Last updated:
02/07/03

Dept. homepage
U. of Mn

Useful Computer Resources

206 Lab Resources

How To ...

Search

Table of contents:

What wireless is
and is NOT
 Wireless is insecure
- there are many ways to attack
- easily sniffed or hijacked

Security:
Why the user should care,
an Overview. Sniffing Telnet
Sniffing SSH
Sniffing Web
Wireless Card is insecure

Speed Issues

Reliability:
-Easily blocked
-Interference

What can an Enduser do?

Wirewall:
-Is and Is Not
-How it works

Using Wireless Safely:
-SSH
-SSL (Web)
-SSL (E-mail)

References

Wireless Security for the End-User

What everyone should need to know before using Wireless technology at the University of Minnesota (and other places).

Copyright © terms
Note: There are many terms and definitions in this document. Most will be defined in the document, but further documentation will often be linked to TechWeb. Such terms will be followed by an * MP> (Actually, Techweb doesn't allow direct links anymore. I'll be replacing these links with others soon)

This page is still under construction. The version saved out of Powerpoint is much more up to date.

What Wireless is:
  • Ethernet* (networking) capability over radio waves instead of physical wires.
    - The current technology, 802.11b, runs in the 2.4Ghz unlicensed radio range, just like many cordless phones and other devices. Future technology will run in the 5Ghz range, which will have more bandwidth but lesser range. A more thorough and advanced definition of wireless can be found at TechWeb.
  • A tool for convenience, for when mobility is required in computing
  • A solution for when short-term connections are needed.
  • A technology which can solve problems which are unsolvable for various reasons with wired technology, i.e.:
    - Places where putting in more wires is difficult or impossible due to asbestos or other concerns.
    - Large open areas such as atriums where wires are impractical.
    - Classrooms.
What Wireless is not:
  • Wireless is not a replacement for wired connections via a Ethernet jack in the wall.
  • Wireless is not secure, fast or reliable.

Wireless is inherently insecure

There are many ways to disrupt or hijack a wireless session.
Putting up a rogue access point, (which the end user may or may not notice):

Rouge Access Point

Hijack the MAC address of the client computer (which would kick the user off of the network, much as if the user had lost their connection), sniff the wireless traffic:

Sniffing a wireless connection

and more. But by far the easiest way for a malicious person to get info is simply to listen (sniff), and crack the WEP code if necessary.

The following is simply an example of the many attacks that can be run against Wireless Networks. Details won't be given here, but are available elsewhere. (list by Akash Malhotra)

  • Insertion Attack
  • SSID Attack
  • Jamming
  • Mac Spoofing
  • Encryption Attack
  • Malicious Association
  • Man in the Middle Attack

Security: Why the user should care

System Administrators are often asked by users: "Why should I care about security? Nothing I do is confidential."

Are you Sure?
  • Think about your password. On how many systems do you use it? E-mail, file server, your on-line banking/brokering, One-click buying at Amazon.com (where they have your credit card # on line). Airline reservation sites or travel agents.
  • If someone gets your password, they can access any of those.
  • Always use different passwords on different systems. That way, if one password gets compromised, the rest of your accounts will still be protected.
  • Is any student information (IDs, grades, etc) ever sent in e-mail? There are legal issues regarding the safety and accessibility of information. Are you practicing Due Diligence?

  • What if someone accessed your e-mail and sent a threatening or harassing e-mail to someone? How could you prove it wasn’t you?
Sniffing* wireless traffic is trivially easy with free, easy to download, easy to use software.

(Note the Restrictions against using sniffers on the University Network. These security incidents are taken quite seriously.)

This is what a basic telnet session might look like to an end user:

Sniffing a telnet session: What the telnet session looks like to the end user

In the image above, a person is logging into an e-mail system to check her e-mail. If that session is being sniffed, this is what the sniffer might see:

Sniffing a telnet session: What the same telnet session looks like to a person using sniffing software

The gems are in red. The username and password of this user is clearly visible TO ANYONE WITHIN RECEPTION DISTANCE. And it is easy to buy, or make for less than $10, directional i antennae that greatly improve the reception distance.

(To be fair, wired connections can be sniffed as well, but that has become less likely in the 'switched'* networks of today. But still, encrypt if you can! Also see Layer 3 router*, and Vlan*.)

Once the cracker has the username and password, they can log in at their discretion, and either mess with the user, or use the user's account to break into the system further. In contrast, a sniffer gets very little from sniffing an SSH session:

Sniffing an SSH session: the sniffer gets nothing but information on the software being used.

Not much information available here! The coherent information is simply information on which SSH software is being used by the server and the client, and some of the settings. A truly talented person can use this for nefarious purposes, but to most people it's not much use. The encrypted data is what appears as gibberish, and is inaccessible even to the talented.

Information passed by a web browser can be similarly sniffed:

A google search window
(click on image for full-size)

The search term is "Semi-Brittle Shear zone", a geologic term.

Here is that session as seen by a sniffer:

google session being sniffed
(click on image for full-size)

The search data has been highlighted in red. This is a simple session, but passwords, credit card numbers and other data can be gathered the same way. And this is not a problem with Google, it's inherent in the web browsing protocol.

Any internet software can be sniffed. FTP, audio and video downloads, or anything else which isn't encrypted. Some are harder to sniff then others, but all are possible.

***more stuff here?***

The wireless card itself is also a new avenue of attack

Your hard drive is accessible. If you're not actively using the card, disable it or remove it.

cracker attacking through a wireless card.

Your wireless card can be attacked by anyone else in the vicinity who also has a wireless card, regardless of whether they have access to the U's wireless or not. The card talks in radio frequencies, so it doesn't matter. They just have to be in range. In contrast, a person who wants to attack via the wires has to be physically plugged in somewhere, and has to know either your IP address, your computer name, or be scanning for you. This can happen over a much longer distance, though. Wireless attacks are, by definition, local.

Security solutions

It is possible to be mostly safe using wireless technology, but the end user must be very careful. More below.

Speed

Wired connections are much faster than wireless.

Relative speeds of Wireless vs. wired connections.

  • Wireless is considerably slower than wires.
  • And it's going to be even more slow (relatively):
  • Ethernet jacks in Pillsbury Hall are currently 10bT in speed. This means they can send/receive 10 MegaBits (10M bits) of data per second. Soon, (in the next six months, hopefully) we'll be at 100bT (100 MegaBits) to the desktop.
  • The access points used by the University are rated at 11MegaBits speeds. But this is a rating assuming no overhead, a perfect connection, and no other users on the system.
  • It doesn't take much to have the wireless connection slow down to modem-like speeds.
  • Unless the user is sitting exactly next to the access point, the best speed they might get is 7Megabits, and as soon as there is any interference, the speed drops dramatically.
  • If there are other users, the available bandwidth is split between them. In addition, more users create more interference, so the speed goes down even further.

Wireless is unreliable: its easily blocked



Blocked by a human hand:

This shows how the strength of the signal is decreased by placing a hand over the wireless card. (Green is good signal, Red is interference, Purple is dropped signal). On a weak connection, this is easily enough to disconnect the wireless connection.

Wireless is unreliable: lots of interference

Interference by other technology:

This shows how much inter-ference is added by using a 2.4GHz cordless phone near the wireless card. (Green is good signal, Red is interference, Purple is dropped signal).

So, what can the user do about...
  • Speed: Well, nothing, except get a better signal (move closer, remove obstacles).
  • Reliability: Again, not much. Laws of physics are fairly immutable, after all. Next Generation access points may have some other solutions: different bandwidths, more redundancy in the data transfer, etc.
  • Security: Lots! That's what most of the rest of this presentation is about.

How Wireless works at U. Mn.
(Wirewall)
  • In a University environment the size of the U. Mn, it is impossible to have a standard of Operating System/wireless card.
  • Therefore, many of the advanced security tools available to some wireless vendors is not available to the University in general. The system has to remain as un-proprietary as possible.
  • Therefore, a generic OS/Wireless Card system for authenticating users was developed: the WireWall project, created by OIT.
What the Wirewall is and is not:
  • The Wirewall is the Firewall* for the wireless network, hence, "Wirewall."
  • The Wirewall provides Authentication -- it knows who is logged in, using X.500 (central) authentication.
  • The Wirewall allows roaming -- It is implemented all over campus.
  • The Wirewall does not provide security or reliability.

How the Wirewall works:

  • The user starts up their machine, and opens a web browser to go to their favorite site.
  • The Wirewall sees the connection request, and redirects the user to the Wirewall Login page.

The authentication process is encrypted, but nothing else is!
In all of these images, arrows and lines in GREEN mean the connection is encrypted. Lines and arrows in RED mean the connection is not encrypted.
  • As the user encounters the Wirewall, they'll be asked to log in using their X.500 username and password:
The X.500 Wireless Login Screen
This authentication process IS encrypted
  • The Wirewall sends the authenticfation data to the X.500 (central authentication server) and checks to make sure that the user is OK.

(Green = encrypted, Red = unencrypted)
  • The X.500 server sends back a 'yes' or 'no.'
  • If 'yes,' the Wirewall server opens a connection for that client (laptop) for a certain amount of time.
  • This whole process is encrypted.
  • After the authentication process finishes, the Wirewall redirects the client back out to the original website.

(Green = encrypted, Red = unencrypted)
  • From here on out, unless the client is using their own encryption, everything is insecure.
  • This authentication process must be followed before the client is allowed past the wirewall onto the University network and/or the Internet.

Using Wireless Safely
  • Be Smart and Aware
  • Disable the Wireless card unless it is in use.
  • Use Encryption
    • VPN (Virtual Private Network)
    • SSH (for telnet,FTP,X-windows, etc.)
    • SSL (E-Mail, Web Browsing)

Be Smart and Aware
  • Always keep in mind that the information you may be transmitting might be confidential, important, legally protected, or potentially damaging.
  • If it is any of those things, take steps to be safe.
  • But always remember, part of the process will be out of your control. Do you trust the entire system/process?

Use Encryption
  • VPN (Virtual Private Network)
  • SSH (Secure Shell)
    (for telnet,FTP,X-windows, etc.)
  • SSL (Secure Socket Layer)
    (E-Mail, Web Browsing)

VPN Overview

See the U's VPN Page for details, instructions on how to set it up, and how to use it.

VPN overview
(Green = encrypted, Red = unencrypted)

VPN Advantages

  • Encrypts all of the data from the client to the VPN server, not just certain applications.
  • Compresses data; can speed up connection.
  • Bypasses Wirewall Authentication and authenticates on the VPN server.
  • Easy to use once is set up.
  • Easy to install.

VPN Disadvantages

  • Does not encrypt anything beyond the VPN server.
  • All encryption slows down the connection, but this is probably offset by the compression.
  • Has to be set up in advance.

SSH / SSL Overview
  • SSH and SSL are both single-connection encryption methods which should be used whenever possible.
  • SSH -- tends to be used by telnet/ftp-like applications such as SFTP/SCP and tunneling.
  • SSL -- tends to be used by E-mail and Web connections.

SSH/SSL: Advantages
  • Encrypts data all the way from the client to the destination server.
  • Can be used for multiple destinations.
  • Easy to use once is set up.
SSH/SSL Disadvantages:
  • Only encrypts the data using the SSH / SSL channel.
  • All encryption slows down the connection.
  • SSH: Each connection needs a different setup.
SSH Usage and Resources: Windows/PC: Mac: Updated SSH client info at OpenSSH Client page
SSL Usage: Web In Web Browsers:
  • Generally initiated by Server, and user is redirected to a secure site, often after a login page.
  • Confirm by checking Lock icon in the lower left or right hand of web-pages.
    Lock icon

SSL Usage: E-Mail E-Mail:

The wireless card itself is a new avenue of attack.
  • Your hard drive is accessible. If you're not actively using the card, disable it or remove it.
  • If you have both your wired connection and your wireless connection, plugged in and turned on, a hacker can use the wireless access to "bridge" over and access the wired network.
cracker attacking through a wireless card.

Remember:
Surf Smart
Surf Safely

References:

Legal issues: Clipart sources:
Copyright © 2002 by the Regents of the University of Minnesota (except clipart, which is copyrighted by its owners, see References).
Author: Karen Swanberg, Department of Geology and Geophysics, University of Minnesota.
This presentation, as well as Information in this presentation, may be used in whole or in part as long as the original source and author is credited on the displayed page (I.e. not in the metadata of a webpage) and a link is made back to the original.

footer