MSCS654 Unit 2
RC4
The RC stands for Ron's code, and RC4 may also be known as ARC4 or ARCFOUR. This cipher is used with WEP and TKIP, both discussed earlier in this chapter. The vulnerability with WEP was not necessarily RC4 but the plaintext 24-bit initialization vector (IV) used to create the encrypted ciphertext. TKIP also uses the RC4 stream cipher, but enhancements such as a message integrity check (MIC) help to secure the weaknesses that were in WEP.
WIDS
The Wireless Intrusion Detection System (WIDS) in LCOS devices monitors the different WLANs by using a wide range of specified thresholds. If a potential attack is detected, the system reports it immediately via e-mail, SYSLOG, or SNMP traps. Attacks are detected by monitoring for known or similar patterns. The WIDS configuration is either done directly on the AP or by means of a WIDS profile assigned to the AP by a WLC.
Robust Secure Networks (RSN)
This 802.11 authentication method is defined by the IEEE 802.11 standard as a null authentication algorithm. IEEE 802.11 open system authentication is the only valid IEEE 802.11 authentication process allowed with newer wireless LAN security amendments and interoperability certifications for the network to be considered a robust security network (RSN).
Hotspots and Captive Portals
A wireless hotspot is defined as a location that offers wireless network connectivity for free or as for-profit public or patron services. It allows a variety of mobile devices (computers, tablets, smartphones, and so on) to connect to and access public Internet and private network resources. Many users work from remote locations and require Internet access as part of their job. This can include access from a wireless hotspot. A captive portal, sometimes called a walled garden, is a web page redirection that a wireless device user is presented with after performing an IEEE 802.11 open system authentication and IEEE 802.11 association when connecting to a wireless (Wi-Fi) network. Captive portals are not limited to Wi-Fi networks, but this is one network type where they are often used. In order for the user to access permitted resources or gain wireless network access, a web page will require them to authenticate in some way, which may include the following: Entering user credentials (username and password) Inputting payment information Agreeing to terms and conditions
AES
Advanced Encryption Standard is a strong encryption algorithm that is widely used in modern day wireless networks. In conjunction with CCMP encryption, it is considered unbreakable and is the required cipher suite for IEEE 802.11i compliance and WPA2-certified devices. AES uses a larger block size of 128 bits (recall 64 bits with DES and 3DES) and three possible key lengths of 128, 192, and 256 bits.
CCMP
Counter Mode with Cipher-Block Chaining Message Authentication Code Protocol (CCMP) is a mandatory part of the IEEE 801.11i amendment, now in the IEEE 802.11-2012 standard and part of Wi-Fi Protected Access 2.0 (WPA2) certification from the Wi-Fi Alliance. CCMP uses the Advanced Encryption Standard (AES) algorithm block cipher. CCMP capability is mandatory for robust security network (RSN) compliance. If an RSN is required to comply with an industry or government regulation, CCMP must be used. CCMP is also intended as a replacement to TKIP. Because of the strong encryption CCMP provides, it may require replacement of legacy wireless hardware devices that are not capable of the newer technology.
802.1X/EAP (CCMP/AES) [how does this relate to WEP, TKIP, RC4, WPA/WPA2]
IEEE 802.1X standard is simply a standard for passing EAP over a wired or wireless LAN. With 802.1X, you package EAP messages in Ethernet frames and don't use PPP. This is used for authentication. 802.1X uses three terms; the user or client that wants to be authenticated is called a supplicant. The actual server doing the authentication, typically a RADIUS server, is called the authentication server. And the device in between, such as a wireless access point, is called the authenticator. Like WEP, TKIP, RC4, WPA, and WPA2 this is another authentication method and an IEEE standard.
WPA/WPA2
It is important not to confuse legacy IEEE 802.11 shared-key authentication with modern WPA pre-shared key. WPA and WPA2 pre-shared key is used with personal mode authentication and passphrases. When you enter a passphrase into an access point or wireless client device an algorithm defined in the IEEE 802.11i amendment will create a 256-bit pre-shared key. Prior to the ratification of the IEEE 802.11i amendment to the standard, wireless LAN VPN technology was prevalent in enterprise deployments as well as in remote access security solutions. Since wireless LAN Layer 2 security solutions have become stronger (mostly thanks to the 802.11i amendment and the Wi-Fi Alliance WPA and WPA2 certifications), VPN technology is not as widely used, if at all, within internal enterprise wireless LANs. However, VPNs still remain a very powerful security solution for remote access in IEEE standards-based wired and wireless networking, as well as cellular communications.
SIEM/Mobile Device Log Files
Security Information and Event Management (SIEM) tools are a combination of two older technologies known as Security Event Management (SEM) and Security Information Management (SIM). A SIEM system is designed to digest the sea of log and network data that an organization produces on a daily basis into actionable information that can be used to improve an organization's security posture. It is also used to gain awareness of emerging threats in the enterprise environment.
TKIP
Temporal Key Integrity Protocol (TKIP) was designed as a firmware upgrade to WEP. This provided a fix for some of the inherent flaws with WEP and an interim solution pending the release of the IEEE 802.11i amendment, which specified CCMP/AES to provide a strong security solution. TKIP added several enhancements to the WEP algorithm and was the foundation for the Wi-Fi Protected Access (WPA) certification from the Wi-Fi Alliance. These enhancements are as follows: Per-packet key mixing of the IV to separate IVs from weak keys A dynamic rekeying mechanism to change encryption and integrity keys 48-bit IV and IV sequence counter to prevent replay attacks Message integrity check (MIC) to prevent forgery attacks Use of the RC4 stream cipher, thereby allowing backward compatibility with WEP
WPS
Wi-Fi Protected Setup (WPS) was defined because SOHO users wanted a simple way to provide the best security possible for their installations without the need for extensive technical knowledge of wireless networking. Wi-Fi Protected Setup provides strong out-of-the-box setup adequate for many SOHO implementations. The Wi-Fi Protected Setup certification requires support for two types of authentication that enable users to automatically configure network names and strong WPA2 data encryption and authentication: Push-button configuration (PBC) allows for quick setup for consumer-grade Wi-Fi equipment. Typically a hardware button on the router is pushed and within two minutes a software "button" on the client device is pushed. The intent is to provide easy, secure setup for the home wireless network. PIN-based configuration is based on a personal identification number. It is similar to PBC, but with this method a PIN is entered on all devices that you wish to connect together on the same wireless network.
WEP
Wired Equivalent Privacy (WEP), defined by the IEEE 802.11 standard, was intended to prevent casual eavesdropping. WEP was compromised early on, making wireless LANs vulnerable to intrusion and providing little if any security.