1

2
The Golden Gate Bridge, completed after more than four years of construction at
a cost of $35 million, is a visitor attraction recognized around the world. The GGB
opened to vehicular traffic on May 28, 1937 at twelve o'clock noon, ahead of
schedule and under budget, when President Franklin D. Roosevelt pressed a
telegraph key in the White House announcing the event.
The Golden Gate Bridge's 4,200 foot long main suspension span was a world
record that stood for 27 years. The bridge's two towers rise 746 feet making them
191 feet taller than the Washington Monument. The Golden Gate Bridge crosses
Golden Gate Strait which is about 400 feet, or 130 meters, deep.

The chief engineer for the entire project was Charles H. Purcell (1885-1951)
whose competency was matched only by his modesty. Assisting him was
Charles E. Andrew as bridge project engineer and Glen Woodruff as
designer.

What would change… not a damn thing. We know a lot about bridges buy
security is much more hazy and it is changing all the time.

3
Don’t make your network low hanging fruit to attackers… make them work for it.
Think of security as layers and weight cost, overhead, and maintenance with
different security schemes.

If possible, put the wireless network behind its own routed interface so you can
shut it off if necessary.
Pick a random SSID that gives nothing about your network away.
Set your AP to 'Closed Network'.
Set the authentication method to 'Open'.
Have your broadcast keys rotate every ten minutes.
Use 802.1X for key management and authentication
Look over the available EAP protocols and decide which is right for your
environment.
Set the session to time out every ten minutes or less.

4
We think the tech will save us but we may not understand it correctly. We often
use the wrong tech. Tech always has flaws. Tech is changing and new products
are coking out everyday. People don’t do what they are told. People may not be
give the proper information. People sometimes lie.

5
Short for Wired Equivalent Privacy, a security protocol for wireless local area
networks (WLANs) defined in the 802.11b standard. WEP is designed to provide
the same level of security as that of a wired LAN. LANs are inherently more
secure than WLANs because LANs are somewhat protected by the physicality's
of their structure, having some or all part of the network inside a building that can
be protected from unauthorized access. WLANs, which are over radio waves, do
not have the same physical structure and therefore are more vulnerable to
tampering. WEP aims to provide security by encrypting data over radio waves so
that it is protected as it is transmitted from one end point to another. However, it
has been found that WEP is not as secure as once believed. WEP is used at the
two lowest layers of the OSI model - the data link and physical layers; it therefore
does not offer end-to-end security.
Under 802.11b WEP is optional!

MPDU
MAC protocol data unit: The unit of data exchanged between two peer MAC
entities using the services of the physical layer (PHY).
MSDU
MAC service data unit: Information that is delivered as a unit between MAC
service access points (SAPs).

6
Short for Wired Equivalent Privacy, a security protocol for wireless local area
networks (WLANs) defined in the 802.11b standard. WEP is designed to provide
the same level of security as that of a wired LAN. LANs are inherently more
secure than WLANs because LANs are somewhat protected by the physicalities
of their structure, having some or all part of the network inside a building that can
be protected from unauthorized access. WLANs, which are over radio waves, do
not have the same physical structure and therefore are more vulnerable to
tampering. WEP aims to provide security by encrypting data over radio waves so
that it is protected as it is transmitted from one end point to another. However, it
has been found that WEP is not as secure as once believed. WEP is used at the
two lowest layers of the OSI model - the data link and physical layers; it therefore
does not offer end-to-end security.
Under 802.11b WEP is optional!

7
8.2.2 Properties of the WEP algorithm
The WEP algorithm has the following properties:
—
It is reasonably strong:
Details of the RC4 algorithm are available from RSA. Please contact RSA for algorithm details and the
uniform RC4 licensee terms that RSA offers to anyone wishing to use RC4 for the purpose of implementing
the IEEE 802.11 WEP option.
The security afforded by the algorithm relies on the difficulty of discovering the secret key through a brute-
force attack. This in turn is related to the length of the secret key and the frequency of changing keys. WEP
allows for the changing of the key ( k ) and frequent changing of the IV.
— It is self-synchronizing:
WEP is self-synchronizing for each message. This property is critical for a data-link level encryption
algorithm, where “best effort” delivery is assumed and packet loss rates may be high.
— It is efficient:
The WEP algorithm is efficient and may be implemented in either hardware or software.
— It may be exportable:
Every effort has been made to design the WEP system operation so as to maximize the chances of
approval, by the U.S. Department of Commerce, of export from the U.S. of
products containing a WEP implementation. However, due to the legal and political climate toward
cryptography at the time of publication, no guarantee can be made that any specific IEEE 802.11
implementations that use WEP will be exportable from the USA.
— It is optional:
The implementation and use of WEP is an IEEE 802.11 option.

8
9
Note; The green triangles in the slide represent combiners that just concatenated two
values.

The secret key is concatenated with an initialization vector (IV) and the resulting seed is
input to a PRNG. The PRNG outputs a key sequence k of pseudorandom octets equal in
length to the number of data octets that are to be transmitted in the expanded MPDU
plus 4 [since the key sequence is used to protect the integrity check value (ICV) as well
as the data]. Two processes are applied to the plaintext MPDU. To protect against
unauthorized data modification, an integrity algorithm operates on P to produce an ICV.
Encipherment is then accomplished by mathematically combining the key sequence with
the plaintext concatenated with the ICV. The output of the process is a message
containing the IV and ciphertext. The WEP PRNG is the critical component of this
process, since it transforms a relatively short secret key into an arbitrarily long key
sequence. This greatly simplifies the task of key distribution, as only the secret key
needs to be communicated between STAs. The IV extends the useful lifetime of the
secret key and provides the self-synchronous property of the algorithm. The secret key
remains constant while the IV changes periodically. Each new IV results in a new seed
and key sequence, thus there is a one-to-one correspondence between the IV and k.
The IV may be changed as frequently as every MPDU and, since it travels with the
message, the receiver will always be able to decipher any message. The IV is
transmitted in the clear since it does not provide an attacker with any information about
the secret key, and since its value must be known by the recipient in order to perform the
decryption.

10
11
The encypherment process has expanded the original Frame Body by 8 octets, 4
for the IV and 4 for the ICV. The ICV is calculated on the data field only.
The WEP ICV shall be a 32-bit field containing the CRC-32, as defined in 7.1.3.6
calculated over the Data (PDU) field as depicted in Figure 46. The expanded
Frame Body shall include a 32-bit IV field immediately preceding the original
Frame Body. This field shall contain three subfields: a three-octet field that
contains the initialization vector, a 2-bit key ID field, and a 6-bit pad field. The
ordering conventions defined in 7.1.1
apply to the IV fields and its subfields and to the ICV field. The key ID subfield
contents select one of four possible secret key values for use in decrypting this
Frame Body. Interpretation of these bits is discussed further in 8.3.2. The
contents of the pad subfield shall be zero. The key ID occupies the two msb of
the last octet of the IV field, while the pad occupies the six lsb of this octet.
The WEP mechanism is invisible to entities outside the IEEE 802.11 MAC data
path.

12
WEP Maximum seed length is 256-bits.
For WEP protected frames, the first four octets of the frame body contain the IV field for
the MPDU. This field is defined in 8.2.5. The PRNG seed is 64 bits. Bits 0 through 23 of
the IV correspond to bits 0 through 23 of the PRNG seed, respectively. Bits 0 through 39
of the secret key correspond to bits 24 through 63 of the PRNG seed, respectively. The
bit and octet numbering conventions in 7.1.1 apply to the PRNG seed, secret key, and
IV. The numbering of the octets of the PRNG seed corresponds to that of the RC4 key.
The IV is followed by the MPDU, which is followed by the ICV. The WEP ICV is 32 bits.
The WEP Integrity Check algorithm is CRC-32, as defined in 7.1.3.6.
As stated previously, WEP combines k with P using bitwise XOR.

13
For hex: 40 bit key would require 10 hex digits and for 104 bit key would require
26 characters.

14
15
The option to configure multiple WEP keys on an access point does not play any
role in dispersing the encryption load. It is a rarely used option that lets a client
and access point choose a different key to encrypt unicast traffic. The access
point still has to encrypt and decrypt the same amount of traffic. Supporting
multiple keys simply means the access point could use different encryption keys
for different traffic streams. Do not assume that this can be used to isolate users
into different private groups or broadcast domains, since broadcasts/multicasts
will be seen by all clients unless you have one of the newer WLAN systems.
A larger issue for the business is that the access point in question has this option
for four keys because it supports static WEP. The security flaws of static WEP
are well documented, the primary drawback being the ease with which a static
WEP key can be snooped and learned.

WEP keys
There are four WEP secret key values. The WEP key must be set up exactly the
same on the Access Points
as they are on the wireless client stations. The same value must be assigned to
Key 1 on both the Access
Point and the client stations, and so on, for all four WEP keys. Also, the active
key on both the Access
Point and the clients must be the same.

16
You can reduce the vulnerability by changing the WEP keys frequently. So-called
"dynamic WEP" solutions assign different WEP keys to each user. By reducing
the amount of traffic encrypted using any particular WEP key, the system
provides less ammunition for Air Snort's analysis. Dynamic WEP solutions are
available from Cisco, Avaya, and 3Com. Beware, however, that currently,
dynamic WEP solutions are non-interoperable, so you must rely on a single
vendor's access points and client cards.
Even with these techniques in place, however, you are still relying on WEP
encryption, and tools such as Air Snort can eventually subvert things.

17
Key management is not specified in the WEP standard; without interoperable key
management, keys will tend to be long-lived and of poor quality. Most wireless
networks that use WEP have one single WEP key shared between every node on
the network. Access points and client stations must be programmed with the
same WEP key. Since synchronizing the change of keys is tedious and difficult,
keys are seldom changed. Also, the 802.11 standard does not specify any WEP
key sizes other than 40 bits.

18
19
WEP has been widely criticized for a number of weaknesses:
Key management and key size
Key management is not specified in the WEP standard; without interoperable key
management, keys will tend to be long-lived and of poor quality. Most wireless networks
that use WEP have one single WEP key shared between every node on the network.
Access points and client stations must be programmed with the same WEP key. Since
synchronizing the change of keys is tedious and difficult, keys are seldom changed.
Also, the 802.11 standard does not specify any WEP key sizes other than 40 bits.
The IV is too small

WEP's IV size of 24 bits provides for 16,777,216 different RC4 cipher streams for a
given WEP key, for any key size. Remember that the RC4 cipher stream is XOR-ed with
the original packet to give the encrypted packet that is transmitted, and the IV is sent in
the clear with each packet. The problem is IV reuse. If the RC4 cipher stream for a given
IV is found, an attacker can decrypt subsequent packets that were encrypted with the
same IV or can forge packets.
Weakness: The ICV algorithm is not appropriate
The WEP ICV is based on CRC-32, an algorithm for detecting noise and common errors
in transmission. CRC-32 is an excellent checksum for detecting errors, but an awful
choice for a cryptographic hash. Better-designed encryption systems use algorithms
such as MD5 or SHA-1 for their ICVs.
Authentication messages can be easily forged

20
In cryptography, the Advanced Encryption Standard, or AES, is a block cipher
adopted as an encryption standard by the US government, and is expected to be used
worldwide and analyzed extensively, as was the case with its predecessor, the Data
Encryption Standard (DES). It was adopted by National Institute of Standards and
Technology (NIST) as US FIPS PUB 197 in November 2001 after a 5-year
standardization process.
AES was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen,
and was based on their previous design, Square. It is also known by the name of
"Rijndael", something best pronounced by non-Dutch speakers more or less as "Rhine
dahl" (a long "i" and a silent "e"). Daemen and Rijmen have announced that, for those
who object, they have several other names already prepared which will be even more
difficult to pronounce. Strictly speaking, AES is not precisely Rijndael, as Rijndael
supports a larger range of block and key sizes); AES has a fixed block size of 128 bits
and a key size of 128, 192 or 256 bits.
Specifically, AES is an iterative, symmetric-key block cipher that can use keys of 128,
192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes). Unlike
public-key ciphers, which use a pair of keys, symmetric-key ciphers use the same key to
encrypt and decrypt data. Encrypted data returned by block ciphers have the same
number of bits that the input data had. Iterative ciphers use a loop structure that
repeatedly performs permutations and substitutions of the input data.
How is that pronounced ?
If you're Dutch, Flemish, Indonesian, Surinamer or South-African, it's pronounced like
you think it should be. Otherwise, you could pronounce it like "Reign Dahl", "Rain Doll",
"Rhine Dahl". We're not picky. As long as you make it sound different from "Region
Deal".

21
22
Networking makes it easy to share Internet access and data. But you wouldn't want to share your
information with just anyone. With a wireless network, your information is traveling through the
airwaves—not physical wires, so anyone within range can "listen in" on your network. Here are four
essential security measures you should take to secure your wireless network.
Change the default SSID (network name).
Disable the SSID broadcast option.
Change the default password needed to access a wireless device.
Enable MAC address filtering.
Change the default SSID.
Your wireless devices have a default SSID set by the factory. The SSID is the name of your wireless
network, and it can be anything you wish. Linksys wireless products use linksys as the default SSID.
Hackers know these defaults and can try them to join your network. Change the network's SSID to
something unique, and make sure it doesn't refer to the networking products you use. As an added
precaution, be sure to change the SSID on a regular basis, so any hacker who may have figured out
your network's SSID in the past will have to figure out the SSID again and again. This will deter future
intrusion attempts.
Disable SSID broadcast.
By default, most wireless networking devices are set to broadcast the SSID, so anyone can easily join
the wireless network. But hackers will also be able to connect, so unless you're running a public
hotspot, it's best to disable SSID broadcast. Change the default password needed to access a
wireless device.
For wireless products such as access points and routers, you will be asked for a password when you
want to change their settings. These devices have a default password set by the factory. (The Linksys
default password is admin.) Hackers know these defaults and will try them to access your wireless
device and change your network settings. To thwart any unauthorized changes, customize the device's
password so it will be hard to guess. Enable MAC address filtering.
If your wireless products—such as access points and routers—offer it, enable MAC address filtering.
The MAC address is a unique series of numbers and letters assigned to every networking device. With
MAC address filtering enabled, wireless network access is provided solely for wireless devices with
specific MAC addresses. This makes it harder for a hacker to access your network using a random
MAC address. There are other security measures you can take as well, but these four are the most
essential. For more information on the latest, most secure encryption available, Wi-Fi Protected
Access™ (WPA), click here. For more information on other security features and options, such as
Wired Equivalent Privacy (WEP) encryption, and details on how to implement these four steps, refer to
the User Guides for your wireless products.

23
Without MAC address filtering, any wireless client can join (authenticate with) a
Wi-Fi network if they know the network name (also called the SSID) and perhaps
a few other security parameters like encryption keys. When MAC address filtering
is enabled, however, the access point or router performs an additional check on a
different parameter. Obviously the more checks that are made, the greater the
likelihood of preventing network break-ins.
To set up MAC address filtering, you as a WLAN administrator must configure a
list of clients that will be allowed to join the network. First, obtain the MAC
addresses of each client from its operating system or configuration utility. Then,
they enter those addresses into a configuratin screen of the wireless access point
or router. Finally, switch on the filtering option.
Once enabled, whenever the wireless access point or router receives a request
to join with the WLAN, it compares the MAC address of that client against the
administrator's list. Clients on the list authenticate as normal; clients not on the
list are denied any access to the WLAN.
MAC addresses on wireless clients can't be changed as they are burned into the
hardware. However, some wireless clients allow their MAC address to be
"impersonated" or "spoofed" in software. It's certainly possible for a determined
hacker to break into your WLAN by configuring their client to spoof one of your
MAC addresses. Although MAC address filtering isn't bulletproof, still it remains a
helpful additional layer of defense that improves overall Wi-Fi network security.

24
25
26
In this slide we are filtering/blocking the wireless client from accessing the
database server. We want the AP to look at the entire MAC addresses of both
the wireless client and the database server so we use a mask of all ones or in
hex FFFFFFFFFFFF. The AP will look at both the source and destination
address of each packet that comes into the AP. Both address must be true to
perform a block.

27
In this slide we are filtering/blocking the wireless client from accessing the
database server. We want the AP to look at the entire MAC addresses of both
the wireless client and the database server so we use a mask of all ones or in
hex FFFFFFFFFFFF. The AP will look at both the source and destination
address of each packet that comes into the AP. Both address must be true to
perform a block.

28
The phrase “MAC address spoofing” in this context relates to an attacker altering the
manufacturer-assigned MAC address to any other value. This is conceptually different
than traditional IP address spoofing where an attacker sends data from an arbitrary
source address and
does not expect to see a response to their actual source IP address. MAC address
spoofing might be more accurately described as MAC address “impersonating” or
“masquerading” since the attacker is not crafting data with a different source than is their
transmitting address. When an attacker changes their MAC address they continue to
utilize the wireless card for its intended layer 2 transport purpose, transmitting and
receiving from the same source MAC.
Nearly all 802.11 cards in use permit their MAC addresses to be altered, often with full
support and drivers from the manufacturer. Using Linux open-source drivers, a user can
change their MAC address with the ifconfig tool, or with a short C program calling the
ioctl() function with the SIOCSIFHWADDR flag. Windows users are commonly permitted
to change their MAC address by selecting the properties of their network card drivers in
the network control panel applet.

29
For example, an SNMP filter on the access point's radio port prevents wireless
client devices from using SNMP with the access point but does not block SNMP
access from the wired LAN.

30
31
32
An attacker can sniff and capture legitimate traffic. Many of the sniffer tools for
Ethernet are based on capturing the first part of the connection session, where
the data would typically include the username and password. An intruder can
masquerade as that user by using this captured information. An intruder who
monitors the wireless network can apply this same attack principle on the
wireless.
One of the big differences between wireless sniffer attacks and wired sniffer
attacks is that a wired sniffer attack is achieved by remotely placing a sniffer
program on a compromised server and monitor the local network segment. This
sniffer based attack can happen from anywhere in the world. Wireless sniffing
requires the attacker to typically be within range of the wireless traffic. This is
usually around 300 feet range, but wireless equipment keeps strengthening the
signal and pushing this range further out.
As people are “War Driving”, and locating the APs and recording the GPS
coordinates of the AP location, these AP maps are being shared to any attacker
on the Internet. If a company has their AP location and information shared on the
Internet, their AP becomes a potential target and increases their risk. They
usually include a visual map and a database query tool for locating various AP’s.
Here are some popular places to upload War Driving AP maps.

33
One of the most basic types of active attacks whereby the intruder configures
their wireless terminal to appear to have the same MAC address as an
authorized access point or wireless terminal. When spoofing an access point, the
intruder’s terminal appears as the authorized access point, with the intent to
associate with an authorized wireless terminal and access the data on that
device. When spoofing a wireless terminal, the intruder’s terminal appears as the
authorized terminal, with the intent to gain unauthorized access to the wireless
network.

34
Denial of service
Wireless is especially susceptible to denial-of-service (DOS) attacks. A DOS
attack can take many forms, including interference on the wireless radio band,
blocking users from associating with the AP by sending misleading association
refusal signals, trying to overburden the AP, or even exploiting the authentication
protocol to cause the AP to refuse service to clients.
For authentication within Wireless LAN based access networks, an EAP
authentication method must be chosen that fulfills all requirements of the future
IEEE802.11i Enhanced Security standard. Client device and backend
authentication server exchange EAP PDUs, that will traverse the wireless link. To
prevent an eavesdropper from accessing utilizable information from the EAP
frame exchange an EAP mechanism must provide data encryption and mutual
authentication of network and client device. Most EAP mechanisms (like MD5,
MS-CHAPv1/v2) used for the Point-to-Point-Protocol (PPP) do not offer sufficient
encryption and are vulnerable to at least brute-force dictionary attacks. These
protocols should not be deployed by network operators for client authentication in
wireless environments. The 802.11i working group has recommended EAP-TLS
as defined in RFC2716. EAP-TLS provides sufficient encryption and key
derivation mechanisms for 802.11i based link encryption but requires deployment
of a Public-Key-Infrastructure for ensuring secure mutual authentication.

35
Once connected, the attacker can eavesdrop on clients, gaining access to the
network or hacking the client machine directly.
Man in the middle attack
From Wikipedia, the free encyclopedia.
In cryptography, the man in the middle attack (MITM) is an attack where the
attacker is able to read, and possibly modify at will, messages between two
parties without letting either party know that they have been attacked. The
attacker must be able to observe and intercept messages going between the two
victims.
With public keys an attack might look as follows:
Adam wishes to communicate with Betsy. Edith wishes to eavesdrop on the
conversation, or possibly deliver a false message to Betsy. Adam will ask Betsy
for her public key. Betsy will send her public key to Adam, but Edith will intercept
it, and send Adam her own public key. Adam then encrypts his message with
Edith's key (which he believes is Betsy's) and sends it back to Betsy. Edith again
intercepts, decrypts the message and reads the contents. She then encrypts the
message (altered if she so desires) with Betsy's key and sends it on to Betsy,
who believes she has received it directly from Adam. A similar principle can apply
to packets transmitted using any public key technology.
A "man in the middle" attack remains a primary weakness of public-key based
systems. A standard mechanism for coping with such attacks is signed keys: if
Betsy's key is signed by a trusted third party verifying her identity, Adam can be

36
assured that a key he receives is not an attempt to intercept by Edith. Having keys
signed by a certificate authority is the primary mechanism for secure world wide
web traffic (see SSL). However, lax security in identity verification by certificate
authorities is a vulnerability in this defense.
Of note: While this example focuses on MITM in a cryptographic sense, MITM
should be seen as a general problem that results from allowing untrusted
intermediate parties to act as a proxy for the clients on either side. By acting as a
proxy and appearing as the trusted client to each side the intermediate attacker
may perform various attacks against the confidentiality or integrity of the data
passing through it.

Man in the Middle Attacks

Man in the middle is a technique that simultaneously fools two parties into thinking
they are communicating with each other while, in fact, they are both talking to the
man in the middle. This technique usually requires very active involvement by the
attacker. Often, it requires the constant involvement of the attacker from beginning
to end of the communication in order to avoid detection. Man in the middle is often
attempted when the attacker desires communication with a system under the
identity of a particular user. Often this user has some sort of secret information
that the attacker cannot acquire.
Case Study: Challenge/Response
Challenge/response systems often exhibit this difficulty. A challenge is used as a
varying element from which the user, along with her password or other secret
must create the response. Reusing responses is useless to the attacker since the
challenge will change therefore changing the response. If the secret of the user is
well protected, the attacker cannot use this information. The attacker turns to man
in the middle. She will ask the server for the challenge. The server will gladly
serve up the challenge. The attacker will then coax the user into responding to this
challenge as if the server were asking. The user will generate the appropriate
response using her secret information. The attacker may now use this response
with the server. The attacker may now use the authenticated session with the
server under the identity of the user. Oftentimes, the attacker must also maintain
the spoofed session with the user as well. Since the user was never actually
talking to the server, the attacker must give the appearance of a live session. If
not, the user may suspect the attack and alert the server administrator. Attackers
will often return an errant message to the user so that they will think it is a "normal
problem," e.g. bad password, network problems, etc. Man in the middle is indeed
a difficult attack to execute, however it also foils some our strongest authentication
and encryption techniques available. Many argue against the possibility of man in
the middle due to its difficulty. If this argument were true, then we have no reason
to be using these strong authentication and encryption techniques.
Case Study: Diffie-Helman key exchange
A number of problems are presented to the attacker when targets are using Diffie-
Helman key exchange. First, the only information that the attacker may intercept
are the public keys. These public keys are useless to the attacker since the private

36
key cannot be derived from the public key. Second, the calculations of combining
the keys to get the Diffie-Helman shared secret cannot be done without one of the
secret element. When it is stated that these problems cannot be solved,
cryptographically speaking, this means the attacker is better off trying to guess the
shared secret outright. This is known as brute force and is an inescapable
problem in all cryptosystems.
The attacker can however utilize man in the middle to breach this strong
cryptosystem. Take the example of two participants, Alice and Bob, attempting to
set up a symmetrically encrypted session. An attacker, Mallory, wishes to
eavesdrop on this session. First, Mallory must intercept Alice's and Bob's public
keys. Mallory must also prevent Alice from receiving Bob's public key and vice
versa. Next, Mallory presents her public key to Alice and Bob. Alice and Bob will
accept Mallory's key since they have no proof that it is not the partner's key. Next,
Alice will combine her private key with Mallory's public key and Mallory will
combine Alice's public key with her private key. The resulting shared secret will be
the same for both Mallory and Alice. Bob will also combine his private key with
Mallory's public key and Mallory will combine Bob's public key with her private key.
Again, the shared secret will be the same. Now when Alice and Bob communicate
using the shared secret as a symmetric key, Mallory will intercept the
communication, decrypt the packets, potentially copy or modify the decrypted
information and re-encrypt the information with the other shared secret. The result:
Alice's and Bob's communication passing through Mallory in the clear without the
suspicion of neither Alice nor Bob. Mallory must maintain the bridge between Alice
and Bob or they will notice that the communication is suspicious. Also, any future
communication that depends on these Diffie-Helman shared secrets will require
Mallory or the breakdown in communication will be suspicious.

36
37
You could drive a truck through the holes in the 802.11 WEP (Wired Equivalent
Privacy) protocol. But emerging wireless security technologies--IEEE's 802.11i
and the Wi-Fi Alliance's WPA (Wi-Fi Protected Access)--are designed to avoid
those holes.
802.11i overhauls the IEEE's 802.11 security standard. The more airtight 802.11i
specifications are in the final stages of the standards process, with compliant
products due to market this year. But 802.11i, which includes data integrity and
encryption, is complex and may not interoperate with your existing wireless
hardware.
If you have a large base of older 802.11b clients and APs (access points), tearing
them out isn't realistic. Instead, WPA may be a better fit for now. WPA is a subset
of the 802.11i standard that provides security for large enterprises and small
office/home office WLANs. It was designed to work with 802.11i, so it'll give you a
head start on a future 802.11i deployment. WPA equipment is available now from
Airespace, Aruba, Buffalo Technology, Cisco Systems, Proxim and other vendors.
Security Won't Wait After delays in the IEEE standards process, the Wi-Fi
Alliance had no choice but to come up with its own WLAN security model. WPA's
big selling point is that it secures your WLAN today. It's compatible with existing
hardware and simple enough to deploy at home.
As a standards body, the IEEE 802.11i task group wasn't under the same market
pressures as the vendor-driven Wi-Fi Alliance. After nearly three years of debate,
the 802.11i committee is putting the finishing touches on its security standard, the
Robust Security Network. RSN requires wireless clients and APs to have

38
capabilities most existing devices don't have, including higher processing power
and support for intensive encryption algorithms. There is also a transitional spec--
conveniently called Transitional Security Network (TSN)--that lets RSN and older
WEP systems operate in parallel in the same WLAN. But your wireless network
won't be fully secure until it's all RSN.RSN and WPA have a lot in common. They
use the same security architecture for upper-level authentication, key distribution
and key renewal. WPA, though, is built around TKIP (Temporal Key Integrity
Protocol), which is available as a firmware upgrade to most legacy hardware. RSN
is more comprehensive and includes support for AES (Advanced Encryption
Standard), which is available only on the latest WLAN hardware.
WEP (Wired Equivalency Protocol) encryption, the flaws in that standard are well
documented, and hackers can break WEP easily. You need WPA (Wi-Fi Protected
Access), a far stronger protocol that fixes the weaknesses in WEP. For further
discussion of WPA, see our wireless security story.
Here we'll take you through the process of upgrading your networking equipment
and enabling WPA security for your home WLAN. To upgrade your wireless
security to WPA, you must have three critical components: an access point (AP)
or wireless router that has WPA support; a wireless network card that has WPA
drivers available; a client (called a supplicant) that supports WPA and your
operating system.
WPA replaces WEP in small-office or home routers, so moving to WPA is an all-or-
nothing proposition. For you to consider an upgrade, every wireless device on
your network must have WPA capabilities. This includes any wireless bridges you
might use for your Microsoft Xbox (or other gaming device), digital camera, home
audio gateway, and print server.

38
Key management is not specified in the WEP standard; without interoperable key
management, keys will tend to be long-lived and of poor quality. Most wireless
networks that use WEP have one single WEP key shared between every node on
the network. Access points and client stations must be programmed with the
same WEP key. Since synchronizing the change of keys is tedious and difficult,
keys are seldom changed. Also, the 802.11 standard does not specify any WEP
key sizes other than 40 bits.

39
Short for virtual private network, a network that is constructed by using public
wires to connect nodes. For example, there are a number of systems that enable
you to create networks using the Internet as the medium for transporting data.
These systems use encryption and other security mechanisms to ensure that
only authorized users can access the network and that the data cannot be
intercepted.
Virtual Private Networks, or VPNs, use publicly accessible network infrastructure
combined with private connections to securely exchange private applications and
data. They make the remote or ‘virtual’ office viable, using standard data and
computer interconnects. There are a number of VPN systems that enable the
creation of these networks using the Internet as the medium for transport.
All VPN systems use encryption and other security mechanisms to ensure that
only authorized users can access the network, so that the data cannot be
intercepted. Among the most popular of these solutions is Microsoft’s VPN,
integrated as a core component of Windows 2000 and Windows XP.

40
"The advantage is that [TKIP] can be deployed quickly," said Kim Getgen, RSA
BSAFE product marketing manager. "Vendors can patch their existing
implementations. The IEEE will adopt other algorithms in the future, but this
solves the immediate business problem of being able to distribute a privacy
solution."
The temporal key integrity protocol (TKIP), initially referred to as WEP2, is an
interim solution that fixes the key reuse problem of WEP, that is, periodically
using the same key to encrypt data. The TKIP process begins with a 128-bit
"temporal key" shared among clients and access points. TKIP combines the
temporal key with the client's MAC address and then adds a relatively large 16-
octet initialization vector to produce the key that will encrypt the data. This
procedure ensures that each station uses different key streams to encrypt the
data.
TKIP uses RC4 to perform the encryption, which is the same as WEP. A major
difference from WEP, however, is that TKIP changes temporal keys every 10,000
packets. This provides a dynamic distribution method that significantly enhances
the security of the network.
An advantage of using TKIP is that companies having existing WEP-based
access points and radio NICs can upgrade to TKIP through relatively simple
firmware patches. In addition, WEP-only equipment will still interoperate with
TKIP-enabled devices using WEP. TKIP is a temporary solution, and most
experts believe that stronger encryption is still needed.

41
In addition to the TKIP solution, the 802.11i standard will likely include the
Advanced Encryption Standard (AES) protocol. AES offers much stronger
encryption. In fact, the U.S. Commerce Department's National Institutes of
Standards and Technology (NIST) organization chose AES to replace the aging
Data Encryption Standard (DES). AES is now a Federal Information Processing
Standard, FIPS Publication 197, that defines a cryptographic algorithm for use by
U.S. Government organizations to protect sensitive, unclassified information. The
Secretary of Commerce approved the adoption of AES as an official Government
standard in May 2002.
An issue, however, is that AES requires a coprocessor (additional hardware) to
operate. This means that companies need to replace existing access points and
client NICs to implement AES. Based on marketing reports, the installed base
today is relatively small compared to what future deployments will bring. As a
result, there will be a very large percentage of new wireless LAN implementations
that will readily take advantage of AES when it becomes part of 802.11.
Companies having installed wireless LANs, on the other hand, will need to
determine whether it's worth the costs of upgrade for better security.

Advanced Encryption Technology

WinZip 9.0 supports 128- and 256-bit key AES encryption, which provide much
greater cryptographic security than the traditional Zip 2.0 encryption method used
in earlier versions of WinZip.

42
43
802.1X is a standard that provides a means to authenticate and authorize devices for network access; a
security mechanism absent from 802.11. 802.1X provides a port-based network access control solution for
networking technologies such as Ethernet, 802.11, Token Ring and FDDI. 3
802.1X has three components that combine to deliver authentication: the Supplicant, Authenticator and
Authentication Server (AS). The wireless terminal is the supplicant and the access point is the authenticator.
The most common type of AS is RADIUS (Remote Authentication Dial-In User Service) - typically a stand-
alone software package installed on a standard PC platform. Authentication requests occur during system
initialization and are initiated by wireless terminals or access points, after the terminal has associated to the
access point. Various authentication methods such as digital certificates, smart cards and one-time
passwords can be used to provide credential information for authentication. Of course, without successful
authentication, network access is denied.
EAP/MD5: Simple, one-way handshake in which the AS authenticates the client. Credentials are based on
mutual knowledge of a shared secret such as username and password. MD5 requires little memory and is
simple to implement and manage; making it ideal for wireless terminals with limited memory and processing
power.
EAP/TLS: Two-way (mutual) authentication in which the AS authenticates the client, and in turn, the client
authenticates the server. This mutual authentication secures against man-in-the-middle-attacks. TLS uses
digital certificates to provide credential information and secures against dictionary attacks.
EAP/TTLS: Two-way (mutual) authentication of the client and AS based on TLS. TTLS only requires server-
side certificates, eliminating the need to install and configure certificates for each wireless client. User
authentication occurs via a security database already in use on the corporate LAN, such as Windows
domain controllers, SQL, or LDAP. TTLS securely forwards client authentication information after a TLS
tunnel is established.
EAP/PEAP: Similar in functionality to TTLS in that, it too specifies mutual authentication, uses TLS to
establish a secure tunnel between the wireless client and authentication server, and only requires server-
side certificates. The difference is that you would deploy an authentication method defined by EAP on the
wireless client.
EAP is a general protocol and is ‘extensible’ in that it supports multiple authentication mechanisms. 802.1X
supports such EAP types as Message Digest 5 (MD-5), Transport Layer Security (TLS), Tunneled Transport
Layer Security (TTLS) and Protected Extensible Authentication Protocol (PEAP).

44
45
46
802.11 networks use two authentication methods: open-system authentication and shared-key
authentication. In both schemes, each mobile client (called a station) must authenticate to the
access point. Open-system authentication might better be called "no authentication", because no
actual authentication takes place: the station says "please authenticate me", and the AP does so,
with no credential exchange. Shared-key authentication is somewhat more robust (except that it
depends on WEP). The station requests authentication, and the access point (AP) responds with
a WEP-encrypted challenge. The station can decrypt the challenge and respond only if it has the
correct WEP password. In both of these methods, the station must also know the service set
identifier (SSID) of the AP. However, because the AP might broadcast its SSID, and because
stations talking to that SSID always broadcast it, this behavior isn't much of an obstacle to
learning the SSID.

Disable DHCP
At first, this may sound like a strange security tactic, but for wireless networks, it makes sense.
With this step, hackers would be forced to decipher your IP address, subnet mask, and other
required TCP/IP parameters. If a hacker is able to make use of your access point for whatever
reason, he or she will still need to figure out your IP addressing as well.

Use access lists

To further lock down your wireless network, implement an access list, if possible. Not all wireless
access points support this feature, but if yours does, it will allow you to specify exactly what
machines are allowed to connect to your access point. The access points that support this feature
can sometimes use trivial file transfer protocol (TFTP) to periodically download updated lists in
order to prevent the administrative nightmare of having to sync these lists on every unit.
If a wireless access point (for example, the Orinoco Residential Gateway RG1000) allows you to
run an open or closed network (allow or deny access to clients configured with Any as the station
name or no station name selected), select the setting that requires the station name to be known
and specified. Note that some vendors may add this capability via a firmware upgrade and that
this is currently not part of the Wi–Fi standard.

47