3.4 Given a scenario, install and configure wireless security settings.
EXTENSIBLE AUTHENTICATION PROTOCOL/IEEE 802.1X- Authentication protocols
- Extensible Authentication Protocol (EAP)Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication provides a framework for deploying multiple types of authentication protocols and technologies. EAP allows lots of different authentication methods, but many of them use a digital certificate on the server and/or client machines. This allows the machines to establish a trust relationship and create a secure tunnel to transmit the user credential or to perform smart-card authentication without a user password IEEE 802.1X A standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authenticationA standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication Where EAP provides the authentication mechanisms, the IEEE 802.1X Port-based Network Access Control (NAC) protocol provides the means of using an EAP method when a device connects to an Ethernet switch port, wireless access point (with enterprise authentication configured), or VPN gateway. 802.1X uses authentication, authorization, and accounting (AAA) architecture: EAP • Extensible Authentication Protocol (EAP) - An authentication framework • Many different ways to authenticate based on RFC standards - Manufacturers can build their own EAP methods • EAP integrates with 802.1X - Prevents access to the network until the authentication succeeds IEEE 802.1X • IEEE 802.1X - Port-based Network Access Control (NAC) - You don't get access to the network until you authenticate • Used in conjunction with an access database - RADIUS, LDAP, TACACS+ IEEE 802.1X and EAP • Supplicant -the device requesting access, such as a user's PC or laptop - The client • Authenticator - The device that provides access • Authentication server - Validates the client credentials
EAP-TLS (EAP-Transport Layer Security) -Authentication protocols
An EAP method that enables a client and server to establish a secure connection without mandating a client-side certificate. one of the strongest types of authentication and is very widely supported. An encrypted Transport The supplicant will typically provide a certificate using a smart card or a certificate could be installed on the client device, possibly in a Trusted Platform Module (TPM it uses a server-side certificate to establish a protected tunnel through which the user's authentication credentials can be transmitted to the authentication server. The main distinction from PEAP is that EAP-TTLS can use any inner authentication protocol (PAP or CHAP, for instance), while PEAP must use EAP-MSCHAP or EAP-GTC. EAP Transport Layer Security - Strong security, wide adoption - Support from most of the industry • Requires digital certificates on the AS and all other devices - AS and supplicant exchange certificates for mutual authentication - TLS tunnel is then built for the user authentication process • Relatively complex implementation - Need a public key infrastructure (PKI) - Must deploy and manage certificates to all wireless clients - Not all devices can support the use of digital certificates
Counter Mode -Cryptographic protocols
Counter mode makes the AES algorithm work as a stream cipher. Counter mode applies an IV plus an incrementing counter value to the key to generate a keystream. The keystream is then XOR'ed to the data in the plaintext blocks. Each block can be processed individually and consequently in parallel, improving performance. counter modes do not need to use padding. Any unused space in the last block is simply discarded. XOR is a logical operation that outputs 1 only when the inputs are 1 and 0
The WPA2 PSK problem - Cryptographic protocols
The WPA2 PSK problem • WPA2 has a PSK brute-force problem - Listen to the four-way handshake - Some methods can derive the PSK hash without the handshake - Capture the hash • With the hash, attackers can brute force the pre-shared key (PSK) • This has become easier as technology improves - A weak PSK is easier to brute force - GPU processing speeds - Cloud-based password cracking • Once you have the PSK, you have everyone's wireless key - There's no forward secrecy
Remote Authentication Dial-In User Service (RADIUS) (authentication protocols)
This allows the client to authenticate to the server. the client is the access device (switch, access point, or VPN gateway), not the user's PC or laptop Access-Request to the AAA server using UDP on port 1812 (by default) NAS can use RADIUS for accounting (logging). Accounting uses port 1813 The accounting server can be different from the authentication server. RADIUS (Remote Authentication Dial-in User Service) • One of the more common AAA protocols - Supported on a wide variety of platforms and devices - Not just for dial-in • Centralize authentication for users - Routers, switches, firewalls, server authentication, remote VPN access, 802.1X network access • Use RADIUS with federation - Members of one organization can authenticate to the network of another organization - Use their normal credentials • Use 802.1X as the authentication method - And RADIUS on the backend - EAP to authenticate
Enterprise vs. Open
Wireless security modes • Configure the authentication on your wireless access point / wireless router • Open System - No password is required • WPA3-Personal / WPA3-PSK - WPA3 with a pre-shared key - Everyone uses the same key - Unique WPA3 session key is derived from the PSK using SAE (Simultaneous Authentication of Equals) • WPA3-Enterprise / WPA3-802.1X - Authenticates users individually with an authentication server (i.e., RADIUS)
Pre-Shared Key (PSK)
A shared secret that has been previously shared between parties and is used to establish a secure channel. Passphrase-based mechanism to allow group authentication to a wireless network. The passphrase is used to derive an encryption key. In WPA2, pre-shared key (PSK) authentication uses a passphrase to generate the key that is used to encrypt communications. It is also referred to as group authentication because a group of users share the same secret. When the access point is set to WPA2-PSK mode, the administrator configures a passphrase of between 8 and 63 ASCII characters. This is converted to a 256-bit HMAC (expressed as a 64-character hex value) using the PBKDF2 key stretching algorithm. This HMAC is referred to as the pairwise master key (PMK). The same secret must be configured on the access point and on each node that joins the network. The PMK is used as part of WPA2's 4-way handshake to derive various session keys.
IEEE 802.1X (authentication protocols)
A standard that authenticates users on a per-switch port basis by permitting access to valid users but effectively disabling the port if authentication fails. Where EAP provides the authentication mechanisms, the IEEE 802.1X Port-based Network Access Control (NAC) protocol provides the means of using an EAP method when a device connects to an Ethernet switch port, wireless access point (with enterprise authentication configured), or VPN gateway. 802.1X uses authentication, authorization, and accounting (AAA) architecture
Captive portals- Methods
A web page or website to which a client is redirected before being granted full network access. This will allow the client to authenticate to the hotspot provider's network (over HTTPS, so the login is secure). The portal may also be designed to enforce terms and conditions and/or take payment to access the Wi-Fi service When using open wireless, users must ensure they send confidential web data only over HTTPS connections and only use email, VoIP, IM, and file transfer services with SSL/TLS enabled. Another option is for the user to join a Virtual Private Network (VPN). The user would associate with the open hotspot then start the VPN connection. This creates an encrypted "tunnel" between the user's computer and the VPN server WPA3 can implement a mode called Wi-Fi Enhanced Open, which uses opportunistic wireless encryption (OWE). OWE uses the Dragonfly handshake to agree ephemeral session keys on joining the network. This means that one station cannot sniff the traffic from another station, because they are using different session keys. There is still no authentication of the access point, however. Captive Portal • Authentication to a network - Common on wireless networks • Access table recognizes a lack of authentication - Redirects your web access to a captive portal page • Username / password - And additional authentication factors • Once proper authentication is provided, the web session continues - Until the captive portal removes your accesss
CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) - Cryptographic protocols
CCMP provides authenticated encryption, which is designed to make replay attacks harder WPA2 and CCMP • Wi-Fi Protected Access II (WPA2) - WPA2 certification began in 2004 • CCMP block cipher mode - Counter Mode with Cipher Block Chaining - Message Authentication Code Protocol, or - Counter/CBC-MAC Protocol • CCMP security services - Data confidentiality with AES - Message Integrity Check (MIC) with CBC-MAC
Counter-Mode-CBC-MAC Protocol (CCMP) - Cryptographic protocols
Cipher Block Chaining (CBC) Mode:mode applies an initialization vector (IV) to the first plaintext block to ensure that the key produces a unique ciphertext from any given plaintext. The output of the first ciphertext block is then combined with the next plaintext block using an XOR operation. This process is repeated through the full "chain" of blocks, which (again) ensures that no plaintext block produces the same ciphertext. CBC needs to use padding to ensure that the data to encrypt is an exact multiple of the block size . CBC (Cipher Block Chaining) • A popular mode of operation - Relatively easy to implement • Each plaintext block is XORed with the previous ciphertext block - Adds additional randomization - Use an initialization vector for the first block A message authentication code (MAC) provides an authentication and integrity mechanism by hashing a combination of the message output and a shared secret key. The recipient can perform the same process using his or her copy of the secret key to verify the data. This type of authenticated encryption scheme is specified in a cipher suite as separate functions, such as "AES CBC with HMAC-SHA." implementation of this type of authenticated mode in AES CBC is vulnerable to a type of cryptographic attack called a padding oracle attack Authenticated Encryption with Additional Data (AEAD) The weaknesses of CBC arising from the padding mechanism means that stream ciphers or counter modes are strongly preferred. These use Authenticated Encryption with Additional Data (AEAD) modes of operation. In an AEAD scheme, the associated data allows the receiver to use the message header to ensure the payload has not been replayed from a different communication stream. An AEAD mode is identified by a single hyphenated function name, such as AES-GCM or AES-CCM. The ChaCha20-Poly1305 stream cipher has been developed as an alternative to AES.
Authentication Protocol (PEAP) - Authentication protocols
In Protected Extensible Authentication Protocol (PEAP), as with EAP-TLS, an encrypted tunnel is established between the supplicant and authentication server, but PEAP only requires a server-side public key certificate. The supplicant does not require a certificate. With the server authenticated to the supplicant, user authentication can then take place through the secure tunnel with protection against sniffing, password-guessing/dictionary, and on-path attacks. The user authentication method (also referred to as the "inner" method) can use either MS-CHAPv2 or EAP-GTC. The Generic Token Card (GTC) method transfers a token for authentication against a network directory or using a one-time password mechanism -PEAP must use EAP-MSCHAP or EAP-GTC. Protected Extensible Authentication Protocol - Protected EAP - Created by Cisco, Microsoft, and RSA Security • Also encapsulates EAP in a TLS tunnel - AS uses a digital certificate instead of a PAC - Client doesn't use a certificate • User authenticates with MSCHAPv2 - Authenticates to Microsoft's MS-CHAPv2 databases • User can also authenticate with a GTC - Generic Token Card, hardware token generator - PEAP must use EAP-MSCHAP or EAP-GTC.
Cryptography messer
Securing a wireless network • An organization's wireless network can contain confidential information - Not everyone is allowed access • Authenticate the users before granting access - Who gets access to the wireless network? - Username, password, multi-factor authentication • Ensure that all communication is confidential - Encrypt the wireless data • Verify the integrity of all communication - The received data should be identical to the original sent data - A message integrity check (MIC) Wireless encryption • All wireless computers are radio transmitters and receivers - Anyone can listen in • Solution: Encrypt the data - Everyone has an encryption key • Only people with the right key can transmit and listen - WPA2 and WPA3 WPA2 and CCMP • Wi-Fi Protected Access II (WPA2) - WPA2 certification began in 2004 • CCMP block cipher mode - Counter Mode with Cipher Block Chaining - Message Authentication Code Protocol, or - Counter/CBC-MAC Protocol • CCMP security services - Data confidentiality with AES - Message Integrity Check (MIC) with CBC-MAC WPA3 and GCMP • Wi-Fi Protected Access 3 (WPA3) - Introduced in 2018 • GCMP block cipher mode - Galois/Counter Mode Protocol - A stronger encryption than WPA2 • GCMP security services - Data confidentiality with AES - Message Integrity Check (MIC) with - Galois Message Authentication Code (GMAC) The WPA2 PSK problem • WPA2 has a PSK brute-force problem - Listen to the four-way handshake - Some methods can derive the PSK hash without the handshake - Capture the hash • With the hash, attackers can brute force the pre-shared key (PSK) • This has become easier as technology improves - A weak PSK is easier to brute force - GPU processing speeds - Cloud-based password cracking • Once you have the PSK, you have everyone's wireless key - There's no forward secrecy SAE • WPA3 changes the PSK authentication process - Includes mutual authentication - Creates a shared session key without sending that key across the network - No more four-way handshakes, no hashes, no brute force attacks - Adds perfect forward secrecy • Simultaneous Authentication of Equals (SAE) - A Diffie-Hellman derived key exchange with an authentication component - Everyone uses a different session key, even with the same PSK - An IEEE standard - the dragonfly handshake
WiFi Protected Access 3 (WPA3) - Cryptographic protocols
Simultaneous Authentication of Equals (SAE)—replaces WPA's 4-way handshake authentication and association mechanism with a protocol based on Diffie-Hellman key agreement. Enhanced Open—enables encryption for the open authentication method. Updated cryptographic protocols—replaces AES CCMP with the AES Galois Counter Mode Protocol (GCMP) mode of operation. Enterprise authentication methods must use 192-bit AES, while personal authentication can use either 128-bit or 192-bit. Management protection frames—mandates use of these to protect against key recovery attacks. SAE uses the Dragonfly handshake, which is basically Diffie-Helllman over elliptic curves key agreement, combined with a hash value derived from the password and device MAC address to authenticate the nodes. With SAE, there should be no way for an attacker to sniff the handshake to obtain the hash value and try to use an offline brute-force or dictionary attack to recover the password. Dragonfly also implements ephemeral session keys, providing forward secrecy. WPA3 can implement a mode called Wi-Fi Enhanced Open, which uses opportunistic wireless encryption (OWE). OWE uses the Dragonfly handshake to agree ephemeral session keys on joining the network WPA3 and GCMP • Wi-Fi Protected Access 3 (WPA3) - Introduced in 2018 • GCMP block cipher mode - Galois/Counter Mode Protocol - A stronger encryption than WPA2 • GCMP security services - Data confidentiality with AES - Message Integrity Check (MIC) with - Galois Message Authentication Code (GMAC)
Simultaneous Authentication of Equals (SAE) - Cryptographic protocols
Simultaneous Authentication of Equals (SAE)—replaces WPA's 4-way handshake authentication and association mechanism with a protocol based on Diffie-Hellman key agreement. Enhanced Open—enables encryption for the open authentication method. Updated cryptographic protocols—replaces AES CCMP with the AES Galois Counter Mode Protocol (GCMP) mode of operation. Enterprise authentication methods must use 192-bit AES, while personal authentication can use either 128-bit or 192-bit. SAE WPA3 changes the PSK authentication process - Includes mutual authentication - Creates a shared session key without sending that key across the network - No more four-way handshakes, no hashes, no brute force attacks - Adds perfect forward secrecy • Simultaneous Authentication of Equals (SAE) - A Diffie-Hellman derived key exchange with an authentication component - Everyone uses a different session key, even with the same PSK - An IEEE standard - the dragonfly handshake
Installation considerations
Site surveys -A collection of information about a location for the purposes of building an ideal infrastructure; it often contains optimum locations for wireless antenna and access point placement to provide the required coverage for clients and identifying sources of interference. - Heat maps-In a Wi-Fi site survey, a diagram showing signal strength at different locations. - WiFi analyzers -he Wi-Fi analyzer records information about the signal obtained at regularly spaced points as the surveyor moves around the area - Channel overlaps -The coverage and interference factors mean that WAPs must be positioned and configured so that the whole area is covered, but that they overlap as little as possible - Wireless access point (WAP) placement- A device that provides a connection between wireless devices and can connect to wired networks. Site surveys • Determine existing wireless landscape - Sample the existing wireless spectrum • Identify existing access points - You may not control all of them • Work around existing frequencies - Layout and plan for interference • Plan for ongoing site surveys - Things will certainly change • Heat maps - Identify wireless signal strengths Wireless survey tools • Signal coverage • Potential interference • Built-in tools • 3rd-party tools • Spectrum analyzer Wireless packet analysis • Wireless networks are incredibly easy to monitor - Everyone "hears" everything • You have to be quiet - You can't hear the network if you're busy transmitting • Some network drivers won't capture wireless information - You'll need specialized adapters/chipsets and drivers • View wireless-specific information - Signal-to-noise ratio, channel information, etc. • Try it yourself! - https://www.wireshark.org Channel selection and overlaps • Overlapping channels - Frequency conflicts - use non-overlapping channels - Automatic or manual configurations Access point placement • Minimal overlap - Maximize coverage, minimize the number of access points • Avoid interference - Electronic devices (microwaves) - Building materials - Third-party wireless networks • Signal control - Place APs where the users are - Avoid excessive signal distance Wireless infrastructure security • Wireless controllers - Centralized management of wireless access points - Manage system configuration and performance • Securing wireless controllers - Control access to management console - Use strong encryption with HTTPS - Automatic logout after no activity • Securing access points - Use strong passwords - Update to the latest firmware
WiFi Protected Access 2 (WPA2)-Cryptographic protocols
WPA2 uses the Advanced Encryption Standard (AES) cipher with 128-bit keys, deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). AES replaces RC4 and CCMP replaces TKIP. CCMP provides authenticated encryption, which is designed to make replay attacks harder WPA2 Pre-Shared Key Authentication PSK uses a passphrase to generate the key that is used to encrypt communications The administrator configures a passphrase of between 8 and 63 ASCII characters. This is converted to a 256-bit HMAC (expressed as a 64-character hex value) using the PBKDF2 key stretching algorithm. This HMAC is referred to as the pairwise master key (PMK). The same secret must be configured on the access point and on each node that joins the network. The PMK is used as part of WPA2's 4-way handshake to derive various session keys. Wi-Fi Protected Access II (WPA2) - WPA2 certification began in 2004 • CCMP block cipher mode - Counter Mode with Cipher Block Chaining - Message Authentication Code Protocol, or - Counter/CBC-MAC Protocol • CCMP security services - Data confidentiality with AES - Message Integrity Check (MIC) with CBC-MAC
PSK vs. Enterprise vs. Open (methods)
When building out a wireless network, you must decide how you are going to employ security on the network. Specifically, you need to address who will be allowed to connect, and what level of protection will be provided in the transmission of data between mobile devices and the access point. Both WPA and WPA2 have two methods to establish a connection, ____1_____ and ___2___. ______1______ is typically entered as a passphrase of up to 63 characters. This key must be securely shared between users, as it is the basis of the security provided by the protocol. The ____1____ is converted to a 256-bit key that is then used to secure all communications between the device and access point. ____1____ has one particular vulnerability: simple and short ones are at risk of brute force attempts. Keeping ____1____ at least 20 random characters long or longer should mitigate this attack vector. In ____2____ mode, the devices use IEEEE 802.1X and a RADIUS authentication server to enable a connection. This method allows the use of usernames and passwords and provides enterprise-class options such as network access control (NAC) integration, multiple random keys, instead of everyone sharing the same PSK. If everyone has the same PSK then secrecy between clients is limited to other means, and in the event of one client failure, other could be compromised. In WEP-based systems, there are two options, __________ system authentication and shared key authentication. _________ system authentication is not truly authentication, for it is merely a sharing of a secret key based on the SSID. The process is simple: the mobile client matches SSID with the access point and requests a key (called authentication) to the access point. Then the access point generates an authentication code (the key, as there is no specific authentication of the client), a random number intended for use only during that session. The mobile client uses the authentication code and joins the network. The session continues until disassociation either by request or loss of signal.
Captive portals (methods)
__________ refers to a specific technique of using an HTTP client to handle authentication on a wireless network. Frequently employed in public hot spots, this opens a web browser to an authentication page. This occurs before the user is granted admission to the network. The access point uses this simple mechanism by intercepting all packets and returning the web page for login. The actual web server that serves up the authentication page that can be in a walled-off section of the network, blocking access to the Internet until the user successfully authenticates.
EAP-FAST (EAP Flexible Authentication via Secure Tunneling) - Authentication protocols
similar to PEAP, but instead of using a certificate to set up the tunnel, it uses a Protected Access Credential (PAC), which is generated for each user from the authentication server's master key. The problem with EAP-FAST is in distributing (provisioning) the PAC securely to each user requiring access. The PAC can either be distributed via an out-of-band method or via a server with a digital certificate (but in the latter case, EAP-FAST does not offer much advantage over using PEAP). Alternatively, the PAC can be delivered via anonymous Diffie-Hellman key exchange. The problem here is that there is nothing to authenticate the access point to the user. A rogue access point could obtain enough of the user credential to perform an ASLEAP password cracking attack EAP-FAST EAP Flexible Authentication via Secure Tunneling - Authentication server (AS) and supplicant share a protected access credential (PAC) (shared secret) • Supplicant receives the PAC • Supplicant and AS mutually authenticate and negotiate a Transport Layer Security (TLS) tunnel • User authentication occurs over the TLS tunnel • Need a RADIUS server - Provides the authentication database and EAP-FAST services