From the ground up: Creating secure WLANsDate: May 11, 2009
In this video, Lisa Phifer of Core Competence Inc. explains how to create a secure WLAN for your enterprise, including WLAN implementation best practices, WEP security versus WPA security, and 802.1x enterprise security.
Wireless Security Lunchtime Learning
- LESSON 2: HOW TO BUILD A SECURE WIRELESS INFRASTRUCTURE
- TIP: HOW TO COMPARTMENTALIZE WI-FI TRAFFIC
- TIP: THE ROLE OF VPN
- TIP: WIRELESS AP PLACEMENT
- LESSON 2 QUIZ
Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact firstname.lastname@example.org.
From the Ground Up: Creating Secure Wireless LANs
Carolyn Gibney: Hello, and welcome to today's
Lunchtime Learning video presentation: ‘From the Ground Up: Creating
Secure Wireless LANs,’ with special guest, Lisa Phifer. My name is Carolyn
Gibney and I will be your host.
The goal of SearchSecurity.com's Wireless Lunchtime Learning
School is to equip you with strategies and tactics for defending your
organization's wireless LAN, in a format that fits your busy schedule.
Today's presentation focuses on creating secure wireless networks,
including wireless LAN security basics, like packet encryption methods,
VPNs and VPN alternatives, and implementation best practices. Our
expert speaker, Lisa Pfeiffer, has been involved in the design, implementation,
and evaluation of data communications, internetworking, security, and network
management products for over 25 years. Lisa owns Core Competence, Inc.,
a consulting firm specializing in network security and management technology
and teaches about wireless LANs, mobile security, and virtual private networking
at many industry conferences and online webinars. Thank you for joining us
Lisa Phifer: Thank you, Carolyn. I am looking forward to
wireless network security.
Carolyn Gibney: As a reminder to all our listeners, you can see
all the tips
and videos in our Wireless Lunchtime Learning Security School at any time
by navigating to SearchSecurity.com/WirelessLunchtimeLearning. We are
ready for your presentation, Lisa. Take it away.
Lisa Phifer: Alright. Let us get rolling. Starting with a solid
is really the best way to build a network that is secure enough for any
home or business. Creating a solid infrastructure always starts with
designing your radio and network technology with security in mind. The
next step is to install and configure wireless network elements that
actually implement your security policy. Many early wireless LANs lacked
the foundation needed to create a reasonably secure network. Some
consisted of legacy devices with little or no built-in security, others simply
lacked a cohesive policy to really, reliably address high priority wireless threats.
Today's WiFi products provide broad support for vetted and complimentary
security measures. Businesses that are starting 802.11n rollouts today actually
have a great opportunity to avoid some past mistakes by baking security right
into those new networks from the start. In this webcast we will be defining and
comparing the security measures that are built into every contemporary WiFi
product, from legacy web and WPA to 802.11i. We will examine complimentary
measures like VPNs, VLANs and NAC, and see how they can dovetail with those
built-in security measures. Our goal here is to help you decide which combination
of security measures are right for you wireless network.
Let us get started with Wired Equivalent Privacy, the data
defined by the original 802.11 standard, that is supported by every WiFi-certified
product since day one. WEP actually tried to level the playing field between
wireless and wired LANs. Wired Ethernet is a shared medium, all connected
stations have equal access and they can observe each other’s traffic. WEP
just tried to bring similar properties to wireless, all stations with the web key
could connect to the wireless LAN, while RC4 encryption stopped outsiders
from making sense of the data they might overhear. Unfortunately, WEP used
RC4 in an unsafe fashion. By encrypting multiple frames with the same static
key in a too short initialization vector, WEP exposed enough information to
enable key cracking. Today, hackers can capture web traffic and inject frames
to guess your key in a matter of minutes using readily available tools and how-to
guides posted on YouTube. An attacker who cracks your key can use your wireless
LAN and decrypt data sent by others, including data that was captured long ago.
Security is compromised until you update that static web key on every single station,
and that is a laborious task for which WEP provides no help at all.
WEP really was a huge problem for early 802.11 networks. To
shut down the
WEP cracking PR nightmare, the WiFi alliance published a snapshot of 802.11i
way back in 2002. That snapshot carved out a stable subset of the draft standard
called WiFi Protective Access. WPA has been required in all WiFi products since
late 2003. To facilitate field upgrades, WPA encrypted data with the same RC4
encryption cipher, but it defined a new backwards compatible wrapper, called
the Temporal Key Integrity Protocol. TKIP uses key mixing to defeat WEP
crackers, it adds a message integrity check to deter forgery, and also uses
cryptographic sequencing to detect replay. For backwards compatibility, WPA
uses the original 802.11 open system mode to get the association rolling, but
it follows that with one of two new authentication alternatives, known as WPA
Personal and WPA Enterprise. WPA was an essential security fix at the time
when Wi-Fi was just really starting to get momentum. WPA was not perfect; it
was always intended to be a stop loss measure. RC4 never satisfied SIP’s
requirements, TKIP was always vulnerable to DOS attacks triggered by integrity
check failures, and just last year, researchers learned how to inject specially
crafted frames that can bypass those integrity checks. Furthermore, when
WPA Personal is used with too short passphrases, they can be guessed by
tools, which is shown here.
Fortunately, all contemporary WiFi products now support 802.11i
Security Network Standards, ratified five years ago, and required since
2006. For compatibility with legacy devices, 802.11i still allows WEP and
TKIP, but it requires every new product to implement a more robust, more
efficient security protocol called AES CCMP. Products that implement the
full 802.11i standard are certified by the WiFi Alliance as WPA Version 2.
At the heart of WPA2 lies a stronger cipher, the Advanced Encryption
Standard. AES-encrypted data is wrapped in a new protocol, CCMP that
stands for Countermode CBC Mac. Countermode and CBC just describe
how AES deters key cracking; Mac describes how AES deters forgery and
replay. Not only is AES CCMP far more robust, it does what it does much
faster. Some older devices did lack the horsepower for WPA2, but those
days are long gone. Today, it is very rare to find a new 802.11 device that
is incapable of WPA2, and if you ever do, do not buy it. If you have any
doubts about WPA2 support, visit the WiFi Alliance website to check any
WiFi product’s certification, for example, on this slide I show the Apple
iPhone 3G and the fact that it has WPA and WPA2 tests, using both
standard authentication methods, WPA2 Personal and WPA2 Enterprise.
For those two options, WPA2 Personal is intended for use in
and small offices where security needs and expertise are modest. For
example, would you trust everyone in your household to access your
entire network? If so, the pre-shared keys used by WPA2 Person
probably can meet your network security needs. When you configure
your access point to use WPA2 Personal, every station that associates
will be required to complete a handshake designed to prove that it knows
the pre-shared key, that is a bitstream that is created whenever you type in
your network's WPA2 passphrase. During the PSK handshake, encryption
keys are also derived that will then be used by AES or TKIP for data protection.
Why not authenticate everyone with pre-shared keys? Since all
the same PSK, there is no way to know which individuals are actually using
your LAN. Your son might give your friend or neighbor your PSK, then later
on regret it, or your daughter might lose her phone containing your network's
PSK. Most businesses cannot tolerate these kinds of group authentication
risks, but if you can in your home, then WPA2 Personal just might be right for
you. If you do use WPA2 Personal, it is important to realize that short, simple
passphrases can be guessed, not by web crackers, but by tools that analyze
the PSK handshake. Those tools started out pretty slow, but they are getting
much faster, aided by huge passphrase dictionaries and parallel processors.
To actually deter these tools, you want to choose a long random passphrase.
Most businesses should use WPA2 Enterprise instead. WPA2 Enterprise
applies more granular, 8021x port access control to networks that have the IT
staff and the radius infrastructure needed to support that added complexity.
8021x is a standard framework for controlling LAN use. In a wired LAN, 8021x
determines whether a station can use an Ethernet switch-port. In a wireless LAN,
8021x determines whether a station can actually send data through a WiFi
access point. In both cases, the decision is made not by that LAN device, but
actually by a central radius server based on the users asserted identity and
credentials. 8021x lets you centralize access control by leveraging radius
servers, user directors, and login credentials that are commonly employed
for either domain or VPN authentication. 8021x lets you permit or deny, then
track individuals that use your network and what they do while they are
connected. In addition, 8021x delivers fresh encryption keys for every
authenticated session. WPA2 Enterprise was designed to meet business
network needs, but there are a few caveats, specifically, different businesses
require different authentication methods. To accommodate that diversity, 8021x
actually carries another protocol, the Extensible Authentication Protocol. We
will be discussing EAP methods and their related exploits in Lesson Three.
Beyond data encryption, integrity access control, and
authentication, the 80211i
Robust Security Network Standard defined two fast handoff options. Eliminating
static web keys actually had a positive impact on security but it had a negative
impact on performance. When using web, a station that roamed from one
access point to another experienced just a brief disruption, they could continue
using the same key. Stations that use WPA2 Enterprise actually experience
longer roaming delays due to 8021x Re-authentication. Laptops might not notice
that gap, but any handoff over 50 milliseconds is a showstopper for voice over IP.
The speed handoff, 80211i defined pre-authentication that is an option that lets
standards complete 8021x with a new access point before they disconnect from
the old access point. The standard also defined opportunistic key caching, that is
an option that let most stations skip most of 8021x when they roam between access
points that share an association context. 80211i introduced these options, but it did
not fully specify them in a way that would be required for multivendor interoperability.
Last year, 802.11r filled in this gap by defining some messages exchanged by access
points that implement something called Fast BSS Transition. 80211r reduces handoff
delay when you roam between access points in the same wireless network by preserving
both the authentication state and quality of service state previously negotiated. If you
intend to combine WPA2 Enterprise with voice over IP, I highly recommend checking
To summarize, let us compare the original 80211 WEP, the WPA
the final 802.11i features that were covered by WPA Version 2. Each defines
a protocol to send encrypted data, while WEP and TKIP scramble data with
RC4, only WPA2 uses the Advanced Encryption Standard that is recommended
by the US government, and only WPA2 really provides that robust data integrity.
For group authentication, WPA and WPA2 use the same mechanism, a pre-shared
key. The WiFi Alliance certifies this approach as WPA or WPA2 Personal, but
you might see this referred to in some provinces as WPA or WPA2-PSK. For
user authentication, WPA and WPA2 use 8021x port access control, again,
that is certified as WPA or WPA2 Enterprise. To reduce handoff delay, enterprise
products may also implement either key caching, pre-authentication or the new
80211r Fast Transition Standard, but keep in mind that those options are neither
required nor tested by the WiFi Alliance. Most contemporary wireless LAN
should be secured with WPA2. If you must allow WPA for backwards compatibility
connecting to older devices, work to retire those devices as soon as possible,
especially if you plan to deploy 802.11n. The 11N high throughput data rates
are only permitted when you use WPA2. At this point, there are really few
legitimate reasons to use the decade-old, very broken WEP.
Businesses sometimes augment 80211 encryption with VPN
Unlike WEP, WPA, or WPA2, virtual private networks are not defined by
80211; they are not unique to wireless. VPNs use secure tunneling protocols
like IPSEC or SSL to connect entire networks to each other or to connect
remote workers to company networks. Although security characteristics
depend on the kind of VPN and exactly how you use it, most remote
access VPNs authenticate users before giving them access to a private
trusted network. To prevent eavesdropping, forgery and replay, most
VPNs encrypt IP TCP or ETP packets that are exchanged between that
remote user and a VPN gateway at the edge of a private network.
Superficially, that might sound a lot like the security characteristics that
we talked about for WPA Enterprise, but there are some fundamental
differences. As shown here, VPN tunnels protect data, not just between
the station access point, but as that data passes through the entire network.
You can apply VPNs to wireless LANs by treating WiFi notebooks and
smartphones like remote users, tunneling their data to a VPN gateway that
separates the untrusted wireless territory from our trusted corporate network.
There are many different VPN tunneling protocols that can be used to secure
wireless communication. A few are shown here, for example, the point-to-point
tunneling protocol is a quick and dirty option for a Windows-only networks. I do
not recommend using PP TP with WiFi because it offers only very relatively
weak security and it is disrupted when WiFi stations roam from access point to
Many enterprises already use IPsec to secure remote access. To
on WiFi devices you probably want a VPN that implements both user
authentication and mobility extension, in particular, Mobile Hike can preserve
IPsec tunnels as wireless devices roam between networks. Today, many
companies have migrated from IPsec to SSL VPNs. SSL VPNs vary quite a
bit in how they work and which applications they support, but as a rule, they
are more versatile and more granular than IPsec. SSL's Fast Session Resume
can be helpful on WiFi devices that roam between access points, but you
really should not expect SSL VPNs to actually hide loss of coverage situations.
In fact, seamless roaming is a sweet spot for mobile VPNs, created by
companies like NetMotion and Columbitech. Mobile VPNs were created
to facilitate roaming, not just between access points, but actually between
public and private networks. Most VPNs provide some degree of application
persistence, letting application sessions survive extended periods without any
wireless coverage at all.
Ultimately these VPNs do not replace WPA2, rather, VPNs can be
address different security needs associated with using WiFi in a variety of
public and private venues. For example, VPNs or Secure Applications
should always be used for end-to-end security on wireless devices when
they are used at public hotspots. In this case, WiFi, whether it is encrypted
or not, is just a remote access link, your VPN delivers consistent protection
over any internet connection. The same goes for using VPNs to secure
data sent over a home or business partner wireless LAN. Here, VPNs let
you control how your business communication is protected without having
to rely on your employee or your business partner to secure their part of the
end-to-end path. Inside your wireless office LAN, you can rely more
extensively on WPA2, but even there, VPNs can be useful to secure traffic
sent by devices that roam frequently between wireless and wired networks.
For example, a smartphone that uses both 3G and WiFi may benefit from a
mobile VPN that provides application persistence and also consistent security
across both kinds of networks.
Finally, companies with well-established VPNs sometimes use
them to control
wireless access with finer granularity than 8021x can. If all employees use
VPN-enabled devices to reach very specific resources inside your wired
network, you might just want to apply those same VPN policies to wireless,
and then you can just use WPA2 as a relatively coarse filter to block visitors
and outsiders from accessing your wireless network.
Virtual Local Area Networks are another technology commonly
business networks that we can extend to wireless LANs. VLANs are not a
security technology, per se, but they can help us enforce defined security
policies by tagging LAN frames. Different tags can be assigned to different
workgroups independent of their physical location, and those tags can be
used to actually decide where incoming frames can and cannot go within
a corporate network. How does VLAN tagging apply to wireless? If you
offer guest access, all traffic coming from that wireless LAN could be
tagged so that traffic is limited to the public internet and prevented from
reaching any other destination inside your company network. In wireless
LANs that support multimedia, tags can be used to actually segregate traffic
carried by a unified wireless LAN infrastructure, for example, directing voice
handset traffic onto a VLAN that has been intentionally isolated in order to
minimize latency. In wireless LANs that use 8021x, access points can
actually use tags returned by the radius servers in order to map traffic
from each user onto the appropriate VLAN based on their identity, group
affiliation, and perhaps even their security state.
That brings us to NAC, Network Access Control, which is heavily
this 8021x/VLAN combo. We are all used to filtering packets that pass
between networks based on things like IP address and port number, but
NAC actually controls user access between network resources based on
a combination of who the user is, the state of their device, and configured
policy. Instead of filtering on the sender's IP address, NAC makes decisions
based on the sender's authenticated user identity. Instead of unknown,
unmanaged devices onto the network, NAC considers everything it can
possibly learn about the device before it decides whether to grant access.
With NAC, network devices like Ethernet switches, wireless access points,
routers, and firewalls all still control access, but now what they are actually
doing is enforcing decisions made by NAC. Inside a wireless network, NAC
decisions can be enforced by techniques like permitting or denying the use
of a particular SSID or using 8021x to direct WiFi devices onto authorized
subnets or VLANs.
Let us quickly look at an example that uses NAC to segregate
traffic based on both device type and security state. At the top, we have
employee laptops with WPA2 Enterprise and probably running some
kind of antivirus program. These laptops associate to our corporate
SSID that required 8021x logon followed by some kind of NAC scan for
an operational and patched antivirus solution. Only if both of those checks
pass will the laptop be mapped into the corporate VLAN. Second, we have
consultant laptops. The first time any consultant connects to our corporate
SSID, maybe they fail our NAC antivirus check. If they do, instead of letting
them actually gain access to our corporate VLAN and expose us to risk, it
might actually map them onto a quarantined VLAN where they can download
then install some antivirus software. In this example, we use open guest
SSID and a separate network to deliver access to public internet, and only
the internet. We might even make guests pass a basic endpoint security
scan before we grant this kind of access. Finally, if our voice over IP phones
lack 8021x, which most do today, we must find another way to control them.
Here, we use a separate voice SSID to secure this traffic with WPA2 Personal,
then we map that traffic from only known trusted phones onto our voice VLAN.
Today, every WiFi product that you buy will provide these
measures we have talked about, many will also have hooks that facilitate the
use of the complimentary measures we talked about, like VPNs, VLANs, and
NAC, but deciding where and how to combine measures to create a secure
wireless network is still up to you. Assess your business risk, decide which
measures could actually mitigate those risks, then let policy drive the implementation.
You may end up with some old hardware that just cannot meet your needs, and you
may have to adjust your ideal policy to reflect that reality, but a top-down approach
is far more likely to neutralize risks that really matter to your business. Again, to
learn more, check out our companion tips. We hope they will help you actually
apply what you have learned to your own network.
Carolyn Gibney: Great presentation, Lisa. Thank you. This
brings us to the end
of today's video presentation. Once again, we would like to thank Lisa Pfeiffer,
of Core Competence, for joining us. For more information on creating wireless
LANs you can read Lisa's exclusive companion tips on ‘Using VLANs to
Compartmentalize Wireless LAN Traffic,’ ‘The Role of VPN in Enterprise
Wireless.’ and ‘The Ins and Outs of AP Placement.’ Those tips and all the
great learning materials in our Wireless Lunchtime Learning Security
School can be found by navigating to SearchSecurity.com/WirelessLunchtimeLearning.
A final thank you to all our listeners for joining us today. I am Carolyn Gibney. Have a