Instructor: Prof. Michael P. Harris, CCNA CCAI
ITSY 2400 – Operating Systems Security
Chapter 8
Wireless Security
Operating Systems Security - Chapter 8
Wireless Security
Chapter Overview
In this chapter, you will learn how wireless networks work, and understand their security
problems and the security measures for blocking threats to these networks. Attackers know
the ins and outs of wireless networks, which means that network administrators need to know
the same information to effectively block attackers. You will begin by learning the basics of
wireless networking and then learn two popular wireless networking protocols: IEEE 802.11x
and Bluetooth. Next, you’ll learn the types of attacks used against wireless networks.
Finally, you will learn wireless security measures and how to implement them in client
operating systems.
Learning Objectives
After reading this chapter and completing the exercises, students will be able to:
 Explain wireless networking and why it is used
 Describe IEEE 802.11x (a, b, g, & n) radio wave networking
 Explain Bluetooth networking
 Describe attacks on wireless networks
 Discuss wireless security measures
 Configure security for wireless interfaces in workstation operating systems
Lecture Notes
An Introduction to Wireless Networking
Wireless networking has informal and formal roots. The informal beginning of wireless
networking is in amateur radio. Amateur (Ham or shortwave) radio operators (also called
hams) are licensed by the Federal Communications Commission (FCC) to transmit voice,
Morse code, data, satellite, and video signals over radio waves and microwaves.
In the 1980s, licensed amateur radio operators received permission from the FCC to
transmit data on several radio frequencies, with 50.1 to 54.0 MHz being the lowest and 1240
to 1300 MHz being the upper ranges. The hertz (Hz) is the unit of measurement for radio
frequencies. Technically, one hertz represents a radiated alternating current or emission of
one cycle per second. Radio frequencies (RFs) are the range of frequencies above 10
kilohertz (KHz) through which an electromagnetic signal can be radiated into space.
In the Telecommunications Act of 1996, Congress further set the stage for wireless
communications by implementing wireless communications “siting” (location) and emission
standards, and by providing incentives for future development of telecommunications
Michael Palmer, GUIDE TO Operating Systems Security
Thompson/Course Technology ©2004
Page 1 of 9
ISBN: 0-619-16040-3
Instructor: Prof. Michael P. Harris, CCNA CCAI
ITSY 2400 – Operating Systems Security
Chapter 8
Wireless Security
technologies, including wireless communications. Today, wireless networks are designed and
installed to accommodate all types of needs, which include the following:





Enabling communications in areas where a wired network would be difficult to install
Reducing installation costs
Providing “anywhere” access to users who cannot be tied down to a cable
Enabling easier small and home office networking
Enabling data access to fit the application
Attacks on Wireless Networks
The widespread use of wireless networks has interested attackers for reasons that parallel the
advantages just mentioned in the text:
 The use of wireless networks in hard-to-wire locations is attractive to attackers,
because the same locations are of interest to the attackers, and a wireless network is
easier to tap into without creating attention than is a hard-wired network.
 Just as wireless networks can be less expensive to install than wired solutions, it is
relatively inexpensive for an attacker to acquire gear to tap into a wireless network.
 The “anywhere” access provided by a wireless network also gives the attacker similar
options for “anywhere” access (or attacks).
 The common use of wireless networks in small and home offices creates more
potential target sites for attackers.
 Just as wireless networks can be tailored to fit the user’s application, wireless
networks appeal to attackers who prefer working with wireless communications,
including wireless receiving devices and antennas.
Wireless Network Support Organizations
Several organizations exist to promote wireless networking. One such organization is the
Wireless LAN Association (WLANA), which is a valuable source of information about wireless
networks. WLANA is supported by wireless network device manufacturers and promoters,
including Alvarion, Cisco Systems, ELAN, Intermec, Intersil, Raylink, and Wireless Central.
WINLAB is a consortium of universities researching wireless networking, located at Rutgers
University.
Why a Wireless Network Might Be Used Instead of a Wired Network
A wired network can be difficult or even impossible to install in some situations. Many
organizations use an integrated network that combines wired and wireless networks.
Quick Reference
Discuss the implementation of wired and wireless networks.
Radio Wave Technologies
Network signals are transmitted over radio waves in a fashion similar to the way your local
radio station broadcasts, but network applications use much higher frequencies. A line-ofsight transmission is one in which the signal goes from point-to-point, following the surface
of the Earth, rather than bouncing off the atmosphere to skip across the country or across
Michael Palmer, GUIDE TO Operating Systems Security
Thompson/Course Technology ©2004
Page 2 of 9
ISBN: 0-619-16040-3
Instructor: Prof. Michael P. Harris, CCNA CCAI
ITSY 2400 – Operating Systems Security
Chapter 8
Wireless Security
continents (like shortwave radio). Most wireless radio waves network equipment employs
spread spectrum technology for packet transmissions. This technology uses one or more
adjoining frequencies to transmit the signal across greater bandwidth.
Radio wave communications can save money where it is difficult or expensive to run cable.
There are some disadvantages to radio wave communications. One is that many network
installations are implementing high-speed communications of 100 Mbps and higher to handle
heavy data traffic, including transmission of large files.
IEEE 802.11 Radio Wave Networking
There are several types of radio wave wireless communications in use, but the types that
offers significant advantages in terms of compatibility and reliability are the IEEE 802.11x
standards. Many wireless network users are deploying IEEE 802.11x devices because these
devices do not rely on proprietary communications, particularly in the lower (and slower)
902-928 MHz range common to older wireless devices (like wireless telephones), and so that
802.11x devices from different vendors can be intermixed.
The IEEE 802.11x standards are also called the IEEE Standards for Wireless LAN Medium
Access Control (MAC) and Physical Layer (PHY) Specifications. The standards encompasses
wireless data communications stations that are either fixed or mobile. The 802.11x
standards involves two kinds of communications. The first is asynchronous communications,
in which communications occur in discrete units, with the start of a unit signaled by a start
bit at the front and a stop bit at the back end. The second type consists of communications
governed by time restrictions, in which the signal must reach its destination within a given
amount of time, or it is considered lost or corrupted.
Wireless Components
Wireless communications usually involve three main components: a wireless network
interface card (WNIC) that functions as a transmitter/receiver (transceiver), an access
point (AP), and antennas. The transceiver card is a wireless NIC (WNIC) that functions at
both the physical and data-link layers of the OSI model. Most WNICs are compatible with
Microsoft’s Network Driver Interface Specification (NDIS) and Novell’s Open Data-link
Interface (ODI) specification.
An access point is a device that attaches to a cabled network and that services wireless
communications between WNICs and the cabled network. An antenna is a device that sends
out (radiates or transmits) and picks up (receives) radio waves.
Directional Antenna
A directional antenna sends the radio waves in one main direction and generally can amplify
the radiated signal to a greater degree than an omnidirectional antenna. Amplification of
the radiated signal is called gain. In wireless networking, a directional antenna is typically
used to transmit radio waves between antennas on two buildings connected to access points,
as shown in Figure 8-2 on page 367t.
Michael Palmer, GUIDE TO Operating Systems Security
Thompson/Course Technology ©2004
Page 3 of 9
ISBN: 0-619-16040-3
Instructor: Prof. Michael P. Harris, CCNA CCAI
Chapter 8
Wireless Security
ITSY 2400 – Operating Systems Security
Omnidirectional Antenna
An omnidirectional antenna radiates the radio waves in all directions. Because the signal is
more diffused than the signal of a directional antenna, it is likely to have less gain. In
wireless networking, an omnidirectional antenna is often used on an indoor network, in which
users are mobile and need to broadcast and receive in all directions.
Wireless Networking Access Methods
There are two access methods incorporated into the 802.11x standards: priority-based
access and Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). In prioritybased access, the access point also functions as a point coordinator. The point coordinator
establishes a contention-free period, during which stations cannot transmit, unless first
contacted by the point coordinator. Priority-based access is intended for communications
that are time-sensitive. Priority-based access is also called point coordination function in
the 802.11x standards.
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is a more commonly
used access method in wireless networking, and is also called the distributed coordination
function. In CSMA/CA, a station waiting to transmit listens to determine if the
communication frequency is idle. It determines if the frequency is idle by checking the
Received Signal Strength Indicator (RSSI) level. If the frequency remains idle for DIFS
seconds, stations avoid a collision because each station needing to transmit calculates a
different amount of time to wait (the backoff time) before checking the frequency again to
see if it is idle.
Handling Data Errors
Wireless network communications are subject to interference from weather, solar flares,
competing wireless communications, physical obstacles, and other sources. Any of these
forms of interference can corrupt the successful reception of data. The automatic repeat
request (ARQ) characteristic in the 802.11x standards help wireless devices take these
possibilities into account. With ARQ, if the station sending a packet does not receive an
acknowledgement (ACK) from the destination station, the sending station automatically
retransmits the packet.
Transmission Speeds
The 802.11x wireless transmission speeds and related radio wave frequencies are defined
through four current standards: 802.11a, 802.11b, 802.11g and 802.11n. (The transmission
speeds in these standards correspond to the physical layer of the OSI reference model.) The
802.11a standard outlines the following specs in the 5-GHz frequency range for wireless
networking:
 6 Mbps
 24 Mbps


9 Mbps
36 Mbps


12 Mbps
48 Mbps


18 Mbps
54 Mbps
The 802.11a standard is performed at the physical layer of the OSI reference model, and it
uses orthogonal frequency-division multiplexing (OFDM) to radiate the data signal over
Michael Palmer, GUIDE TO Operating Systems Security
Thompson/Course Technology ©2004
Page 4 of 9
ISBN: 0-619-16040-3
Instructor: Prof. Michael P. Harris, CCNA CCAI
Chapter 8
Wireless Security
ITSY 2400 – Operating Systems Security
radio waves. The 802.11b (and 802.11g) standards use in the 2.4 GHz frequency range.
802.11b offers data transmission speeds that include:
 1 Mbps

2 Mbps

10 Mbps

11 Mbps
The 802.11b standard uses direct sequence spread spectrum modulation (DSSS), which is a
method for radiating a data-carrying signal over radio waves. DSSS first spreads the data
across any of up to 14 channels, each 22 MHz in width. Table 8-1 on page 372 summarizes the
characteristics of 802.11a , 802.11b, and 802.11g.
Infrared Wireless Networking
An alternative to using radio wave communications is the 802.11R standard for infrared
transmissions. Infrared light can be used as a medium for network communications. Infrared
can be broadcast in a single direction or in all directions, using a light-emitting diode (LED)
to transmit and a photodiode to receive.
There are also some significant disadvantages to this communications medium. One is that
data transmission rates only reach up to 16 Mbps for directional communications, and they
can be less than 1 Mbps for omnidirectional communications. Another disadvantage is that
infrared does not go through walls. Diffused infrared transmits by reflecting the infrared
light from the ceiling, as shown in Figure 8-4 on page 374. The IEEE 802.11R standard is for
diffused infrared communications, enabling a transmission range between 30 and 60 feet,
depending on the height of the ceiling.
Using Authentication to Disconnect
One function of the authentication process is disconnecting when a communication session is
complete. The authentication process during disconnects is important because it prevents
two communicating stations from being inadvertently disconnected by a non-authenticated
station.
802.11x Network Topologies
Two general topologies are used in the 802.11x standards. The first topology, the
independent basic service set (IBSS) topology is the simplest, consisting of two or more
wireless stations that can be in communication with one another.
The extended service set (ESS) topology deploys a more extensive area of service than the
IBSS topology by using one or more access points. An ESS can be a small, medium-sized, or
large network and can significantly extend the range of wireless communications. The ESS
topology is shown in Figure 8-6 on page 375. In terms of security, the ESS topology is more
secure, because security that is configured through access points is typically stronger than
security configured at workstations for the IBSS topology.
Multiple-Cell Wireless LANs
When an ESS wireless topology employs two or more access points, it becomes a multiplecell wireless LAN. In this topology, the broadcast area around a single access point is a cell.
A PC or hand-held device equipped with a WNIC can move from cell to cell, which is called
roaming.
Michael Palmer, GUIDE TO Operating Systems Security
Thompson/Course Technology ©2004
Page 5 of 9
ISBN: 0-619-16040-3
Instructor: Prof. Michael P. Harris, CCNA CCAI
ITSY 2400 – Operating Systems Security
Chapter 8
Wireless Security
Although 802.11x does not specifically define a standard for a roaming protocol, one
protocol developed by wireless vendors, called Inter-Access Point Protocol (IAPP), does
generally conform to the 802.11 standard.
Bluetooth Radio Wave Networking
Bluetooth is a wireless technology defined through the Bluetooth Special Interest Group.
Bluetooth uses frequency hopping in the 2.4-GHz frequency range (2.4-2.4835 GHz)
designated by the FCC for unlicensed ISM transmissions.
Frequency hopping means that transmissions hop among 79 frequencies for each packet that
is sent. Bluetooth uses time-division duplexing (TDD), which means that packets are sent in
alternating directions, using time slots.
Anatomy of Attacks on Wireless Networks
One of the first steps in an attack is locating wireless network targets. To do this, there are
four main elements that an attacker may use:




An antenna
A wireless network interface card
A GPS
War-driving software
Rogue Access Point
A rogue access point is one that is installed without the knowledge of the network
administrators and that is not configured to have security. Whether innocently installed or
not, the rogue access point provides an attacker with an unsecured entryway to the packet
communications in that portion of the network. One way to limit the possibility of rogue
access points is to create and publish an organizational policy that prohibits users from
installing their own wireless devices, specifically access points and WNICs.
Attacks Through Long-Range Antennas
An attacker from the inside of a network can equip a rogue access point with a long-range
antenna (high decibel gain) to increase the reach of a signal, so that it is possible to monitor
a network from a greater distance without being observed.
Man-in-the-Middle Attacks
Some wireless networks are particularly susceptible to man-in-the-middle attacks. A manin-the-middle attack occurs when the attacker is able to intercept a message meant for a
different computer. The attacker is literally operating between two communicating
computers and has the opportunity to:
 Listen in on communications
 Modify communications
Michael Palmer, GUIDE TO Operating Systems Security
Thompson/Course Technology ©2004
Page 6 of 9
ISBN: 0-619-16040-3
Instructor: Prof. Michael P. Harris, CCNA CCAI
Chapter 8
Wireless Security
ITSY 2400 – Operating Systems Security
Pitfalls of Wireless Communications
When you plan for wireless communications, you should consider the following approaches:
 Avoid using wireless communications on a network that transports extremely sensitive
information, such as financial information, company strategies, and organizational
secrets.
 Configure the tightest security available on all wireless devices.
Wireless Security Measures
There are many wireless security measures that can be taken. A sampling of the most
common follows:
 Open system authentication
 Wired Equivalent Privacy (WEP)
 802.1x security



Shared key authentication
Service set identifier (SSID)
802.11i security
Open System Authentication
In open system authentication, any two stations can authenticate each other. The sending
station simply requests to be authenticated by the destination station or access point.
Shared Key Authentication
Shared key authentication uses symmetrical encryption, in which the same key is
employed for both encryption and decryption. The authentication technique is
challenge/response, because the computer being accessed requests a “shared secret” from
the computer initiating the connection, such as the encryption key both will use to encrypt
and decrypt information.
Quick Reference
Discuss the general steps used in wireless communication shown on page 380.
Wired Equivalent Privacy (WEP)
In 802.11 communications, the shared secret is the Wired Equivalent Privacy (WEP) key
used for encryption and decryption, --and the key itself is encrypted. WEP was developed by
the IEEE. When you configure a simple wireless network, plan to configure all devices to use
WEP, if it is offered.
Service Set Identifier
When you purchase wireless devices, ensure that they support a service set identifier (SSID).
The SSID is an identification value that typically can be up to 32 characters in length. SSID is
not truly a password, but rather a value that defines a logical network for all devices that
belong to it –similar to a workgroup name. The SSID is typically used in ESS topology
networks, and not in IBSS topologies.
Michael Palmer, GUIDE TO Operating Systems Security
Thompson/Course Technology ©2004
Page 7 of 9
ISBN: 0-619-16040-3
Instructor: Prof. Michael P. Harris, CCNA CCAI
Chapter 8
Wireless Security
ITSY 2400 – Operating Systems Security
802.1x Security
802.1x is a wireless and wired authentication approach offered by the IEEE, and is supported
in some operating systems, such as in Windows XP and Windows Server 2003. This is a portbased form of authentication, in which communications are defined to occur over a specific
port (wireless or LAN-based port).
Quick Reference
Discuss the general steps used in 802.1x for authentication in wireless
communications as shown on page 382 of the text.
For best security, the authentication server should be a different computer than the
authenticator.
802.1i Security
A relatively new currently proposed standard for 802.11 security is 802.1i, which builds on
the 802.1x standard. Not only is 802.1i compatible with 802.1x, but it also uses the
Temporal Key Integrity Protocol (TKIP) for creating random encryption keys from one
master key. TKIP is similar to the block cipher method, with the block being equivalent to a
packet.
Configuring Security for Wireless Interfaces in Workstation Operating Systems
Windows 2000/XP, Windows Server 2003/2008, Windows Vista, Linux, and Mac OS X are all
examples of operating systems that support the use of wireless network interface cards.
Configuring Security for Wireless Connectivity in Windows 2000 Professional
Windows 2000 Professional supports the use of WNICs and the following security techniques:




Open system authentication
WEP (40-bit and 104-bit keys)
802.1x
Authentication through RADIUS



Shared key authentication
SSID
EAP
Configuring Security for Wireless Connectivity in Windows XP Professional
Windows XP Professional supports a broad range of WNICs for wireless connectivity. When a
WNIC is installed, Windows XP Professional supports the following security:




Open system authentication
WEP (40-bit and 104-bit keys)
802.1x
Authentication through RADIUS




Shared key authentication
SSID
EAP and EAP-TLS
PEAP
Configuring Security for Wireless Connectivity in Linux
Linux also supports the use of WNICs. A WNIC is installed and configured through the GNOME
desktop Network Device Control tool. Linux currently supports:
Michael Palmer, GUIDE TO Operating Systems Security
Thompson/Course Technology ©2004
Page 8 of 9
ISBN: 0-619-16040-3
Instructor: Prof. Michael P. Harris, CCNA CCAI
Chapter 8
Wireless Security
ITSY 2400 – Operating Systems Security
 Open system authentication
 WEP (40-bit and 104-bit keys)
 802.1x


Shared key authentication
SSID
Configuring Security for Wireless Connectivity in Mac OS X
Mac OS X and Apple’s iMac, iBook, Powerbook G4, and Power Mac G4 computers come with
built-in compatibility for AirPort WNICs and base stations (access points). AirPort is
compatible with 802.11b wireless communications, and AirPort WNICs and base stations
currently support the following security:
 Open system authentication
 WEP (40-bit and 104-bit keys)
 RADIUS authentication



Shared key authentication
SSID
Firewall protection
Discussion Questions
1) Discuss the different strategies used in the implementation of a wireless network.
2) Discuss the different strategies used for implementing strong security in a wireless
network.
Additional Activities
1) Utilizing the Internet, research the advantages and disadvantages of wireless
networking.
2) Prepare a chart depicting the procedures used in configuring security in a wireless
network for each operating system discussed in this lesson.
Michael Palmer, GUIDE TO Operating Systems Security
Thompson/Course Technology ©2004
Page 9 of 9
ISBN: 0-619-16040-3