Guideline for Securing Wireless LAN Deployment

Introduction

Wireless LAN (WLAN) is now widely deployed in Hong Kong. You can find hotspots in shopping centres, Internet cafes, hotels and Airport now. It is not surprised to see WLAN accessible along the street in the near future. Due to the flexibility in cabling and the low cost, home and corporate adoption of the technology is booming. WLAN, however, has its disadvantage in terms of security. If not properly deployed, it can bring about great security risks.

What is 802.11b and Wi-Fi?

Wireless LAN can be considered as an extension of the current LAN technology. Instead of using copper wired as the physical connection, high frequency radio wave is used to transmit signals. PCs equipped with a wireless LAN adapter can connect to each other in a network through the air. The most common WLAN standard is IEEE802.11b (also named Wi-Fi). It works on a bandwidth of maximum 11 Mbps on one of the 15 channels (in Hong Kong, use is limited to the first 11 channels) of the unlicensed 2.4GHz band. The negotiated bandwidth can fall back from 11 Mbps to 5.5 Mbps and 2 Mbps when the signal is weak or the environment is noisy. The signal-to-noise ratio can be improved by attaching an antenna to the AP or the client. WLAN uses a shared medium so you can expect collisions exist that lower the effective bandwidth.

There are two modes of communication: ad-hoc mode specifying the client-to-client communication and infrastructure mode specifying client-to-hub communication. In the infrastructure mode communication, the hub or the Access Point connects all clients up to form a wireless network. Each network has a Service Set Identifier (SSID) to differentiate itself from the others. By default the Access Point broadcasts the SSID periodically to let users to locate the network.

IEEE 802.11b includes an optional security feature called the Wired Equivalent Privacy (WEP) to encrypt the traffic between the client and the AP. The standard defines the 64-bit WEP key (with 40-bit secret key). Currently a stronger 128-bit WEP (with 104-bit secret key) is commonly available. The client and the AP must agree on a shared key before communication can be established.

Vulnerabilities and Risks of Wireless LAN

The greatest vulnerability of WLAN network is the lack of physical security. Unlike wired network, intruders do not need to enter your premise to connect to your wireless network and you have no good way of tracking who is connecting at any time.

The second security vulnerability comes from the default settings of the WLAN devices. The default settings are there for ease of deployment and compatibility. These settings allow non-technical users to connect and use WLAN without difficulty. Most users and companies do not change the default settings right after the deployment. Intruders can make use of these ¡§convenience¡¨ to connect your network as well. These are the well known default settings in a WLAN access point (AP):

No encryption (WEP) used or using a default encryption key

Default SSID (e.g. WaveLAN Network, default, wireless)

Default administrator name & password (and SNMP community string as well)

DHCP enabled by default, automatically assign IP address to all connected devices

The third vulnerability comes from the current WLAN technology 802.11b. Firstly the 802.11b incorporates no authentication mechanism and its encryption protocol, the Wired Equivalent Privacy (WEP) protocol has no automatic encryption key change mechanism. Besides, WEP is known to have a flaw that allows collection of enough packets to break the encryption.

The last vulnerability is the weakest link - human. Without a careful study of the risks associated with the current WLAN technology, some people are deploying WLAN for sensitive services. Some companies do not have control on their staff plugging in APs to their internal network, opening a backdoor to intruders and making the perimeter firewall and internet antivirus gateway useless.

The consequences of any intruder connecting to your WLAN network are:

Network resources (e.g. Internet bandwidth) being misused and productivity being affected.

Information leakage due to network sniffing by intruders outside your premise where you have no control of access.

Virus infection due to injected viruses by intruders.

Damage to confidentiality, integrity and availability when systems penetrated by intruders.

The damages might transform to financial, trust and reputation loss. You might have legal liability by allowing this to happen (e.g. violation of agreement of usage, and claim of loss when your network being used for hacking attack).

Wireless LAN Security Checklist

Here is a checklist to secure your WLAN deployment.

General Checklist to Home and Business Use of WLAN

1. Physical Security
   
   1. Do not put the WLAN Access Point (AP) close to window or door.
   2. Power-off when the access point not in use.


2. Encryption of communication
   
   1. Turn on WEP encryption. The 128-bit key WEP is preferred over the 64-bit key.
   2. To further improve the security over time, change the WEP periodically.
3. Securing SSID
   
   1. Change the default SSID to something else for your network.
   2. If possible, turn off SSID broadcast (some AP manager GUIs provide such function, sometimes called ¡§closed network¡¨). You need to tell individual users the SSID.
4. Controlling access to authorized WLAN card
   
   1. Turn on MAC Address filter to allow only authorized WLAN card to make connection. This is effective if the list of WLAN cards is manageable.
5. Controlling the IP network
   
   1. Disable DHCP service on the AP. Use static IP address on wireless LAN client. Client without valid IP address cannot connect.
6. SNMP configuration
   
   1. If your AP is configured using SNMP, make sure you change the default SNMP name and community string. Use a longer SNMP community string with mix of numerals and alphabets
   2. Enable SNMP access control list (ACL) to control who can configure the AP
   3. For security over time, change the SNMP community string periodically
7. Mobile Computing Security
   
   1. Most probably you are using WLAN with mobile devices. Make sure you observe other mobile security issues (e.g. theft of hardware, lack of protection from corporate antivirus gateway and firewall) and deploy appropriate protections.
8. Human Security
   
   1. Do not reveal your password, SSID, WEP key and other security configurations to the third party. When in doubt, change these settings.
9. Legal and Ethical Responsibility
   
   1. Unauthorized access of information system is a criminal offense. Do not try to connect to others¡¦ wireless networks and systems for curiosity, research or other intents. If you find out your neighbour¡¦s WLAN is insecure, please inform them to get it fixed. As a responsible person, please do not disclose this vulnerability with owner name and location to a third party.

Additional Checklist for Corporations

1. 1.use of technology: For very sensitive and serious services, you have to assess the risk of WLAN before taking it as an option. Put in your budget the extra cost of management and security strategies in WLAN security protection before deploying WLAN.
2. 2.Management Policy: Do not allow the staff to build their own access point. Carry out periodic check to audit if this policy is enforced.
3. 3.Perimeter Protection: Treat WLAN as untrusted network. Segment wireless traffic in a separate network. Install a properly configured firewall between the wired infrastructure and the wireless network to manage traffic going into the internal network or service network.
4. 4.Switched network connection:Connect APs to network switches (instead of hubs) to avoid communication sniffing.
5. 5.Stronger Encryption: WEP protocol has it flaw. Intruder can collect enough packets to break the encryption. It is advisable for corporation to deploy Virtual Private Network (VPN) technology on top of WEP to encrypt wireless communications.
6. 6.Authentication: Consider other forms of authentication for the wireless network (such as RADIUS and Kerberos which currently are available for some products.)
7. 7.Use Upgradeable Solution:WLAN technology is evolving quickly. When choosing a WLAN solution, ensure AP and wireless card can update the firmware. Keep WLAN devices firmware update periodically.

Next Step of Wireless LAN Security

Two of the major security issues of WLAN are the lack of authentication and the weakness in the WEP. Some proprietary WLAN implementations, like Cisco and Lucent, have included client authentication from the 802.1x standard that is used in traditional Ethernet network. Some go a step further to do mutual authentication of client and server by adopting PKI. The Temporal Key Integrity Protocol (TKIP), initially termed as WEP2, was attempted to strengthen the encryption by using dynamic WEP keys which changes every 10,000 packets. These security enhancements will be available in the coming WLAN standards.