Protected Access 2, which will certify the compliance of solutions from different manufacturers with the 802.1i standard and their interoperability.

Now let's remember that we live in Russia, which means that the entire review of security architecture for wireless networks will not be complete if we do not dwell on the Russian specifics of using information security tools and cryptographic information security tools. What requirements does the legislation impose on users of these technologies in Russia?

It should be noted that a lot has been done in the field of information security in Russia recently. Corresponding normative and guiding documents have appeared that regulate the protection process. Consulting companies conduct security audits of corporate networks. Information systems certification bodies have been formed. Insurance companies offer information risk insurance services. But, unfortunately, it must be stated that all these newfangled services have yet to gain popularity in the Russian market. It is possible that all these processes will finally create precedents of real legal liability for disclosure of confidential information, as well as liability of organizations designing and implementing the information security system (ISS), issuing conclusions (certificates of conformity) on the compliance of the constructed ISS with the requirements of the guiding documents.

But let's get back to our topic. As was said above, one of the basic technologies for protecting information in wireless networks is cryptography. Today in Russia, to protect confidential information, we can LEGITIMATELY use only FAPSI-certified cryptographic information protection tools. Precisely for PROTECTION. There is no point in hoping that Russia's position on the issue of using “foreign” cryptography on its territory will change – any state has the right to determine how to use cryptography. On the other hand, no one has lifted the restrictions on the export of “strong” cryptography from the United States. No less illusory are the hopes that we will ever see the implementation of a Russian cryptographic algorithm in equipment from foreign manufacturers.

The optimal solution to these problems is seen in the use of secure private virtual networks (VPN) technology:

Implementation of VPN technology to ensure the confidentiality and integrity of information circulating in a wireless network, in accordance with the requirements of Russian legislation and the guidelines of FAPSI and the State Technical Commission.

When building wireless networks with the highest level of security, equipment manufacturers recommend using VPN solutions based on the IPSec protocol family: for example, VPN solutions from Russian manufacturers fit organically into the SAFE architecture—the architecture of secure networks built on Cisco Systems equipment.

There is another argument in favor of using VPN technology to protect information circulating in a wireless network. By creating an external protective shell based on VPN products, the owner gains confidence that he is protected not only from known vulnerabilities of built-in wireless network security protocols, but also from those that may appear in the future. And most importantly, using a VPN solution based on the IPSec protocol from Russian manufacturers makes it possible to give the entire security system legitimacy, since it becomes possible to use products certified by FAPSI and the State Technical Commission of Russia.

Despite the fact that the technology of protected private virtual networks in itself is capable of providing strict authorization of the user by his digital certificate of the X.509 format, it should not be considered as an alternative to solutions based on the 802.1x protocol. These are complementary solutions. Since VPN tools provide protection at the network level, and the use of solutions based on the 802.1x protocol allows you to prevent unauthorized access to the wireless network at an earlier stage. Such a solution allows you to build a multi-layered defense: by authorizing users using the 802.1x protocol, we make sure that we are dealing with a legitimate user of our wireless network, and by implementing additional authorization using VPN tools, we make sure that we allow users who have the right to work with confidential resources. In addition, using firewall functions on the VPN gateway device will allow us to assign different access rights within a group of users who have access to confidential information. It should also be noted that the 802.1x protocol itself has a number of vulnerabilities to attacks such as “man-in-the-middle” and “session hijacking”7. Therefore, it is worth repeating: the use of VPN technology allows you to create an external protective shell for a wireless data transmission network.

As always, the issue of ensuring the required level of security and the issue of convenience and ease of use are on different scales. Let's see what is the “price” in the case of using VPN technology:

1. Reduction in overall network throughput. According to our company's experience, in the case of using certified cryptocores in IPSec protocols, the decrease in performance will be approximately 20 to 30%.
2. In the case of using pocket computers (PDAs) and/or wireless IP phones, finding a VPN agent and cryptographic core for these hardware platforms is quite problematic. Therefore, at this stage it would be correct to apply a security policy to these access devices that excludes their interaction with confidential resources in the corporate network.
3. Increase in the total cost (including TCO) of the solution.

Now, having discussed all the main issues, let's finally look at what the architecture of a secure data transmission network might look like, taking into account all of the above— see Figure 2.