Wireless LAN Security in a SOHO Environment
A Holistic Approach
©2006
Bachelorarbeit
96 Seiten
Zusammenfassung
Inhaltsangabe:Introduction:
This paper addresses the theory and reality of Wi-Fi security. It provides an overview of security mechanisms and explains how security works in wireless networks. The most important security protocols that are relevant for small office or home office environments are looked upon in more detail. The security of a real-world wireless network is being tested with freely available tools and popular attacking methods. It is demonstrated that old security protocols can no longer be seen as being secure at all. To create a holistic view the idea of Wi-Fi security is then expanded to include the physical level. A series of experiments provides insight on how to make a network more secure with materials and tools available in every household. A WLAN that is nearly unreachable outside the perimeter does not attract any potential hackers. The paper concludes with recommendations on where to place your access point and what can be done to shield it. Inhaltsverzeichnis: Textprobe:
This paper addresses the theory and reality of Wi-Fi security. It provides an overview of security mechanisms and explains how security works in wireless networks. The most important security protocols that are relevant for small office or home office environments are looked upon in more detail. The security of a real-world wireless network is being tested with freely available tools and popular attacking methods. It is demonstrated that old security protocols can no longer be seen as being secure at all. To create a holistic view the idea of Wi-Fi security is then expanded to include the physical level. A series of experiments provides insight on how to make a network more secure with materials and tools available in every household. A WLAN that is nearly unreachable outside the perimeter does not attract any potential hackers. The paper concludes with recommendations on where to place your access point and what can be done to shield it. Inhaltsverzeichnis: Textprobe:
Leseprobe
Inhaltsverzeichnis
Diplom.de
Bachelorarbeit
Christian Wimmer
Wireless LAN Security
in a SOHO Environment
A Holistic Approach
Christian Wimmer
Wireless LAN Security in a SOHO Environment
A Holistic Approach
ISBN: 978-3-8366-1923-3
Druck Diplomica® Verlag GmbH, Hamburg, 2008
Zugl. University of Wales, Aberystwyth
Ceredigion, Großbritannien, Bachelorarbeit, 2006
Dieses Werk ist urheberrechtlich geschützt. Die dadurch begründeten Rechte,
insbesondere die der Übersetzung, des Nachdrucks, des Vortrags, der Entnahme von
Abbildungen und Tabellen, der Funksendung, der Mikroverfilmung oder der
Vervielfältigung auf anderen Wegen und der Speicherung in Datenverarbeitungsanlagen,
bleiben, auch bei nur auszugsweiser Verwertung, vorbehalten. Eine Vervielfältigung
dieses Werkes oder von Teilen dieses Werkes ist auch im Einzelfall nur in den Grenzen
der gesetzlichen Bestimmungen des Urheberrechtsgesetzes der Bundesrepublik
Deutschland in der jeweils geltenden Fassung zulässig. Sie ist grundsätzlich
vergütungspflichtig. Zuwiderhandlungen unterliegen den Strafbestimmungen des
Urheberrechtes.
Die Wiedergabe von Gebrauchsnamen, Handelsnamen, Warenbezeichnungen usw. in
diesem Werk berechtigt auch ohne besondere Kennzeichnung nicht zu der Annahme,
dass solche Namen im Sinne der Warenzeichen- und Markenschutz-Gesetzgebung als frei
zu betrachten wären und daher von jedermann benutzt werden dürften.
Die Informationen in diesem Werk wurden mit Sorgfalt erarbeitet. Dennoch können
Fehler nicht vollständig ausgeschlossen werden, und die Diplomarbeiten Agentur, die
Autoren oder Übersetzer übernehmen keine juristische Verantwortung oder irgendeine
Haftung für evtl. verbliebene fehlerhafte Angaben und deren Folgen.
© Diplomica Verlag GmbH
http://www.diplom.de, Hamburg 2008
Printed in Germany
Wireless LAN security in a SOHO environment
page 2 of 94
I. Acknowledgements
I would like to thank my flatmate Klaus Schedlbauer for proof reading this paper and for just
being there whenever I needed him. Thanks also go to Jürgen Pörsch for helping me to start
this project and for the idea to study in Newi and to Nicole Gebert for inspiring me.
Special thanks go to my project supervisor John McGinn who was always there when I
needed him and was always helping me, without him this project would not be what it is.
Günter Zweck, my stepfather, without his support I would not be where I am now.
Finally I would like to acknowledge Anton Braun and Keshav Srinivasan, my colleges from
overseas, who sacrificed some of their free time to proof-read this paper.
Wireless LAN security in a SOHO environment
page 3 of 94
II. Contents
I.
ACKNOWLEDGEMENTS ... 2
II.
CONTENTS ... 3
III.
LIST OF FIGURES... 6
IV.
LIST OF ABBREVIATIONS ... 7
V.
ABSTRACT ... 9
1.
INTRODUCTION ... 10
2.
LITERATURE REVIEW ... 11
3.
METHODOLOGY ... 16
3.1.
T
IMETABLE AND LOG
-
KEEPING
... 17
3.2.
T
HE
A
RTEFACT
... 17
3.3.
M
ETHODOLOGY REFLECTION
... 18
4.
WLAN BASICS ... 19
4.1.
T
HE
IEEE
S
TANDARDS
... 19
4.2.
R
ELATIONSHIP BETWEEN THE
W
I
-F
I ALLIANCE AND THE
IEEE ... 21
4.3.
WLAN
A
RCHITECTURE
... 22
4.3.1.
Independent / Ad-Hoc... 23
4.3.2.
Infrastructure ... 23
5.
SECURITY ... 24
5.1.
S
ECURITY OBJECTIVES
... 24
5.2.
WLAN
SECURITY
... 25
5.3.
WEP
ARCHITECTURE
... 27
5.3.1.
How WEP works ... 27
5.3.2.
WEP why it doesn't work ... 30
5.3.3.
WEP Summary ... 31
5.4.
N
EW SECURITY
:
802.11
I AND
WPA ... 32
5.4.1.
Temporal Key Integrity Protocol (TKIP) ... 32
5.4.2.
What is WPA? ... 33
5.4.3.
Counter Mode with CBC-MAC and Robust Secure Networks... 34
5.4.4.
Mixed Mode Transitional Security Network (TSN) ... 35
5.4.5.
802.11i Summary... 35
5.5.
I
NTERIM AND EXTRA SECURITY SOLUTIONS
... 36
5.5.1.
VPN and IPSec... 36
5.5.2.
SSL and SSH... 36
Wireless LAN security in a SOHO environment
page 4 of 94
5.5.3.
Other alternatives... 37
5.6.
A
BAD SECURITY EXAMPLE
:
N
INTENDO
DS ... 38
6.
WIRELESS LAN PENETRATION TEST AN EXPERIMENT... 40
6.1.
A
SSEMBLING THE GEAR
... 40
6.2.
G
ATHERING BASIC INFORMATION
... 41
6.3.
A
TTACKING
WEP ... 41
6.4.
G
ETTING PAST THE
MAC
FILTER
... 43
6.5.
G
ETTING NETWORK SETTINGS
... 43
6.6.
C
ONCLUSION
... 43
7.
PHYSICAL LAYER SECURITY... 45
7.1.
F
REQUENCIES AND THEIR USE
... 45
7.1.1.
2.4 GHz WLAN technology ... 45
7.1.2.
5GHz WLAN technology ... 46
7.1.3.
Advantages and Disadvantages of the frequencies ... 46
7.2.
H
OW
WLAN
S
IGNAL
S
TRENGTH IS MEASURED
... 47
7.3.
H
OW THE SIGNAL IS AFFECTED
... 48
7.3.1.
Straight-Line Losses... 48
7.3.2.
Interference ... 49
7.3.3.
Practical Test: Microwave ovens versus WLANs... 51
7.4.
A
NTENNAS AND THEIR
I
RRADIATION PATTERNS
... 51
7.4.1.
Dipole Antennas ... 51
7.4.2.
Directional Antennas... 52
7.4.3.
Antenna size matters ... 53
8.
EXPERIMENTS... 54
8.1.
G
ENERAL
I
SSUES
... 54
8.1.1.
Hardware and Software Configuration... 54
8.1.2.
Measuring the WLAN signal strength ... 54
8.1.3.
Windows and Netstumbler... 54
8.1.4.
Linux and Wavemon... 55
8.2.
A
VOIDING INTERFERENCE
... 56
8.3.
M
AKING THE TEST RESULTS COMPARABLE
... 56
8.4.
E
XPERIMENTS AND RESULTS
... 57
8.4.1.
Signal loss for obstacles... 57
8.4.2.
Using a home-made reflector... 57
8.4.3.
Other means to shield the Access Point ... 59
8.5.
R
ECOMMENDATIONS FOR PLACING THE
A
CCESS
P
OINT TO INCREASE SECURITY
... 60
9.
CRITICAL EVALUATION ... 61
9.1.
E
VALUATING THE OBJECTIVES
... 61
Wireless LAN security in a SOHO environment
page 5 of 94
9.2.
E
VALUATING OF THE PROCESS AND PERSONAL REFLECTION
... 63
10.
CONCLUSION ... 65
11.
REFERENCES ... 66
12.
BIBLIOGRAPHY... 70
13.
APPENDICES... 72
A 1. PROJECT ORGANIZATION RELATED... 72
A
1.1
P
ROJECT
P
ROPOSAL
... 72
A
1.2
P
ROJECT
S
PECIFICATION
... 73
A
1.3
G
ANT
C
HART
... 74
A
1.4
B
RAINSTORMING
L
OG
... 75
A
1.5
U
NREALIZED
A
RTEFACT IDEAS
... 76
A
1.6
P
ROJECT
L
OGBOOK
(
DISCONTINUED
) ... 78
A 2. INFORMATION GATHERING RELATED ... 82
A
2.1
I
NTERVIEW TRANSCRIPT
,
TRANSLATED INTO
E
NGLISH
... 82
A
2.2
I
NTERVIEW TRANSCRIPT
,
ORGINAL VERSION
,
G
ERMAN
... 85
A
2.3
W
ARWALK THROUGH
W
REXHAM
... 88
A 3. PHYSICAL LAYER RELATED ... 91
A
3.1.
2.4GH
Z CHANNELS AND FREQUENCY OVERVIEW
... 91
A
3.2.
5
GH
Z CHANNELS AND FREQUENCY OVERVIEW
... 92
A
3.3.
E
Z
-12
P
ARABOLIC
R
EFLECTOR
T
EMPLATE
(E
RSKINEAPE
,
2005)... 94
Wireless LAN security in a SOHO environment
page 6 of 94
III. List of figures
Figure 4-1: A typical 802.1X setup... 21
Figure 4-2: Relationship of Wi-Fi and IEEE 802.11 ... 22
Figure 4-3: Independent and ad-hoc networks, (adapted from Gast, 2005 p 16)... 23
Figure 5-1: The CIA Triad. (adapted from Brunschweiler, 2004, p. 32) ... 24
Figure 5-2: Open and WEP Authentication ... 28
Figure 5-3: Generic stream cipher operation (adapted from Gast 2005, p115) ... 29
Figure 5-4: The Nintendo DS can connect to WEP networks, but lacks WPA support ... 39
Figure 6-1: Kismet in action. It gives us all the basic information needed to start the hack ... 41
Figure 6-2: WEP cracking with Aircrack. The 128bit WEP key was found in 4 seconds... 42
Figure 6-3: MAC address spoofing under Linux is easy ... 43
Figure 7-1: DSSS Channels in 2.4GHz spectrum (Vladimirov et al., 2004, p. 62) ... 45
Figure 7-2 Signal-to-noise ratio and the noise floor (Gast, 2005 p 233) ... 48
Figure 7-3 Multiple paths... 49
Figure 7-4: Wave combination by superposition. Wave 1 and Wave 2 are almost opposite of
each other, the net result is almost nothing. (Adapted from Gast, 2005, p. 237)... 50
Figure 7-5: Inter-Symbol Interference ... 50
Figure 7-6 Signal loss while a microwave oven is operating near an access point... 51
Figure 7-7: A typical dipole antenna, found on almost every 802.11 b/g Access Point ... 52
Figure 7-8: Radiation patterns of omnidirectional and directional antennas ... 52
Figure 8-1: Netstumbler, the swiss knife of Windows WLAN tools ... 55
Figure 8-2: Wavemon is a great tool for 802.11 signal measuring ... 56
Figure 8-3: Home made reflectors in action... 58
Wireless LAN security in a SOHO environment
page 7 of 94
IV. List of abbreviations
AES
Advanced Encryption Standard
AP
Access Point
BSS
Basic Service Set
BSSID
Basic Service Set ID
CCMP
Counter Mode with CBC-MAC Protocol. AES based protocol 802.11i
DHCP
Dynamic Host Configuration Protocol
DoS
Denial of Service
dBm
decibel (db) in relation to 1 milli-watt (mW)
EAP
Extensible Authentication Protocol
ESS
Extended Service Set
FHSS
Frequency Hopping Spread Spectrum
FMS
Fluhrer-Mantin-Shamir. Used to reference a key recovery attack against WEP.
HR/DSSS
High-Rate Direct Sequence Spread Spectrum
HTTP
HyperText Transfer Protocol
HTTPS
HTTP Secure
IEEE
Institute of Electrical and Electronics Engineers
IP
Internet Protocol
IPsec
IP security. Framework of security protocols, often used for VPN
IR
InfraRed
ISO
ternational Organization for Standardization
ISM
Industrial,
Scientific, and Medical Bands
IV Initalization
Vector
LAN
Local
Area
Network
LEAP
Leightweight Extensible Authentication Protocol).
MAC
Medium Access Control
OFDM
Orthogonal Frequency Division Multiplexing
OSI
Open Systems Interconnection, also known as the ISO OSI modell
PHY
PHYsical Layer
PMK
Pairwise Master Key
PSK
PreShared Key
RADIUS
Remote Authentication Dial In User Service
RC4
Rivest Cipher 4, a streaming cipher devloped by Ron Rivest, RSA labs
Wireless LAN security in a SOHO environment
page 8 of 94
RSN
Robust Security Network, part of 802.11i
SNR
Signal to Noise Ratio
SSH
Secure Shell
SSID
Service Set IDentifier
SSL
Secure Socket Layer
SOHO
Small Office / Home Office
TCP
Transmission Control Protocol
TGi
802.11 Task group i
TK
Temporal
Key
TKIP
Temporal Key Integrity Protocol. RC4 based protocol introduced in 802.11i
VPN
Virtual Private Network
WAN
Wide Area Network
WEP
Wired Equivalent Privacy
Wi-Fi
Wireless-Fidelity
WiMAX
Worldwide Interoperability for Microwave Access, also known as IEEE 802.16
WLAN Wireless
LAN
WPA
Wi-Fi Protected Access
WPA2
WPA v2
Wireless LAN security in a SOHO environment
page 9 of 94
V. Abstract
This paper addresses the theory and reality of Wi-Fi security. It provides an overview of
security mechanisms and explains how security works in wireless networks. The most
important security protocols that are relevant for small office or home office environments are
looked upon in more detail. The security of a real-world wireless network is being tested with
freely available tools and popular attacking methods. It is demonstrated that old security
protocols can no longer be seen as being secure at all. To create a holistic view the idea of
Wi-Fi security is then expanded to include the physical level. A series of experiments
provides insight on how to make a network more secure with materials and tools available in
every household. A WLAN that is nearly unreachable outside the perimeter does not attract
any potential hackers. The paper concludes with recommendations on where to place your
access point and what can be done to shield it.
Wireless LAN security in a SOHO environment
page 10 of 94
1. Introduction
"Those who would sacrifice freedom for security deserve neither"
(Benjamin Franklin)
Wireless network security has never been much of an issue for the home user - but maybe it
should be.
In the last century our life has become very mobile and a part of this movement were Wireless
LANs. They are very comfortable to use, fast enough for most services, and because
affordable broadband connections are available nearly everywhere, WLANs have moved into
homes and offices worldwide. But this freedom comes at a price. Many people are not aware
that there are inherently more dangers in wireless communication than in normal networks.
The majority of today's installations are considered to be insecure.
This paper will examine the security mechanisms available for WLANs in a SOHO
environment and their practicality in order to increase security awareness. It will be
demonstrated just how easy it is to gain unauthorised
access to a typical wireless network that
is using outdated security protocols like WEP.
,,WEP is not dead, it was never alive."
(David Dominick from Delta airlines, commenting on the first WEP hacks, 2001)
Luckily the industry learned from its mistakes and therefore newer and better security
protocols are available in the form of WPA and 802.11i. But this is not the only way you can
`guard the airwaves'. There are interim and extra solutions that are in use. This paper expands
the security idea to include the physical layer. It will be explored how simply materials and
tools that are available in every household can be used to make WLAN networks in a small
office or home office (SOHO) environment more secure.
Read on to learn why your wireless LAN may have "no clothes" and what you can do about
it.
Wireless LAN security in a SOHO environment
page 11 of 94
2. Literature review
802.11
The standard behind Wireless LANs is 802.11 which has some similarities to Ethernet (Gast,
2005 p 12 ff). But unlike his big brother it is not bound to cables, hence that why it is called
Wireless. This brings some issues one of which is security which has grabbed the headlines
(Gast, 2005, p. 32).
WEP
The first standard to address security was Wired Equivlanet Privacy (WEP). However in the
first few years of 802.11s existence "researchers built a strong case of insecurity against
WEP" (Gast, 2005, p. 114).
First research of the insecurity of WEP was done by Walker (2000) who concluded that WEP
was unsafe at any key size, and that it couldn't meet its design goal which is to provide data
privacy to the level of a wired network. Later Arbaugh and two of his students (2001) did
some early academic research into the (in)security of 802.11 and concluded that WLAN
presents a large security problem.
Borisov et al (2001) presented the first serious paper on WEP insecurity which received a lot
of echo in the press. Only a month later Flurer et al (2001) published a paper called
"Weaknesses in the Key Scheduling Algorithm of RC4" which described an attack on the
`key scheduling algorithm' which is used by WEP. The FMS attack, as it is called for short,
was only theoretical but it didn't take long till it got adapted into the real world. However it
was this paper that started the downfall of WEP in general.
Stubblefield at al (2001) showed that the theoretical attack on WEP could indeed be done in a
real network. According to Gast (2005, p. 125) it took the group only a week, including the
delivery of the WLAN Card, to crack the WEP key and between five and six million packets
where needed to get enough `weak IV'. However these tests where still experimental and no
easy-to-use tools where available to the public at that time but this soon changed when an
open source tool called AirSnort (http://airsnort.shmoo.com/) was released for Linux, which
allowed anyone with some computer and networking knowledge to hack into a Wireless
LAN.
A first attempt to counter this attack was made by Agere Systems (2001) who developed a
more secure version of WEP called `WEPPlus' or WEP+ which greatly reduces the amount of
Wireless LAN security in a SOHO environment
page 12 of 94
`weak IV' produced by normal WEP implementations and was released as firmware update
for their own access points. At the same time Cisco (2001) decided to go for a different
approach and introduced `Dynamic WEP Keys' to their Aironet WLAN Products.
But the problem with solutions like this is that they are vendor specific and incompatible with
each other.
Matters got even worse for WEP when a talented hacker naming himself Korek (2004) replied
to a thread on the netstumbler forum about WEP security. The attack he described was no
longer dependent on weak IV. As the FMS attack needs weak IVs hardware vendors tried to
avoid producing those as much as possible (Schmidt, 2005). The Korek attack uses statistical
crypto-analysis and proved to be more efficient than the FMS attack. Schmidt (2005) went as
far as advising users to no longer use WEP without any additional security like SSL or
IPSEC. The Korek attack was quickly integrated into WEP cracking and WLAN auditing
tools and is now the de facto standard for attacking WEP protected WLANs.
But WEP still provides some sort of basic security but it has to be activated to be of any use.
A recent survey (Pickard, 2003) on the Wireless security of London shows that only a little
over a third of the Access Points have WEP encryption enabled. Bachfeld (2004) confirms
with these findings when he did a survey of the security situation in Germany where he found
around half the WLANs in Germany to be unencrypted.
802.1X User Authentication
WEP tried to be all in one and included aspects of authentication and encryption but in the
end it did neither very well (Gast, 2005 pp. 129-130). 802.1X can take care of the user
authentication part. It works on the link layer and allows authenticating users instead of
machines. Radius is the `de facto' standard for 802.1X authentication. Because 802.1X is a
framework it is rather complicated to understand and setup. Therefore chances are low that it
is used in SOHO very often.
WPA
As it became clear that WEP has some serious security issues the TGi, IEEE Task Group
802.11i had already started to work on a new standard to replace WEP. However, the major
Wi-Fi manufacturers decided that security was so important to end users that it had to move
as fast as possible to deliver a replacement for WEP (Edney, Arbaugh 2003 p. 105). It was
also concluded that customers wouldn't just `throw away' their old hardware and with this in
mind the Temporal Key Integrity Protocol (TKIP) was definied and WPA was born. WPA is a
Wireless LAN security in a SOHO environment
page 13 of 94
subset of 802.11i and has been introduced before 802.11i was finalized. It is a WEP
replacement that is more secure and robust to attacks but is still able to run on the same
hardware than WEP does. In most cases a simple firmware upgrade of the AP is all that's
needed to be able to change from WEP to WPA and new hardware already comes with WPA
support as WPA support is mandatory for Wi-Fi certified hardware since 2004.
But as WPA was only an interim standard it shared some of the flaws of WEP. Moskowitz
(2003) concluded that Pre-Shared Keying (PSK) is not secure and those short and/or unsecure
passwords are almost as bad as WEP. Based on his work Takahashi (2004) developed a tool
called WPAcrack, a proof of concept which allows a brute force offline dictionary attack
against the consumer version of WPA. He further concluded that the recommendation of the
Wi-Fi alliance to use passwords longer than 20 characters would most likely be not executed
in practice by the target audience of WPA.
Another problem of WPA is it is possible vulnerability to a DoS attack (Edney & Arbaugh
2003 pp. 335 - 336). Once an attacker sends 2 modified packets to an AP within a minute the
AP will go offline for one minute and has to re-key all connected stations after he comes back
online, However this attack is rather theoretical as DoS attacks on WLANs can be achieved
easier using other methods.
802.11i i is for security
WPA with TKIP was only meant as a temporal replacement for WEP until better security was
available with the final version of 802.11i which was published in June 2004. One of the
reasons for the delay of 802.11i was that 802.1X was still revised (Soltwisch & Hogrefe
2004). The most important difference between 802.11i and WPA is the change of the
encryption cipher from RC4 to AES. "AES has took on the tests in the past" (Soltwisch &
Hogrefe, 2004) and is secure enough to meet the demands Federal Information Standards
(FIPS) 140-2, which is often demanded by public authorities (Nonhoff & Arps, 2004). This
new algorithm requires a separate chip for the encryption and therefore new hardware is
needed. The Wi-Fi alliance calls hardware which supports this new encryption standard
WPA-2, and hardware that included support for it was already available.
Access Control
Although 802.11 does not define access control almost every AP nowadays implements MAC
address list filtering, often in the form of simple lists (Edney & Arbaugh, 2003, p. 93). But
Wireless LAN security in a SOHO environment
page 14 of 94
given the fact that MAC addresses can be forged rather easy (ifconfig under Linux, Registry
under Windows) this should only be used as a part of a security strategy.
VPN and IPSec
A different approach for securing WLANs is Virtual Private Network (VPN). This term is
used to "describe some sort of security system operating at the TCP/IP Layer" (Edney &
Arbaugh, 2004, p. 308). The strong encryption IPSec, which is mainly used for VPN
nowadays, is the safest way to secure access within an AP. One of the downsides of VPN is
the rather high CPU usage which can limit bandwidth. NEWI's WLAN is an example of a
university using a VPN.
Attackers
But who are the people that try to hack into your WLAN? Edney and Arbaugh (2003, pp. 22-
26) classify the attackers according to their motives and distinguish them into 3 groups. The
`Gaming attacker' is someone who has too much time available and is interested in the
technology and just tries to find out how far he can go. `Profit or revenge attackers' on the
other hand are evil guys who try to gain something out of the hacking of a wireless network,
and these are the people companies should be mostly afraid of. The `ego hacker' is someone
who just wants to hack something just for the sake of it.
Wardriving
A term that has been going through the media in the last 2 years is Wardriving. Hurley et al
(2004) describe Wardriving as "the act of moving around a specific area and mapping the
population of wireless access points for statistical purposes. These statistics are then used to
raise awareness of the security problems". The term Wardriving has been coined by Peter M.
Shipley (2001) who was the first to automate the process of Wardriving. In his observations
of the San Francisco Bay Area he found only 15-30% of the Access Points to be encrypted.
Since the early days of Wardriving a lot has happened. Many online and offline communities
have been created and there are many specialised tools, and WLAN maps floating around on
the internet. Wardriving itself isn't illegal but connecting to a WLAN and using other
people's network resources is Vladimirov et al (2004). In 2004 a 21 year old hacker from
Michigan, USA was convicted to 9 years in prison because he tried to steal credit card
information from a shop in whose WLAN he has hacked before Pierce (2004). According to
the magazine PCFormat (2005) the first UK conviction for Wardriving was made in London
in the middle of 2005 where a man kept turning up in his car outside of his victims flat.
Wireless LAN security in a SOHO environment
page 15 of 94
Conclusion
Without any doubt it can be said that WEP is dead and that it shouldn't be used as the single
security mechanism in WLANs. If WEP is combined with MAC access lists and a hidden
SSID it should still be able to stop `script kiddies'. Against serious hackers WPA with a long
and secure password is a must. If more security is required VPN and some sort of 802.1X
implementation is needed. However this often requires additional hardware and isn't trivial to
set up.
Foresight
With the finalization of 802.11i security in WLANs, this might finally become a reality. The
introduction of a new encryption, namely, AES will boost the security of WLANs quite a bit,
and will render brute force and similar attacks useless. But as the past has shown this is often
just temporary.
Wireless LAN is fast enough for most applications today, things like video-streaming demand
higher bandwidth than what is available. 802.11n has been in the making for quite a while
now but there is a lot of debate going on whether what exactly should be implemented in the
new standard. Recently there has been a movement to try and unite the technologies proposed
by the TGnsync and WWiSE interest groups, but if this compromise will be the foundation
for the new standard remains to be seen (Endres, 2005). However it seems that something
good is coming out of these delays. The original goal of 802.11n was 100 MBit/s or more but
it is now believed that the final version of the standard may be as high as 600 MBIt/s. In the
meantime first fieldtests with 802.16 aka WiMAX (Worldwide Interoperability for
Microwave Access) (Suhl, 2005) have started. This new technology provides up to 70 MBit/s
for a range from 1 50 km.
Faster and more secure Wireless LANs that's definitely something to look forward to!
Wireless LAN security in a SOHO environment
page 16 of 94
3. Methodology
To get things going a Brainstorming session was held. Three students came together and
discussed each project subject for a while and asked questions about the subject such as
"What is it?" "Is this legal?" (See Appendix for Brainstorming log). Brainstorming was
chosen as methodology as it allows to quickly get a series of ideas to work on. It is also quite
useful to do a Brainstorming session in a group to get other viewpoints and ideas. For
example one of my fellow students suggested that WPA might be a good thing to have, but no
one knows how to handle it, thus raising the question of practicability, which wasn't
considered at first. The findings from the Brainstorming session were then refined into a first
rough project structure, and a series of questions that needed to be answered in the process of
the literature review and research. This can be seen as using a top-down approach where
the main topics of the projects are defined and are later refined to create the whole project
structure. This is useful because it is impossible to know every aspect of the project topic at
the beginning and the structure cannot be complete defined at the start, however by using this
methodology one has something to start with. In the process of the literature review the
original rough draft was refined and adjusted where the review added more topics which
haven't been thought of before.
The main methodology for producing the artefact, were experiments. This methodology was
chosen because the WLAN security can be very theoretical to understand and write up. By
adding something more practical in between the project itself, it makes the project much more
fun and the theory can be applied to practice. The signal measurement experiments were done
as "one group pre test/post test" (Walliman, 2004, p. 205). This was done to see the effect,
certain obstacles and changes to the AP have on the WLAN signal. There was only one test
group used, as the measurement results should be roughly the same at every location and
impreciseness can't be avoided due to the inaccurate measurement equipment. A little
impreciseness is also not a problem as only the effect is of interest and not the exact values.
To get some insight on the real-world security needs of a corporate or university wireless
network, an interview was made with Stephan Reichholf who is responsible for the build-up
and maintenance of the campus WLAN at the University of Applied Sciences Deggendorf,
Germany, and the WLAN bridge to the student hostel. As this interview was done via e-mail
it had to be structured (Swetnam, 2004, p.64).
Wireless LAN security in a SOHO environment
page 17 of 94
As WEP has been in the headlines of the news quite a lot in the last few years information on
the insecurities of WEP was easy to find. WEP was perfect as case study of how things should
be and what mistakes can be made along the way. In some way, this can be seen as historical
research (Swetnam 2004, p.39). Although the downfall of WEP began only a few years ago it
can nowadays be seen as being historical, even if it is just a historical failure. This approach
was used to understand why WEP failed, and how proper WLAN security should really look
like.
At the end of the project, finding motivation to finish it was quite low. To counter this
problem a checklist was used. It contained all tasks that still needed to be done divided into
must haves, should haves and could haves (MoSCoW see Avison and Fitzgerald, 2003, p. 97).
Every time a task was finished, it could be crossed out and the more tasks were crossed out
the higher the motivation rose. Sometimes little tricks like this can really help.
3.1.
Timetable and log-keeping
A project of this size requires some sort of planning which in this case was a Gantt chart. It
helps to set deadlines for individual stages (chapters) of the project and gives "satisfaction and
comfort of continuously getting parts of the project out of the way" (Walliman, 2004, p. 85).
To keep log of the process a log sheet was used. There, all achievements of one week were
summarised and plans were made for the next week. This helped to focus on the project at the
beginning but as it became clear that the original timetable had to be adapted anyway, and my
project supervisor was not interested in the project log, it was discontinued when the writing
up of the report started. The achievements were now clearly visible in the progress of the
report and the Gantt chart dictated the plan for the next time period, therefore the log sheet
was no longer needed. However it was quite useful to get things going.
3.2.
The Artefact
Finding the right artefact for the given subject was not that easy. The final idea came from the
project supervisor John McGinn. In order to test the effect different materials have on WLAN
signals, a test environment had to be built. Further investigation had to be done into how
WLAN signals are produced and basic physics concerning this had to be understood. Once
this was done, reliable tools needed to be found to measure the effect on the signal strength.
Wireless LAN security in a SOHO environment
page 18 of 94
3.3.
Methodology reflection
At the beginning of the project, not much thought had been given on using methodology at
all. It was mainly learning by doing. Many of the methodologies were chosen out of pure need
e.g. one for interviews. Others were suggested by the project supervisor (Gantt chart) or were
selected by pure coincidence, e.g. the project log sheet which I found while checking out the
project handbook. In the end it would've been a good idea to give more though about using
proper research methodologies in the first place. Many things could have been done better or
more efficient. The Gantt chart for example was seen by me as being only another annoying
thing that needed to be done along the way, but it really proved to be helpful to plan a big
project like this. The satisfaction of finishing a chapter in time helped me to get going. It was
also quite interesting to see how other students panicked in Easter because they were actually
just starting to work on their projects while I had more or less finished the main body.
However the satisfaction due to this was maybe to high, because in the end a week was
wasted doing nearly nothing. The simple technique of using a check list helped me to finish
the project.
Details
- Seiten
- Erscheinungsform
- Originalausgabe
- Jahr
- 2006
- ISBN (eBook)
- 9783836619233
- DOI
- 10.3239/9783836619233
- Dateigröße
- 1014 KB
- Sprache
- Englisch
- Institution / Hochschule
- University of Wales, Aberystwyth – Computing & Information Technology
- Erscheinungsdatum
- 2008 (September)
- Note
- 1,7
- Schlagworte
- wlan network security
