Wireless Networking (WiFi)
update
IRMA-BCS meeting
21st October 2003 - 4.30pm
Alex Brewer, Morgan Stanley Audit Group
They look quite innocuous don’t
they…
• What does Wi-Fi stand for?
Disclaimer
• The views in this paper are mine…
Wi-Fi update: Agenda
•
•
•
•
•
•
•
Introductions, fire, tea, after tea
The story so far (2002)
Security shopping list (2002)
The results of the 802.11b standard
What’s new, what’s cool?
Is this better for me?
Questions
The story so far (2002)
•
•
•
•
Emerging technology/cool stuff/toys
Cost savings for companies
802.11a or b?
WEP design -> BIG security shopping list
Wireless (In)Security Shopping list
(1 of 3)
• POLICY!! You do need one. You do.
Yes really. Honest.
• Data protection act
• NOT for mission critical systems
Wireless (In)Security Shopping list
(2 of 3)
•
•
•
•
•
Change Access point defaults
Turn power down
Access point physical security
Access point reverts to insecure
Use strong passwords
Wireless (In)Security Shopping list
(3 of 3)
•
•
•
•
•
Firewall – WLAN and on laptop
VPN
Use WEP (128bit) and vendor schemes
Use SSID/MAC security
Turn off SSID broadcast
The results of 802.11b
• War driving
• AP location software (netstumbler)
• Cracking software (AirSnort/WEPcrack)
The results: on the map!
What’s new, what’s cool (1 of 3)?
• What are companies getting up to?
• My company has no wireless networks
• Spread of Wi-Fi brand hotspots
(Costa Coffee 13 New Bridge Street - £7ph)
What’s new, what’s cool (2 of 3)?
• New security: WPA brand (Wireless Protected Access)
WEP
Encryption
Authentication
WPA
Cracked by 'engineers'
Fixes all WEP’s flaws - uses
TLS/AES
40 bit keys minimum
128 bit keys minimum
Static key – same key used by
everyone on the network
Dynamic session keys. Per
user/session/packet keys
Manual distribution of keys–
hand typed into each device
Automatic distribution of keys
Flawed, used WEP key itself
for authentication
Strong user authentication,
uses 802.1X / EAP (rfc2716)
What’s new, what’s cool (3 of 3)?
• 802.11a, b, g, h or i?
• Kerb crawling
• Always on (just like broadband)
Is this better for me?
• It depends where you are now
–
–
–
–
Are security requirements ever ‘none’?
Security implemented?
Early adopters?
Thinking about it?
• Mission critical functions?
Questions/further reference
• Please ask, mail or call: alex.brewer@morganstanley.com
tel 020 7425 9542
• www.wi-fi.org
• www.securityfocus.com/infocus/1732 - (1735 for part 2)
• http://csrc.nist.gov/publications/drafts/draft-sp800-48.pdf
(NIST’s bluetooth security paper, off topic, but fyi)
Summary
Summarise
Is this better
for me?
depends where UR
sec’y reqts ever ‘none’
Sec’y missing
Early adopters
Thinking about it
Mission critical
Introduction
Times
Fire
Refreshments
Questions
Why are you here….
The story so far
WiFi update
RESULTS
What’s new,
what’s cool?
SPREADING FROM IT
NO NETWORK
A –5GHZ.
HOTSPOTS
B –2.4GHZ HACK
WPA
G –2.4GHZ
802.11abghi
H –5GHZ MGD
Kerb crawling
I –WPA,
Always on
War driving
SOFTWARE
On the map!
COOL STUFF
Cost Savings
802.11A or B?
BIG shopping list
POWER DOWN
PHYSICAL SEC’Y
AP REVERTS
STRONG PWDS
FIREWALLS
VPN
USE WEP 128
POLICY
SSID/MAC SEC’Y
DPA
MISSION CRIT SSID BROADCAST
CHANGE DEF’TS