Copyright © 2006 Penton Media, Inc., All rights reserved.
Printing of this document is for personal use only.
Reprints

Wireless technologies continue to grow with no sign of slowing down. Today, companies need to understand the advances in wireless security standards so they can easily integrate wireless infrastructure products (access points and clients) while utilizing and enhancing the network security infrastructure. As wireless security development continues, clever hackers continue to find new ways around security measures. To mitigate vulnerability to attacks, companies have implemented policies and procedures to ensure wireless application security. Companies also communicate those policies to their employees to increase user awareness and understanding.

One such procedure is to adopt strict naming and password policies, as well as strong encryption protocols. Another method is to provide directional antennas to contain the signal strength of access points to specific zones within the boundaries of the enterprise. Yet even with such methods, several security concerns persist, especially for dictionary and man-in-the-middle attacks. Dictionary attacks attempt to navigate around authentication by repeatedly guessing dictionary words as the key. Whenever a challenge-response authentication scenario between two parties arise on a network in which a hashed version of the key is stored, these attacks are significantly more dangerous since the hash scheme can be decoded to infiltrate the network.

To defend the network from dictionary attacks, users can limit the number of attempts allowed and the time in which the attempts can be made before the user is identified as malicious. Increasing the complexity of the encryption and message authentication algorithms will reduce the effectiveness of guessing keys, but it does not provide a safe haven from dictionary attacks.

Rogue wireless access points also threaten networks since unsecured parties can gain access to information that was meant to be secure. Rogue devices allow man-in-the-middle attacks, where third parties “eavesdrop” on communication between authorized parties, on networks that do not require mutual authentication.

While efforts are taken to detect rogue access points via continuous monitoring of the radio waves, underlying security issues must be addressed. The client and server must have mutual authentication and be able to check for message tampering.

802.1X AND EAP TO THE RESCUE
The original IEEE 802.11 specification defined authentication via open-system or shared-key, in addition to confidentiality via Wired Equivalent Privacy (WEP). Yet 802.11 didn’t provide a scalable mechanism to deploy WEP security or use standard centralized authentication, authorization, and accounting (AAA) mechanisms. Users quickly caught on to these vulnerabilities, and anywhere you look, you can find articles exploiting 802.11.

802.1x was introduced to provide port-based network access control for authenticated access to Ethernet networks. With Extensible Authentication Protocol (EAP) as a flexible authentication mechanism within the 802.1x framework, wireless applications now have a security arsenal that provides a combination of highly scalable protocols that can be implemented using a security and AAA architecture that is prevalent in the enterprise.

These infrastructures incorporate encryption, integrity checking, and verification, which add extra security by moving from system authentication to user authentication. 802.11i used the 802.1x framework for authentication and added dynamic session key management and distribution along with stronger encryption protocols (Advanced Encryption Standard/Counter Mode with Cipher Block Chaining Message Authentication Code, or AES/ CCMP) that suited wireless networks.

EAP enables support for extended authentication methods such as token cards, certificates, and one-time passwords within the 802.1x framework. With its many methods, EAP is particularly effective in combating the most difficult attacks.

Universally supported, EAP-Transport Layer Security (EAPTLS) offers a tremendous advantage, but it also requires clientside and server-side certificate authentication. It handles both man-in-the-middle and dictionary attacks since the connection is only established with dual authentication.

EAP-Tunneled Transport Layer Security (EAP-TTLS), an extension of EAP-TLS, requires the server to authenticate to the client with a certificate. The client then authenticates to the server through a secure tunnel connection, and encryption is handled with dynamic session keys.

Protected Extensible Authentication Protocol (PEAP) is another secure method that acts in a similar way. EAP-TTLS and PEAP both prevent eavesdropping and can reduce man-inthe- middle attacks while reducing the overhead associated with installing and processing individual client certificates.

A LAYERED APPROACH = A SECURE, SCALABLE FUTURE
The use of 802.1x and EAP provides far greater security than the original 802.11 while being scalable enough for large deployments. Also, layering an end-to-end solution using standard tunneling protocols can ensure the integrity and confidentiality of sensitive data. These methods can support network infrastructure from the wireless client all the way to the enterprise server and make security scalable with network growth.