没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 75
White Paper
Cisco SAFE: Wireless LAN Security in Depth
Authors
Sean Convery (CCIE #4232), Darrin Miller (CCIE #6447), and Sri Sundaralingam are
the primary authors of this white paper. Mark Doering, Pej Roshan, Stacey Albert,
Bruce McMurdo, and Jason Halpern provided significant contributions to this paper
and are the lead architects of Cisco’s reference implementation in San Jose,
California, USA. All are network architects who focus on wireless LAN, VPN, or
security issues.
Abstract
This paper provides best-practice
information to interested parties for
designing and implementing wireless LAN
(WLAN) security in networks utilizing
elements of the Cisco SAFE Blueprint for
networksecurity.AllSAFEwhitepapersare
available at the SAFE Web site:
http://www.cisco.com/go/safe
These documents were written to provide
best-practice information on network
securityand virtual-private-network(VPN)
designs. Although you can read this
document without having read either of the
twoprimarysecuritydesigndocuments,itis
recommended that you read either “SAFE
Enterprise” or “SAFE Small, Midsize and
Remote-User Networks” before
continuing.
This paper frames the WLAN
implementation within the context of the
overall security design. SAFE represents a
system-based approach to security and
VPN design. This type of approach focuses
on overall design goals and translates those
goals into specific configurations and
topologies. In thecontext of wireless, Cisco
recommends that you also consider
network design elements such as mobility
and quality of service (QoS) when deciding
on an overall WLAN design. SAFE is based
on Cisco products and those of its partners.
This document begins with an overview of
the architecture, and then details the
specific designs under consideration.
Becausethisdocumentrevolvesaround two
principal design variations, these designs
are described first in a generic sense, and
then are applied to SAFE. The following
designs are covered in detail:
• Large-network WLAN design
• Medium-network WLAN design
• Small-network WLAN design
• Remote-user WLAN design
Each design may have multiple modules
that address different aspects of WLAN
technology. The concept of modules is
addressed in the SAFE security white
papers.
Following the discussion of the specific
designs, Appendix A details the validation
lab for SAFE wireless and includes
configuration snapshots. Appendix B is a
primer on WLAN. If you are unfamiliar
with basic WLAN concepts, you should
read this section before the rest of the
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 2 of 75
document. Appendix C provides more details on rogue access point detection and prevention techniques. Finally,
Appendix D discusses high availability design criteria for services such as RADIUS and DHCP in order to secure
WLANs.
Audience
Though this document is technical in nature, it can be read at different levels of detail, depending on your level of
interest. A network manager, for example, can read theintroductory sectionsin each area to obtain a good overview
of security design strategies and consideration for WLAN networks. A network engineer or designer can read this
document in its entirety and gain design information and threat analysis details, which are supported by actual
configuration snapshots for thedevices involved. Becausethis document covers a widerange of WLAN deployments,
it may be helpful to read the introductory sections of the paper first and then skip right to the type of WLAN you
are interested in deploying.
Caveats
This document presumes that you already have a security policy in place. Cisco Systems does not recommend
deploying WLANs—or any networking technology—without an associated security policy. Although network
securityfundamentals arementioned in thisdocument, theyarenot describedin detail.Securitywithin thisdocument
is always mentioned as it pertains to WLANs.
Even thoughWLANs introduce security risks, manyorganizations choose to deploy WLANs because they bring user
productivity gains and simplify deployment of small networks. Following the guidelines in this document does not
guarantee a secure WLAN environment, nor does it guarantee that you will prevent all penetrations. By following
the guidelines, you will mitigate WLAN security risks as much as possible.
Though this document contains a large amount of detail on most aspects of wireless security, the discussion is not
exhaustive. In particular, the document does not address wireless bridges, personal digital assistants (PDAs), or
non-802.11-based WLAN technology. In addition, it does not provide specific best practices on general WLAN
deployment and design issues that are not security related.
During the validation of SAFE, real products were configured in the exact network implementation described in this
document. Specific configuration snapshots from the lab are included in Appendix A, “Validation Lab.”
Throughout this document the term “hacker” denotes an individual who attempts to gain unauthorized access to
network resources with malicious intent. Although the term “cracker” is generally regarded as the more accurate
word for this type of individual, hacker is used here for readability.
Architecture Overview
Design Fundamentals
Cisco SAFEwireless emulates as closely as possible thefunctional requirements of today’s networks.Implementation
decisions varied, depending on the network functionality required. However, the following design objectives, listed
in order of priority, guided the decision-making process:
• Security and attack mitigation based on policy
• Authentication and authorization of users to wired network resources
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 3 of 75
• Wireless data confidentiality
• User differentiation
• Access point management
• Authentication of users to network resources
• Options for high availability (large enterprise only)
First and foremost, SAFE wireless needs to provide a secure WLAN connectivity option to enterprise networks. As
a connectivity option, WLAN access must adhere to an organization’s security policy as closely as possible. In
addition, it must provide this access as securely as possible while recognizing the need to maintain as many of the
characteristics of a traditional wired LAN as possible. Finally, WLANs must integrate with existing network designs
based on the SAFE security architecture.
SAFE WLAN Axioms
Wireless Networks Are Targets
Wireless networks have become one of the most interesting targets for hackers today. Organizations today are
deploying wireless technology at a rapid rate, often without considering all security aspects. This rapid deployment
is due, in part, to the low cost of the devices, ease of deployment, and the large productivity gains. Because WLAN
devices ship with all security features disabled, increasing WLAN deployments have attracted the attention of the
hacker community. Several Web sites document freely available wireless connections throughout the United States.
Although most hackers are using these connections as a means to get free Internet access or to hide their identity, a
smaller group sees this situation as an opportunity to break into networks that otherwise might have been difficult
to attack from the Internet. Unlike a wired network, a WLAN sends data over the air and may be accessible outside
the physical boundary of an organization. When WLAN data is not encrypted, the packets can be viewed by anyone
within radio frequency range. For example, a person with a Linux laptop, a WLAN adapter, and a program such as
TCPDUMP can receive, view, and store all packets circulating on a given WLAN.
Interference and Jamming
It is also easy to interfere with wireless communications. A simple jamming transmitter can make communications
impossible.For example,consistentlyhammering anaccesspoint withaccessrequests, whethersuccessful or not,will
eventually exhaust its available radio frequency spectrumand knock it off thenetwork. Other wireless services inthe
same frequency range as a WLAN can reduce the range and usable bandwidth of the WLAN. “Bluetooth”
technology, used to communicate between handsets and other information appliances, is one of many technologies
today that use the same 2.4-GHz radio frequency as WLAN devices and can interfere with WLAN transmissions.
MAC Authentication
WLAN access points can identify every wireless card ever manufactured by its unique Media Access Control (MAC)
address that is burned into and printed on the card. Some WLANs require that the cards be registered before the
wirelessservices canbeused. Theaccesspoint thenidentifiesthe cardbythe user,but thisscenariois complexbecause
every access point needs to have access to this list. Even if it were implemented, it cannot account for hackers who
use WLAN cards that can be loaded with firmware that does not use the built-in MAC address, but a randomly
chosen, or deliberately spoofed, address. Using this spoofed address, a hacker can attempt to inject network traffic
or spoof legitimate users.
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 4 of 75
Ad Hoc Versus Infrastructure Modes
Most WLANs deployed by organizations operate in a mode called “infrastructure.” In this mode, all wireless clients
connect through an access point for all communications. You can, however, deploy WLAN technology in a way that
forms anindependent peer-to-peernetwork, which is more commonly called anad hoc WLAN. Inan ad hoc WLAN,
laptopor desktopcomputersthat are equippedwith compatible WLANadapters andarewithin range ofone another
can share files directly, without the use of an access point. The range varies, depending on the type ofWLAN system.
Laptop and desktop computers equipped with 802.11b or 802.11a WLAN cards can create ad hoc networks if they
are within at least 500 feet of one another.
The security impact of ad hoc WLANs is significant. Many wireless cards, including some shipped as a default item
by PC manufacturers, supportad hoc mode.When adapters usead hoc mode,any hacker with an adapter configured
for ad hoc mode and using the same settings as the other adapters may gain unauthorized access to clients.
Denial or Degradation of Service
802.11 management messages including the beacon, probe request or response, association request or response,
re-association request or response, disassociation, and de-authentication are not authenticated. Without
authenticating these management messages, denial-of-service (DoS) attacks are possible. An example of this type of
DoS attack has been demonstrated with open source tools such as wlan-jack.
Wireless Networks Are Weapons
Arogue access pointisone thatisaccessible to anorganization’s employeesbutis not managedasa partofthe trusted
network. Most rogue access points are installed by employees for which IT is not providing WLAN access. A typical
rogue access point, then, is an inexpensive one that an employee purchases and installs by plugging it into an
available switch port, often with no security measures enabled. A hacker, even one outside the physical boundaries
of an organization’s facilities,can gain accessto thetrusted networksimply byassociating witha rogueaccess point.
Another type of rogue access point is one that masquerades as a trusted access point and tricks WLAN users into
associating with it, thereby enabling a hacker to manipulate wireless frames as they cross the access point.
The threat posed by rogue access points can be mitigated by preventing their deployment and detecting those rogue
accesspoints thataredeployed. Thefollowingcomponents arerequired inorderto mitigatethethreat ofrogue access
points. A detailed discussion of these points can be found in Appendix C, “Rogue Access Point Additional
Information.”
Prevention
• Corporate policy
• Physical security
• Supported WLAN infrastructure
• 802.1X port-based security on edge switches
Detection
• Using wireless analyzers or sniffers
• Using scripted tools on the wired infrastructure
• Physically observing WLAN access point placement and usage
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 5 of 75
802.11 Is Insecure
As discussed in the primer (Appendix B), 802.11b and 802.11a are the most widely deployed WLAN technologies
today. Traditional 802.11 WLAN security includes the use of open or shared-key authentication and static wired
equivalent privacy (WEP) keys. This combination offers a rudimentary level of access control and privacy, but each
element can be compromised. The following sections describe these elements and the challenges of their use in
enterprise environments.
Authentication
The 802.11 standard supports two means of client authentication: open and shared-key authentication. Open
authentication involves little more than supplying the correct service set ID (SSID). Withopen authentication,the use
of WEP prevents the client from sending data to and receiving data from the access point, unless the client has the
correct WEPkey. Withshared-key authentication, theaccess point sends the client device achallenge text packet that
the client must then encrypt with the correct WEP key and return to the access point. If the client has the wrong key
or no key, authentication will fail and the client will not be allowed to associate with the access point. Shared-key
authentication is not considered secure because a hacker who detects both the clear text challenge and the same
challenge encrypted with a WEP key can decipher the WEP key.
Key Management
Another type of key that is often used—but is not considered secure—is a “static” WEP key. A static WEP key is a
key composed of either 40 or 128 bits that is statically defined by the network administrator on the access point and
all clients that communicate with the access point. When static WEP keys are used, a network administrator must
perform the time-consuming task of entering the same keys on every device in the WLAN.
If a device that uses static WEP keys is lost or stolen, the possessor of the stolen device can access the WLAN. An
administrator will not be able to detectthat an unauthorized user has infiltrated the WLAN until and unless the theft
is reported.The administrator must thenchange the WEP keyon every device thatuses the same static WEP key used
by the missing device. In a large enterprise WLAN with hundreds or even thousands of users, this can be a daunting
task. Worse still, if a static WEP key is deciphered through a tool such as AirSnort, the administrator has no way of
knowing that the key has been compromised by a hacker.
WEP
The 802.11 standards define WEP as a simple mechanism to protect the over-the-air transmission between WLAN
access points and network interface cards (NICs). Working at the data link layer, WEP requires that all
communicating parties share the same secret key. To avoid conflicting with U.S. export controls that were in effect
at the time the standard was developed, 40-bit encryption keys were required by IEEE 802.11b, though many
vendors now support the optional 128-bit standard. WEP can be easily cracked in both 40- and 128-bit variants by
using off-the-shelf tools readily available on the Internet. On a busy network, 128-bit static WEP keys can be
obtained in as little as 15 minutes, according to current estimates. These attacks are described in more detail in the
following paragraphs.
剩余74页未读,继续阅读
资源评论
aaf812000
- 粉丝: 39
- 资源: 222
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功