security

CTS 063: Wi-Fi Security – Securing Access

François Vergès discusses Wi-Fi security and securing the access to the Wi-Fi network.

On episode 56, we have talked about the legacy Wi-Fi security mechanisms and we explained why they are not considered safe and secure anymore and why we should not be using them in our modern Wi-Fi networks deployments.

In this follow up episode, we want to start going over the stronger and safer way to secure a Wi-Fi network. We are focusing on how the client devices can securely connect and exchange data over a Wi-Fi network.

This episode will answer the following questions:

  • How does a client station securely connect to a Wi-Fi network?
  • What is WPA?
  • What is the difference between WPA and WPA2?
  • How does the Personal and Enterprise mode of operation work?
  • What is 802.1X and how is it related to Wi-Fi security?
  • What is required in order to authenticate client devices using 802.1X?
  • What is the 4-way handshake?
  • What are the secured EAP methods?
  • What do we need to do in order to securely use WPA/PA2-Personal?
  • What is considered a strong password?
  • How does a client station securely exchange data over the Wi-Fi network?

Resources

Here are the links to the videos we talked about during this episode:

Here are a couple of diagrams related to the Wi-Fi security topic:

 

 

If we want to dive deeper into the topic of Wi-Fi security, you can read the following book:

Other resources we talked about:

Password generation website: xkpasswd.net

CTS 056: Legacy Wi-Fi Security

Pre-RSNA (Robust Security Network Association) is the main topic for this episode. Francois and I talk about why you shouldn’t be using these legacy security methods and in future episodes we talk about the Wi-Fi security mechanisms you should be using. This is part one of a multi-part series.

In the 802.11 Standard there are two ways to join a BSS:

  • Open System Authentication (WEP can then be used to encrypt the communications) OR
  • Shared Key Authentication (WEP is used for both the authentication and to encrypt the communications)

Legacy Security Methods

WEP

A couple of weaknesses have been found on WEP and it makes it very easy to crack.

The characteristics of WEP include:

  • Using static keys
  • Uses RC4 as a Cipher for encryption
  • Attacks against WEP:
    • Collision attack against the IV (Initialization Vector) – only 24 bits (repeat itself every 16 millions frames)
    • Attack against the weak encryption keys (40 or 104 bit)
    • Packet injection is a technic used to speed up the attacks against WEP
    • The ICV (Integrity Check Value) mechanism is also considered weak (Bit-flipping attack can be used to alter WEP packets)

IV Seen under WEP parameters

MAC Filtering

This is not really a security method but a common one people use. MAC filtering is a way to create a whitelist of MAC addresses allowed to join the Wi-Fi network. It’s easy to capture packets to find an authorized MAC address and then spoof it. L2 information are not encrypted in 802.11 frames. L3 to L7 is encrypted.

Hidden SSID

Another method which is not really security but commonly used. The SSID is not broadcasted in the beacon frames. The SSID still visible is management frames when a STA connects to it. You can spot the hidden SSID in a directed Probe Request frame.

TKIP

It has been cracked. Not as easily as WEP but it has been cracked (using the same Cipher: RC4). Has been replaced by CCMP/AES. Also, TKIP only allows speeds up to 54Mbps. Like WEP, TKIP will be going away.

Links and Resources

CTS 054: 4 Scary Things Lurking in Your Wi-Fi

In the spirit of Halloween I wanted to go into a theme of scare and fright. While these may not make the hair on your neck stand, I don’t know maybe they do, these issues can lead to managing a scary wireless network. Scary because of end user complaints and because these can be running on newer wireless networks.

Those four scary things are

  1. Low data rate clients
  2. WPA2, even WEP
  3. 2.4 GHz Zombies
  4. Non Wi-Fi Interference

But before we jump into those 4 things, I wanted to update everyone on my journey to CWNE. This weekend I decided to take the CWDP exam. After a little under a month of studying I successfully passed.

The biggest resource I used was the official study guide by Tom Carpenter. It covered all the objectives of the exam. I felt this one was easier for me than the CWNA or CWAP. The topics were straight forward and common sense. This is probably because of my experience coming from designing some wireless networks but it came natural for me.

Now I plan on tackling the CWSP. Probably my weakest area but I look forward to learning from the Sybex book that was released in September 2016. I also plan on doing quite a few labs to get the security topics down.

4 Scary Things Lurking In Your Wi-Fi

Low data rate clients

Low data rate clients take longer to communicate over the air. They slow down devices trying to communicate on faster data rates. This makes it an inefficient wireless network.

An easy solution is to disable lower data rates such as 1, 2, 5.5, 6, and even 9 Mbps.

Keep in mind that this will shrink your cell size. So design properly!

WPA2, even WEP

I’ve seen some networks still utilizing WEP. There’s no use for this anymore. It’s been proven to be insecure and newer devices support much stronger encryption. WPA2 is also now crackable so it’s time to use stronger security.

Both security methods are a management nightmare because a passphrase has to be changed on every device.

The best solution here is to use RADIUS as much as possible. Keep WPA2 only devices on a separate SSID.

2.4 GHz zombies

The IoT band. The land of interference. A place where all single band clients get together. 2.4 GHz is a crowded spectrum.

Move your clients to 5 GHz as much as possible to avoid the congestion seen on 2.4 GHz. To troubleshoot issues on 2.4 spectrum use a protocol and spectrum analyzer.

Non Wi-Fi Interference

This also relates to the previous item. Non Wi-Fi interference causes high retransmissions on the network. This leads to low throughput.

End users characterize this as slow Wi-Fi, unusable, and poor performance.

Start looking into causes of anything over 15% retry rate. You can use tools such as Wireshark or Metageek’s Eye P.A.

Check out this previous episode around Spectrum Analysis while you’re at it.