CompTIA Security+® All-in-One Exam Guide, Fifth Edition (Exam SY0-501)

CHAPTER 28 Wireless Security

In this chapter, you will

• Learn about the security implications of wireless networks

• Learn about the security built into different versions of wireless protocols

• Identify the different 802.11 versions and their security controls

• Install and configure wireless security settings

Wireless is increasingly the way people access the Internet. Because wireless access is considered a consumer benefit, many businesses add wireless access points to lure customers into their shops. With the rollout of third-generation (3G) and fourth-generation (4G) cellular networks, people are also increasingly accessing the Internet from their mobile phones. The massive growth in popularity of nontraditional computers such as netbooks, e-readers, and tablets has also driven the popularity of wireless access.

As wireless use increases, the security of the wireless protocols has become a more important factor in the security of the entire network. As a security professional, you need to understand wireless network applications because of the risks inherent in broadcasting a network signal where anyone can intercept it. Sending unsecured information across public airwaves is tantamount to posting your company’s passwords by the front door of the building. This chapter looks at several current wireless protocols and their security features.

Certification Objective This chapter covers CompTIA Security+ exam objective 6.3, Given a scenario, install and configure wireless security settings. This is a good candidate for performance-based questions, which means you should expect questions in which you must apply your knowledge of the topic to a scenario. The best answer to a question will depend upon specific details in the scenario preceding the question, not just the question. The question may also involve tasks other than just picking the best answer from a list. Instead, it may involve actual simulation of steps to take to solve a problem.

Cryptographic Protocols

Wireless networks, by their very nature, make physical security protections against rogue connections difficult. This lack of a physical barrier makes protection against others eavesdropping on a connection also a challenge. Cryptographic protocols are the standards used to describe cryptographic methods and implementations to ensure interoperability between different vendors equipment.

WEP

The designers of the 802.11 protocol also attempted to maintain confidentiality in wireless systems by introducing Wired Equivalent Privacy (WEP), which uses a cipher to encrypt the data as it is transmitted through the air. WEP was initially a success, but over time several weaknesses were discovered in this protocol. WEP has been shown to have an implementation problem that can be exploited to break security. WEP encrypts the data traveling across the network with an RC4 stream cipher, attempting to ensure confidentiality. (The details of the RC4 cipher are covered in Chapter 27.) This synchronous method of encryption ensures some method of authentication. The system depends on the client and the access point (AP) having a shared secret key, ensuring that only authorized people with the proper key have access to the wireless network. WEP supports two key lengths, 40 and 104 bits, though these are more typically referred to as 64 and 128 bits. In 802.11a and 802.11g, manufacturers extended this to 152-bit WEP keys. This is because in all cases, 24 bits of the overall key length are used for the initialization vector (IV).

The IV is the primary reason for the weaknesses in WEP. The IV is sent in the plaintext part of the message, and because the total keyspace is approximately 16 million keys, the same key will be reused. Once the key has been repeated, an attacker has two ciphertexts encrypted with the same key stream. This allows the attacker to examine the ciphertext and retrieve the key. This attack can be improved by examining only packets that have weak IVs, reducing the number of packets needed to crack the key. Using only weak IV packets, the number of required captured packets is reduced to around four or five million, which can take only a few hours on a fairly busy AP. For a point of reference, this means that equipment with an advertised WEP key of 128 bits can be cracked in less than a day, whereas to crack a normal 128-bit key would take roughly 2,000,000,000,000,000,000 years on a computer able to attempt one trillion keys a second. AirSnort is a modified sniffing program that can take advantage of this weakness to retrieve the WEP keys.

The biggest weakness of WEP is that the IV problem exists, regardless of key length, because the IV always remains at 24 bits. Most APs also have the ability to lock in access only to known MAC addresses, providing a limited authentication capability. Given sniffers’ capacity to grab all active MAC addresses on the network, this capability is not very effective. An attacker simply configures his wireless cards to a known good MAC address.

Images

EXAM TIP WEP is no longer listed under any Security+ exam objectives, but the facts and background are relevant to WPA and WPA2 and illustrate how we got to where we are.

WPA

The first standard to be used in the market to replace WEP was Wi-Fi Protected Access (WPA). This standard uses the flawed WEP algorithm with the Temporal Key Integrity Protocol (TKIP). TKIP works by using a shared secret combined with the card’s MAC address to generate a new key, which is mixed with the IV to make per-packet keys that encrypt a single packet using the same RC4 cipher used by traditional WEP. This overcomes the WEP key weakness, as a key is used on only one packet. The other advantage to this method is that it can be retrofitted to current hardware with only a software change, unlike Advanced Encryption Standard (AES) and 802.1X (an authentication protocol discussed later in the chapter).

While WEP uses a 40-bit or 104-bit encryption key that must be manually entered on wireless access points and devices and does not change, TKIP employs a per-packet key, generating a new 128-bit key for each packet. This can generally be accomplished with only a firmware update, enabling a simple solution to the types of attacks that compromise WEP.

WPA also suffers from a lack of forward secrecy protection. If the WPA key is known, as in a public Wi-Fi password, then an attacker can collect all the packets from all of the connections and decrypt packets later. This is why, when using public Wi-Fi, you should always use a secondary means of protection, either a VPN or a TLS-based solution, to protect your content. These flaws have resulted in WPA being considered a stopgap measure until WPA2 is widely adopted.

WPA2

IEEE 802.11i is the standard for security in wireless networks and is also known as Wi-Fi Protected Access 2 (WPA2). It uses 802.1X to provide authentication and uses AES as the encryption protocol. WPA2 uses the AES block cipher, a significant improvement over WEP’s and WPA’s use of the RC4 stream cipher. The 802.11i standard specifies the use of CCMP, discussed next.

CCMP

CCMP stands for Counter Mode with Cipher Block Chaining–Message Authentication Code Protocol (or Counter Mode with CBC-MAC Protocol). CCMP is a data encapsulation encryption mechanism designed for wireless use. CCMP is actually the mode in which the AES cipher is used to provide message integrity. Unlike WPA, CCMP requires new hardware to perform the AES encryption.

TKIP

Temporal Key Integrity Protocol (TKIP) was created as a stopgap security measure to replace the WEP protocol without requiring the replacement of legacy hardware. The breaking of WEP had left Wi-Fi networks without viable link-layer security, and a solution was required for already deployed hardware. TKIP works by mixing a secret root key with the IV before the RC4 encryption. WPA/TKIP uses the same underlying mechanism as WEP, and consequently is vulnerable to a number of similar attacks. TKIP is no longer considered secure and has been deprecated with the release of WPA2.

Images

EXAM TIP Understanding which protocol to use based on a scenario requires you to know the differences and reasons for each of the protocols on the exam. The question will focus on the scenario, not the protocols, so you need to be able to apply that logic.

Authentication Protocols

Authentication protocols are the standardized methods used to provide authentication services, and in the case of wireless networks, remotely. Wireless networks have a need for secure authentication protocols. You need to understand the following authentication protocols for the Security+ exam: EAP, PEAP, EAP-FAST, EAP-TLS, EAP-TTLS, IEEE 802.1X, and RADIUS via RADIUS Federation sources.

EAP

The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands on authentication methods used by the Point-to-Point Protocol (PPP). PPP is a protocol that was commonly used to directly connect devices to each other. EAP is designed to support multiple authentication mechanisms, including tokens, smart cards, certificates, one-time passwords, and public key encryption authentication. EAP has been expanded into multiple versions, some of which are covered in the following sections. EAP is defined in RFC 2284 (obsoleted by 3748).

PEAP

PEAP, or Protected EAP, was developed to protect the EAP communication by encapsulating it with TLS. This is an open standard developed jointly by Cisco, Microsoft, and RSA. EAP was designed assuming a secure communication channel. PEAP provides that protection as part of the protocol via a TLS tunnel. PEAP is widely supported by vendors for use over wireless networks.

EAP-FAST

The Wi-Fi Alliance added EAP-FAST to its list of supported protocols for WPA/WPA2 in 2010. EAP-FAST (EAP Flexible Authentication via Secure Tunneling) is described in RFC 4851 and proposed by Cisco to be a replacement for LEAP, a previous Cisco version of EAP. It offers a lightweight tunneling protocol to enable authentication. The distinguishing characteristic is the passing of a Protected Access Credential (PAC) that is used to establish a TLS tunnel through which client credentials are verified.

EAP-TLS

The Wi-Fi Alliance also added EAP-TLS to its list of supported protocols for WPA/WPA2 in 2010. EAP-TLS is an IETF open standard (RFC 5216) that uses the Transport Layer Security (TLS) protocol to secure the authentication process. EAP-TLS relies on Transport Layer Security (TLS), an attempt to standardize the SSL structure to pass credentials. This is still considered one of the most secure implementations, primarily because common implementations employ client-side certificates. This means that an attacker must also possess the key for the client-side certificate to break the TLS channel.

EAP-TTLS

The Wi-Fi Alliance also added EAP-TTLS to its list of supported protocols for WPA/WPA2 in 2010. EAP-TTLS (the acronym stands for EAP–Tunneled TLS Protocol) is a variant of the EAP-TLS protocol. EAP-TTLS works much the same way as EAP-TLS, with the server authenticating to the client with a certificate, but the protocol tunnels the client side of the authentication, allowing the use of legacy authentication protocols such as Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), MS-CHAP, or MS-CHAP-V2. In EAP-TTLS, the authentication process is protected by the tunnel from man-in-the-middle attacks, and although client-side certificates can be used, they are not required, making this easier to set up than EAP-TLS to clients without certificates.

Images

EXAM TIP There are two key elements concerning EAP. First, it is only a framework to secure the authentication process, not an actual encryption method. Second, many variants exist, and understanding the differences, and how to recognize them in practice, between EAP, EAP-FAST, EAP-TLS, and EAP-TTLS is important for the exam.

IEEE 802.1X

IEEE 802.1X is an authentication standard that supports port-based authentication services between a user and an authorization device, such as an edge router. IEEE 802.1X is commonly used on wireless access points as a port-based authentication service prior to admission to the wireless network. IEEE 802.1X over wireless uses either IEEE 802.11i or EAP-based protocols, such as EAP-TLS or PEAP-TLS.

RADIUS Federation

Using a series of RADIUS servers in a federated connection has been employed in several worldwide RADIUS federation networks. One example is the EDUROAM project that connects users of education institutions worldwide. The process is relatively simple in concept, although the technical details to maintain the hierarchy of RADIUS servers and routing tables is daunting at worldwide scale. A user packages their credentials at a local access point using a certificate-based tunneling protocol method. The first RADIUS server determines which RADIUS server to send the request to, and from there the user is authenticated via their home RADIUS server and the results are passed back, permitting a joining to the network.

Because the credentials must pass multiple different networks, the EAP methods are limited to those with certificates and credentials to prevent loss of credentials during transit. This type of federated identity at global scale demonstrates the power of RADIUS and EAP methods.

Methods

As previously described, historically, multiple protocols have been developed to support the securing of wireless networks, including WEP, WPA, and WPA2. WEP is by all practical means no longer a viable method of maintaining any significant security. WPA is not much better, which leaves us primarily with WPA2. WPA2 has several modes, PSK and Enterprise, which will be discussed below. In an attempt to simplify setup for home users, WPS was created and it will be covered in the next section. The final method is the captive portal, a means of capturing a guest user and forcing a sign-in process across a web-based connection to establish a connection to an open Wi-Fi network.

Images

EXAM TIP CompTIA expects you to understand several methods of installing and configuring wireless security settings, including the WPA2 options, Wi-Fi Protected Setup, and the captive portal, a means of capturing a guest user and forcing a sign-in process across a web-based connection to establish a connection to an open Wi-Fi network.

PSK vs. Enterprise vs. Open

When building out a wireless network, you must decide how you are going to employ security on the network. Specifically, you need to address who will be allowed to connect, and what level of protection will be provided in the transmission of data between mobile devices and the access point.

Both WPA and WPA2, discussed in detail earlier in the chapter, have two methods to establish a connection, PSK and Enterprise. PSK stands for pre-shared key, which is exactly what it sounds like, a secret that has to be shared between users. A PSK is typically entered as a passphrase of up to 63 characters. This key must be securely shared between users, as it is the basis of the security provided by the protocol. The PSK is converted to a 256-bit key that is then used to secure all communications between the device and access point. PSK has one particular vulnerability: simple and short PSKs are at risk of brute force attempts. Keeping the PSK at least 20 random characters long or longer should mitigate this attack vector.

In Enterprise mode, the devices use IEEE 802.1X and a RADIUS authentication server to enable a connection. This method allows the use of usernames and passwords and provides enterprise-class options such as network access control (NAC) integration, multiple random keys, instead of everyone sharing the same PSK. If everyone has the same PSK, then secrecy between clients is limited to other means, and in the event of one client failure, others could be compromised.

In WEP-based systems, there are two options, Open System authentication and shared key authentication. Open System authentication is not truly authentication, for it is merely a sharing of a secret key based on the SSID. The process is simple: the mobile client matches SSID with the access point and requests a key (called authentication) to the access point. Then the access point generates an authentication code (the key, as there is no specific authentication of the client), a random number intended for use only during that session. The mobile client uses the authentication code and joins the network. The session continues until disassociation either by request or loss of signal.

Images

EXAM TIP Understand the differences between PSK, Enterprise, and Open authentication.

WPS

Wi-Fi Protected Setup (WPS) is a network security standard that was created to provide users with an easy method of configuring wireless networks. Designed for home networks and small business networks, this standard involves the use of an eight-digit PIN to configure wireless devices. WPS consists of a series of EAP messages and has been shown to be susceptible to a brute force attack. A successful attack can reveal the PIN and subsequently the WPA/WPA2 passphrase and allow unauthorized parties to gain access to the network. Currently, the only effective mitigation is to disable WPS.

Setting Up WPA2

If WPS is not safe for use, how does one set up WPA2? To set up WPA2, you need to have several parameters. Figure 28-1 shows the screens for a WPA2 setup in Windows.

Images

Figure 28-1 WPA2 setup options in Windows

The first element is to choose a security framework. When configuring an adapter to connect to an existing network, you need to match the choice of the network. When setting up your own network, you can choose whichever option you prefer. There are many selections, but for security purposes, you should choose WPA2-Personal (PSK) or WPA2-Enterprise. Both of these require the choice of an encryption type, either TKIP or AES. TKIP has been deprecated, so choose AES. The last element is the choice of the network security key—the secret that is shared by all users. WPA2-Enterprise, which is designed to be used with an 802.1X authentication server that distributes different keys to each user, is typically used in business environments. These elements set up Windows for connection to the router, whose settings are shown in Figure 28-2. In reality, the settings are established by the router, so the clients need to match what the access point is offering if they are to connect, so the “master” is the access point or router.

Images

Figure 28-2 WPA2 setup options on an access point/wireless router.

Captive Portals

Captive portal refers to a specific technique of using an HTTP client to handle authentication on a wireless network. Frequently employed in public hotspots, a captive portal opens a web browser to an authentication page. This occurs before the user is granted admission to the network. The access point uses this simple mechanism by intercepting all packets and returning the web page for login. The actual web server that serves up the authentication page can be in a walled-off section of the network, blocking access to the Internet until the user successfully authenticates.

Chapter Review

In this chapter, you became acquainted with the cryptographic protocols, authentication protocols, and methods utilized to secure wireless traffic. Wireless networking uses a specific set of cryptographic protocols, beginning with the now deprecated WEP, and progressing through WPA and WPA2. The protocols of CCMP and TKIP are utilized in securing wireless connections.

Authentication is achieved via EAP and a whole host of variants of EAP, including PEAP, EAP-FAST, EAP-TLS, and EAP-TTLS. Additionally, IEEE 802.1X and RADIUS federation can be employed for authentication.

Setting up the correct set of protocols to secure wireless is done by using one of several methods. Both WPA and WPA2 offer PSK and Enterprise options, whereas WEP-based systems offer Open System authentication and shared key authentication. WEP should be avoided today because of its inherent weaknesses. Other methods include WPS or manually setting up WPA2, or in the case of third-party providers, the use of captive portals.

Questions

To help you prepare further for the CompTIA Security+ exam, and to test your level of preparedness, answer the following questions and then check your answers against the correct answers at the end of the chapter.

1. You are building out a corporate Wi-Fi network that is intended for use only by corporate employees using corporate laptops (no guest access) and must be highly secure. Which of the following is the best solution?

A. WPA

B. WPA2-PSK

C. WPA2-Enterprise

D. WPS

2. Why would WPA be considered a stopgap fix for the issues with WEP?

A. It modernizes Wi-Fi with a new encryption cipher.

B. It provides for using temporary WEP keys to avoid the weakness in WEP, but does not replace the underlying encryption cipher.

C. It overlays TLS connections on top of the existing WEP encryption to tunnel all traffic back to the access point, but it does not enhance the underlying encryption cipher.

D. It enforces the use of long-key WEP while having an autogenerated MAC filtering list to avoid potential eavesdropping.

3. List four Wi-Fi authentication protocols:

_________________

4. You are tasked with the implementation of Wi-Fi in Enterprise mode. The initial network diagram shows only the updated access points and network switches. What component is missing from the diagram?

A. Guest wireless

B. NAC server

C. Authentication server

D. Certificate authority

5. Why is WPA2-Personal not ideal for a large organization?

A. It has weak encryption.

B. The pre-shared key must be securely shared with all users.

C. It has only an eight-digit pin.

D. It uses Open System authentication.

6. How does Open System authentication differ from a pre-shared key?

A. Open System authentication only matches the SSID of the system, which is part of all the Wi-Fi packets, so there is no real authentication as with a pre-shared key.

B. Open System authentication uses a more complex hashing algorithm to pad the encryption key.

C. Open System authentication requires a RADIUS server.

D. Open System authentication is best suited for Enterprise applications.

7. Why is enabling WPS not recommended?

A. It uses WEP-based encryption.

B. The lack of support for AES.

C. The use of an eight-digit PIN makes it susceptible to brute force attacks.

D. All of the above.

8. You are implementing a new wireless system to allow access in all buildings of your corporate campus. You have selected WPA2-Enterprise with 802.1X and a RADIUS server. What is the most efficient way to allow visitors access to the wireless network?

A. Set up an air-gapped wireless network with Open System authentication enabled so that visitors can easily get access.

B. Have a series of one-time-use authentication tokens available at the front guard desk so that visitors can use 802.1X and the RADIUS server.

C. Add all visitors to your Active Directory so they can log onto the wireless natively.

D. Implement a captive portal.

9. What is the primary vulnerability of pre-shared keys?

A. They have a weak initialization vector.

B. They could have too low a key strength.

C. They can be brute forced.

D. All of the above.

10. What allows RADIUS to scale to a worldwide authentication network?

A. Strong encryption

B. Certificate-based tunneling and EAP

C. CCMP-delegated authentication

D. Two-factor authentication

11. Why should you use a VPN when attached to a public WPA hotspot?

A. Anyone with the key can store all the packets for later decryption.

B. Public Wi-Fi networks are set up for man-in-the-middle attacks.

C. To ensure browser secrecy.

D. An attacker could sniff your RADIUS packets.

12. How does TKIP improve security?

A. It uses stronger authentication.

B. It changes the WEP padding algorithm.

C. It uses a different key for each packet.

D. It uses SSL VPN tunneling.

13. What makes EAP-TLS so hard for an attacker to break?

A. The user’s key is held by the RADIUS server.

B. The encryption keys are escrowed.

C. The access point enforces client isolation as part of the protocol.

D. The client-side key is needed to break the TLS tunnel.

14. Which authentication protocol uses a Protected Access Credential (PAC)?

A. PEAP

B. EAP-FAST

C. EAP-TLS

D. EAP-TTLS

15. Which authentication protocol uses mandatory client-side certificates, making it more challenging to maintain if guest access is provided to visitors?

A. PEAP

B. EAP-FAST

C. EAP-TLS

D. EAP-TTLS

Answers

1. C. WPA2-Enterprise is the correct version of WPA2 for this setup, as it uses enterprise-grade options to establish a shared secret.

2. B. WPA is a stopgap due to its software-only implementation in that it still uses the flawed WEP RC4 cipher, albeit with temporary keys.

3. The Wi-Fi authentication protocols listed in the exam objectives include EAP, PEAP, EAP-FAST, EAP-TLS, EAP-TTLS, IEEE 802.1X, and RADIUS.

4. C. Enterprise mode mandates authentication, so an authentication server, typically RADIUS, is required.

5. B. WPA2 in Personal mode uses a pre-shared key, and this key must be shared with all users, which is challenging in a large organization.

6. A. Open System authentication only matches to the SSID and generates a random number from that. Because the SSID is part of the Wi-Fi packets, there is no real authentication.

7. C. WPS uses an eight-digit pin and is subject to brute force attacks.

8. D. Implementing a captive portal will ensure that users can easily authenticate and gain access.

9. C. Any pre-shared keys can be configured to be short, and therefore susceptible to a brute force attack. The defense against this is to always use long and complex PSKs.

10. B. The use of SSL-based tunneling and EAP packets makes the distributed authentication of RADIUS possible.

11. A. The reason to use a VPN on any public Wi-Fi network is that, as a shared network, attackers may be attempting to capture all the traffic. In a public Wi-Fi configured with WEP or WPA, using a shared key also allows attackers to easily decrypt the traffic.

12. C. TKIP uses temporal keys, so there is a new key for every packet.

13. D. The TLS connection uses a client key, so the attacker would need this key before being able to break the TLS tunnel.

14. B. EAP-FAST uses the Protected Access Credential (PAC) to create the TLS tunnel.

15. C. EAP-TLS uses client-side certificates.