Items to consider when implementing a secured wireless implementation include:
- Client and access point authentication
- Wireless network encryption
It was once thought that simply hiding or cloaking the presence of the wireless network was sufficient to thwart attackers. And adding MAC address filtering to limit host access was considered a valid method to "authenticate" hosts. Both of these methods have proven to be ineffective to secure a wireless network implementation. Cloaking or attempting to hide an SSID is easily undermined by the inherent nature of wireless network communication design. When a host has already connected to a hidden network, the next time the wireless card is enabled, the hosts will automatically send a beacon frame with the SSID in an attempt to find an access point serving the network. This traffic is sent in the clear and can be sniffed out of the airwaves. Once the network SSID is broadcast freely into the airwaves, it is no longer hidden or secret. Think of hidden SSID as camouflage. Camouflage is not meant to make the camouflaged thing invisible, but harder to see at first glance. The SSID may not be apparent at first, but a little patience and it will appear and be available for attack.
As for MAC address filtering, a similar behavior is exhibited by the wireless network. To recall, a MAC address is the unique burned-in hardware address of the network interfaces on a network device. Because this value is unique, using MAC address filtering in theory would allow limited access to the wireless network based on this unique address. Due to the broadcast nature of wireless networking, with a little time sniffing the airwaves, available SSIDs can be learned in addition to successfully connected hosts. With easily accessible tools to spoof MAC addresses and send a deauthentication frame, an attacker can gain access to the wireless network as the valid hosts. In this type of implementation, host authentication is achieved solely by the use of the unique MAC address. The access point has no other method to validate the connecting hosts; with a matching MAC address on the allow list, access is granted.
Due to these limitations and easy circumvention both of these methods are ineffective for securing a wireless network implementation. The following sections provide detailed methods for securing wireless networks using more advanced authentication and encryption configuration.
An important part of configuring a secure wireless network is authentication. Authentication is the method to prove a user or system is who or what they say they are. In the case of user access to the wireless network, the user has to provide either a valid key, or username password pair (credentials) to gain access to the network. There are primarily two methods of authentication: shared key and 802.1X. Shared key authentication is typical for home user wireless networks, but enterprise wireless networks commonly use some form of 802.1X authentication leveraging a user directory, certificates, two-factor authentication, or some variation of technologies. In some cases, the enterprise may have to leverage a shared key authentication method because of limitations of devices using the wireless network or due to the lack of 802.1X capabilities. Commonly shared key implementations are called personal and 802.1X implementations are called enterprise. Both will be covered to explain the differences, advantages, and caveats of implementing each method.
The shared key method of authenticating to a wireless network is the simplest method from a configuration perspective, however, long-term support of the solution and security are significant areas of concern for a large-scale enterprise implementation. Implementation is very simple with a shared key configuration; devices only need the SSID and the correct shared key to connect. This is the extent of the configuration and authentication process. The secret key is typically stored locally on devices for ease of connecting to the wireless network. The key storage method varies by implementation and should be understood by the security team to determine if additional controls should be implemented to protect the key. In the case of Microsoft Windows, the key is hashed several times using the SSID and key combination and stored in the registry. This process ensures the key is stored securely, mitigating easy compromise. To authenticate with the access point, the device does not actually send the key over the air, instead a hash representation is sent. If the value matches, the access point knows the key is correct and completes the authentication process. Security issues with this type of implementation are explained in the next section. Shared key authentication should be cautiously used in the enterprise or used in very limited and low-risk portions of the network.
There are several caveats to using a shared key authentication configuration in an enterprise network. Because the key may be a static value on a device or in storage, it can be extracted and cracked offline or brute forced online, as this method does not prevent this attack via account lock out. Also, the key must be shared in order for every device to connect to the network; this philosophically is an issue with secret keys (not really secret if everyone knows it) and mandates a regular rotation of keys to remain more secure. Anytime a shared key has to be rotated, every device must be reconfigured with the new key. Depending on the size of the enterprise, this can be a significant amount of work and impacts the enterprise. The wireless secret should be managed through a formal key management program enforcing key rotation at a minimum when a user with knowledge of the key moves positions or leaves the company, becomes compromised, or has reached the end of the accepted crypto period (length of time a key may be in use).
The Institute of Electrical and Electronics Engineers (IEEE) standard for authenticating to a wireless network is 802.1X. This standard is commonly known as the enterprise authentication method in wireless deployments, an example is WPA2-Enterprise. The 802.1X standard relies on several components to provide security including client software (for example, Microsoft's Wireless Zero Configuration) known as the supplicant, authenticator (in this scenario an access point), and an authentication server such as Active Directory for user authentication. For this type of wireless authentication, users do not need a secret pre-shared key, only the correct client configuration and valid credentials managed by the authentication server. Benefits to this authentication method include no key management and directory storage of user credentials enforcing wireless security policy. Examples of security that can be added include account lockout after a number of consecutive login failures, minimum password length and strength, and centralized account management. With the additional security features and no secret key to protect from compromise, this is the only method that should be considered for enterprise wireless networking implementation.
Some wireless solutions allow the enterprise to offer "guest" wireless access to non-employees for access to the Internet or limited internal network access. In this scenario, a local credential store for time limited access to the wireless network would make sense especially if the requesting user is truly a guest. Adding an account to the central credential store would be more involved and potentially introduce security risks to the enterprise. Leveraging the wireless solution itself for authentication is hybrid in the fact that neither a shared key nor a central user directory is used for authentication; it is native to the wireless solution. Minimal to no risk should be introduced with the guest wireless access because it should have no access to the production wireless or wired networks unless in a limited manner with security controls implemented to enforce restricted access.
Another method of authentication using 802.1X is user-based certificates and two-factor authentication schemes. Both require user credentials (username and password) in addition to having a valid certificate or token, essentially providing two-factor authentication, something you have and something you know. User certificates have traditionally been accepted as a second factor of authentication to add to user credentials serving as a two-factor method. The benefit of these methods is that a portion of the user's credentials can be revoked or changed without affecting everything. For instance, the user's password can be changed but the certificate does not have to be revoked. If the certificate is compromised, it can be revoked and the user never has to change their password. The added security is one portion of the authentication method can be compromised and access will not be permitted without the other authentication component. It can be argued that a certificate is a questionable component of two-factor authentication, but it has one of the characteristics that are required of the 'something you have, something you know, and/or something you are', while in this case the password is 'something you know'.
Implementing 802.1X does require other services that may not be implemented in a small enterprise but are common in the medium and large enterprise such as a user directory, certificate authority servers, token-based technologies, and other two-factor solutions. Using 802.1X for wireless authentication is considered the enterprise solution and offers several enhancements over the pre-shared key personal authentication configurations, but there are complexities that may not allow an implementation to use this method. Some devices cannot be configured to use an enterprise configuration for wireless and have been purposely limited due to processing power associated with encryption algorithms offered on enterprise implementations. Because users will use their primary network credentials to authenticate, a misconfigured host can lockout a user's account. While this does not seem like a real issue, it should be accounted for from an operations perspective so the help desk can resolve the issue quickly.
The enterprise will need to create procedures for using the chosen 802.1X authentication method and account management such as user account provisioning and revocation. If the authentication method is certificate based, the length of validity must be determined, and a process for renewal should be in place to ensure service to users is not impacted. Because two-factor solutions provide additional authentication capabilities, some in rather unique ways, there may be specialized operational requirements for administration, use, and maintenance. The skill required for each must be understood to ensure the proper skill set is in-house to operate as an enterprise class service to users. An improper implementation and configuration of the user directory can minimize such an implementation to simply an authentication mechanism, not necessarily a secure authentication mechanism. Proper security should be configured within the chosen 802.1X method. Examples include password complexity, minimum password length requirements, securing certificate server and store, and proper system protection for each component to ensure accounts are not compromised in another fashion and the wireless used as a second stage in a network compromise.
This section will cover the protection mechanisms available with the existing wireless standards and implementations. Some implementations should be avoided and others are highly recommended. The protection of wireless transmissions is of utmost importance because the data is literally flying through the airwaves with no physical boundaries such as those available in a wired network implementation. Knowing what implementations to avoid, and what configurations provide the most security are covered in the following sections.
Each of the wireless standards such as WEP, WPA1, and WPA2 have supported encryption protocols that can be used to secure the wireless setup communications along with payload containing user data. WEP was the first solution and since has been broken, and the use of the more secure WPA1 and WPA2 are recommended. There are new methods of breaking these wireless protocols being developed, so before settling on a method it is important to understand the weaknesses along with the strengths that can be leveraged natively or require other methods to secure.
WEP and WPA1 will be covered more for a brief historical purpose but to also communicate that WEP must absolutely be abandoned, and WPA1 has weaknesses that should lead to the abandonment of its use in the home and enterprise.
Wired Equivalent Privacy (WEP) was the first method of implementing security for wireless networks. The encryption used is RC4 and supports 40-bit and 104-bit key lengths. The issue with WEP was the method by which data is sent back and forth with the wireless access point; it is a predictable algorithm with repeatable output that with enough management packets captured, the pre-shared key could be learned. Easy to find and use tools such as the Aircrack-ng suite make this task trivial and therefore WEP should never be used on any wireless network.
The next generation of security for wireless networks came in Wi-Fi Protected Access (WPA). With WPA, the Temporal Key Integrity Protocol (TKIP) was introduced to provide an additional level of security per packet. In this implementation, each packet has a uniquely generated encryption key versus the static key used with WEP. The primary benefit being that if somehow a key was compromised, it is only good for the one packet and subsequent packets would use a new unique key and will require each packet key to be compromised in order to compromise an entire conversation. In addition to this enhancement, an improved integrity method was implemented to mitigate replay attacks that were easy to accomplish with the CRC method used in WEP. Unfortunately, there are vulnerabilities present in WPA too that allow the cracking of WPA when using pre-shared keys. The weakness is a legacy from WEP and is present in TKIP implementations.
When implemented correctly, in enterprise mode with no pre-shared key, WPA2 is the most secure and recommended wireless encryption solution. With the introduction of AES-CCMP for authentication and encryption, there is no real comparison to WEP or WPA from a security perspective. Though more system resources are required when implementing AES, the benefit is that there are no known attacks outside of a weak PSK if present. At the time of writing, the only known vulnerability with WPA2 is when it is implemented using a PSK allowing brute-force attacks to gain access to the wireless network.