US Robotics USR2450 Informacje Techniczne

1Practical Wireless IP: Concepts, Administration, and SecurityBrad C. Johnson &Philip CoxSystemExperts CorporationV 2.2 Copyright SystemExperts 2

10V 2.2 Copyright SystemExperts 2001,2002,200319Exposuresn Technology problemsn Theft of hardwaren Insecure configuration informationn Masqueradingn

100V 2.2 Copyright SystemExperts 2001,2002,2003199Building your own AP (cont.)n Operating Systemn A Unix-like operating systemn Linux and FreeBSD see

101V 2.2 Copyright SystemExperts 2001,2002,2003201Directions (cont.)n Update the kerneln Enable loadable module supportn Enable support for your othe

102V 2.2 Copyright SystemExperts 2001,2002,2003203Directions (cont.)n Configure wireless IP optionsn /etc/pcmcia/network.optsn Use private IP rangen

103V 2.2 Copyright SystemExperts 2001,2002,2003205Floppy based Wireless Gatewayn Same basic hardware requirementsn System, ISA-PCMCIA, NIC, Wireless

104V 2.2 Copyright SystemExperts 2001,2002,2003207WFG Internals (cont.)n IP Filteringn OpenBSD's IPF softwaren IP routing is enabledn Packet fil

105V 2.2 Copyright SystemExperts 2001,2002,2003209Notes:V 2.2 Copyright SystemExperts 2001,2002,2003210Notes:

106Philip [email protected] direct530-887-9253 fax978-440-9388 mainhttp://www.SystemExperts.com/Brad C. JohnsonVice

11V 2.2 Copyright SystemExperts 2001,2002,200321Theft of hardwaren Wireless stuff is smalln Wireless cards fit in a shirt-pocketn Most of the APs fit

12V 2.2 Copyright SystemExperts 2001,2002,200323Lucent Client Registry EntriesObfuscated or encryptedWEP KeySSIDV 2.2 Copyright SystemExperts 2001,2

13V 2.2 Copyright SystemExperts 2001,2002,200325Masqueradingn Client siden AP identifies system, not usern System may be used by more than one usern

14V 2.2 Copyright SystemExperts 2001,2002,200327Eavesdroppingn Indirect: listening to the network that the wireless access point is connected to (PRO

15V 2.2 Copyright SystemExperts 2001,2002,200329MAC address configurationLV 2.2 Copyright SystemExperts 2001,2002,200330Notes:

16V 2.2 Copyright SystemExperts 2001,2002,200331Notes:V 2.2 Copyright SystemExperts 2001,2002,200332Notes:

17V 2.2 Copyright SystemExperts 2001,2002,200333Where are We?n From 50,000’ to 5’n Handheld Practicalsn LAN Practicalsn *NIX and Wireless n Currentsn

18V 2.2 Copyright SystemExperts 2001,2002,200335Key Factors in Technologyn Regulationn Determines who gets what and hown In US “competition” was king

19V 2.2 Copyright SystemExperts 2001,2002,200337Major Cellular Systemsn Advanced Mobile Phone System (AMPS)n IS-54/IS-136n IS-95n Global System for M

2V 2.2 Copyright SystemExperts 2001,2002,20033Course Contentsn What is isn Wireless, focused onn IP services for laptopsn and a little on handheld an

20V 2.2 Copyright SystemExperts 2001,2002,200339GSM Securityn International Mobile Equipment Identity (IMEI) for each device to determine if device i

21V 2.2 Copyright SystemExperts 2001,2002,200341CDPDn IS-732n Uses idle voice channel or dedicated data channel depending on network configurationn I

22V 2.2 Copyright SystemExperts 2001,2002,200343Other Popular Systemsn Cingular (a.k.a. Mobitex)n Operated by Bell South and RAM Mobile Datan Data up

23V 2.2 Copyright SystemExperts 2001,2002,200345In a box …14.4kVerizon, Sprint PCS, Bell Mobility & Clearnet PCS, Airtouch, GTE, Bell Atlantic,

24V 2.2 Copyright SystemExperts 2001,2002,200347Section Contentsn Transportsn Mobile Data ServicesV 2.2 Copyright SystemExperts 2001,2002,200348Mobi

25V 2.2 Copyright SystemExperts 2001,2002,200349Mobile Data Services: Messagingn Short Messaging Service (SMS)n Available on all digital technologies

26V 2.2 Copyright SystemExperts 2001,2002,200351C-HTMLn Created by W3Cn Simplified version of HTMLn Heavily used in Japan via i-mode servicen Virtual

27V 2.2 Copyright SystemExperts 2001,2002,200353Wireless Application Protocol (WAP)n An application environmentn A set of communication protocols for

28V 2.2 Copyright SystemExperts 2001,2002,200355WAP Protocol LayersWireless Application Environment (WAE)ApplicaitonWireless Session Protocol (WSP)Se

29V 2.2 Copyright SystemExperts 2001,2002,200357Gap in WAPWAP Gateway ClientWTLSSSLWTLSSSLEncrypt DecryptPlain TextHTTP SERVERV 2.2 Copyright System

3V 2.2 Copyright SystemExperts 2001,2002,20035Where are We?n From 50,000’ to 5’ in about 24 slidesn Threatsn Handheld Practicalsn LAN Practicalsn

30V 2.2 Copyright SystemExperts 2001,2002,200359What Really Matters?n Securityn Encryption options by…n the Bearern the Applicationn WTLSn Device cos

31V 2.2 Copyright SystemExperts 2001,2002,200361Where are We?n From 50,000’ to 5’n Handheld Practicalsn LAN Practicalsn *NIX and Wireless n Currentsn

32V 2.2 Copyright SystemExperts 2001,2002,200363Wireless LAN Technologiesn Made up of three primary semi-competing technologiesn IEEE 802.11 {802.11b

33V 2.2 Copyright SystemExperts 2001,2002,200365802.11 Local Area Wirelessn IEEE 802.11 makes up the majority of Wireless LANsn 802.11b (a.k.a. Wi-Fi

34V 2.2 Copyright SystemExperts 2001,2002,200367Current 802.11 Securityn Privacyn Wired Equivalent Privacy (WEP)n Authenticationn Shared keyn Open sy

35V 2.2 Copyright SystemExperts 2001,2002,200369More on WEP Keysn Standard says 40bit, but many vendors support or 128 bitn 40bit is actually 64bit:

36V 2.2 Copyright SystemExperts 2001,2002,200371WEP Encryption Stepsn Integrity Check Value computedn Checksum of payload (i.e., plaintext) using CRC

37V 2.2 Copyright SystemExperts 2001,2002,200373WEP Decryption Stepsn Use key number to get private keyn Use sent IV to generate keystreamn RC4(IV,Ke

38V 2.2 Copyright SystemExperts 2001,2002,200375128-bit Version (WEP2)n Stronger Keyn Non-standard, but in wide usen 104-bit key instead of 40-bit in

39V 2.2 Copyright SystemExperts 2001,2002,200377The Major WEP Problemsn Key Generatorsn Keystream Reusen RC4 Key Scheduling Algorithmn Message Authen

4V 2.2 Copyright SystemExperts 2001,2002,20037Wireless Component OverviewPSTNWiredNetworkGateway802.11PDAWEBWAPAPPServerGatewayThis CourseThis Course

40V 2.2 Copyright SystemExperts 2001,2002,200379Problem: Keystream Reusen The shared key is static and rarely changedn Randomness of key stream depen

41V 2.2 Copyright SystemExperts 2001,2002,200381Problem: Key Scheduling Algorithm of RC4n Documented by Scott Fluhrer, Itsik Mantin and Adi Shamirn P

42V 2.2 Copyright SystemExperts 2001,2002,200383Problem: Message Authenticationn The Cyclical Redundancy Check (CRC) chosen for the authentication is

43V 2.2 Copyright SystemExperts 2001,2002,200385Current Status of WEP (cont)n Use AES vice RC4n 802.1X rekey be accepted as normative textn “WEP2” to

44V 2.2 Copyright SystemExperts 2001,2002,200387Other 802.11b Authentication Mechanismsn Closed network (no broadcast SSID)n Enhanced Security Networ

45V 2.2 Copyright SystemExperts 2001,2002,200389ESN: The Wireless Security Future?n Defined in the 802.11 Security Baseline n Depends on 802.1Xn Prot

46V 2.2 Copyright SystemExperts 2001,2002,200391Future 802.11 Security Enhancementsn Standard 128-bit WEP encryption (WEP2)n Already implemented by a

47V 2.2 Copyright SystemExperts 2001,2002,200393Let’s take a look…Jn 802.11b packetsn Beaconn Probe Requestn Open AuthenticationFC2 bytesCRC4 bytesDa

48V 2.2 Copyright SystemExperts 2001,2002,200395Notes:V 2.2 Copyright SystemExperts 2001,2002,200396Notes:

49V 2.2 Copyright SystemExperts 2001,2002,200397Section Contentsn 802.11n Access Points 101n Deployment ExamplesV 2.2 Copyright SystemExperts 2001,2

5V 2.2 Copyright SystemExperts 2001,2002,20039Single Function Device Migrationn Handheldn Cellular Phonen voice and datan increasing speedsn more com

50V 2.2 Copyright SystemExperts 2001,2002,200399Frequency Overlap1 6 111098754322400 2500Frequency (US)Channels start at 2414MHz, increase by 5MHz, a

51V 2.2 Copyright SystemExperts 2001,2002,2003101Extension PointWireless Extension PointRangeV 2.2 Copyright SystemExperts 2001,2002,2003102Access P

52V 2.2 Copyright SystemExperts 2001,2002,2003103Placement (cont.)V 2.2 Copyright SystemExperts 2001,2002,2003104Placement (cont.)n Developing confi

53V 2.2 Copyright SystemExperts 2001,2002,2003105Placement, 3 DimensionalV 2.2 Copyright SystemExperts 2001,2002,2003106Capacity and Bandwidthn Maxi

54V 2.2 Copyright SystemExperts 2001,2002,2003107Capacity and Bandwidth (cont.)n Stays “higher” because ofn Reducing size of coverage areasn Reducing

55V 2.2 Copyright SystemExperts 2001,2002,2003109Anatomy of 802.11bn Looking at some of the guts of the protocol to help us understand:n Modulation d

56V 2.2 Copyright SystemExperts 2001,2002,2003111Anatomy of 802.11b: the waven …then the wireless radio generates a 2.4 GHz wave and modulates it…n 1

57V 2.2 Copyright SystemExperts 2001,2002,2003113Congestion (cont.)n Each station listens to the networkn 1ststation to finish it’s allocated slot ti

58V 2.2 Copyright SystemExperts 2001,2002,2003115Anatomy of 802.11b: Hidden Node Problemn AP P sees A, B, and C, but A and C can’t see each other (s

59V 2.2 Copyright SystemExperts 2001,2002,2003117Hidden Node Problem: Let’s try it againn 802.11n basically designed for indoor, relatively short dis

6V 2.2 Copyright SystemExperts 2001,2002,200311802.11bn Unlicensed 2.4 GHz band n Uses direct-sequence spread-spectrum (DSSS)n Frequency-Hopping FHSS

60V 2.2 Copyright SystemExperts 2001,2002,2003119Surprising Resultswith RTS/CTSPollingWhat does this mean?In certain circumstances, the method used m

61V 2.2 Copyright SystemExperts 2001,2002,2003121Anatomy of 802.11b: Roamingn More than 1 AP providing signals to a single clientn The client is resp

62V 2.2 Copyright SystemExperts 2001,2002,2003123Important Concepts: Strength vs. Qualityn Received Signal Strength n Signal energy at the location o

63V 2.2 Copyright SystemExperts 2001,2002,2003125IEEE IAPPn Accomplishes roaming within a subnetn Basically, within a corporate wireless LANn 2 trans

64V 2.2 Copyright SystemExperts 2001,2002,2003127Wi-FI Roaming (cont.)n 802.11bn Boot up with correct SSID for Wi-Fi networkn Local WISP login screen

65V 2.2 Copyright SystemExperts 2001,2002,2003129Configuring an Access Pointn How to manage itn HTTP, Telnet, SNMP or Serial Interfacen Security Sett

66V 2.2 Copyright SystemExperts 2001,2002,2003131Notes:V 2.2 Copyright SystemExperts 2001,2002,2003132Notes:

67V 2.2 Copyright SystemExperts 2001,2002,2003133Section Contentsn 802.11n Access Points 101n Deployment ExamplesV 2.2 Copyright SystemExperts 2001,

68V 2.2 Copyright SystemExperts 2001,2002,2003135Wireless at a Conferencen Goalsn Reduce time to setup fully functional temporary network resourcesn

69V 2.2 Copyright SystemExperts 2001,2002,2003137CyberCafen Typically an Open APn Use a captive portal to allow accessn Costlyn Starbucks is one of t

7V 2.2 Copyright SystemExperts 2001,2002,200313802.11bn Physical Layern Physical Medium Dependent (PMD) –wireless encodingn Physical Layer Convergenc

70V 2.2 Copyright SystemExperts 2001,2002,2003139Notes:V 2.2 Copyright SystemExperts 2001,2002,2003140Notes:

71V 2.2 Copyright SystemExperts 2001,2002,2003141Where are We?n From 50,000’ to 5’n Handheld Practicalsn LAN Practicalsn *NIX and Wirelessn Currentsn

72V 2.2 Copyright SystemExperts 2001,2002,2003143Linux Sniffer: How-ToDirections at Tim Newsham’s site http://www.lava.net/~newsham/wlann Get an SMC2

73V 2.2 Copyright SystemExperts 2001,2002,2003145Sniffer Observationsn It works! Its Linux! Its free!n Only one channel at a time Ln You can write a

74V 2.2 Copyright SystemExperts 2001,2002,2003147Home Spun Access Pointn What is itn A system that gateways between the wireless and wired networksn

75V 2.2 Copyright SystemExperts 2001,2002,2003149Directions (cont.)n Harden the rest of the system (read: TURN OFF ALL UNUSED SERVICES)n Keep the PCM

76V 2.2 Copyright SystemExperts 2001,2002,2003151My Observationsn Functionality is limited in some instancesn IBSS onlyn WLAN-NG supposedly supports

77V 2.2 Copyright SystemExperts 2001,2002,2003153OpenAPn OpenAP http://opensource.instant802.com/n Open-source softwaren Fully 802.11b compliant wire

78V 2.2 Copyright SystemExperts 2001,2002,2003155Notes:V 2.2 Copyright SystemExperts 2001,2002,2003156Notes:

79V 2.2 Copyright SystemExperts 2001,2002,2003157Where are We?n From 50,000’ to 5’n Handheld Practicalsn LAN Practicalsn *NIX and Wireless n Currents

8V 2.2 Copyright SystemExperts 2001,2002,200315802.11b Frame Controln 3 types of 802.11b packetsn Management (type 00)n {association, re-association,

80V 2.2 Copyright SystemExperts 2001,2002,2003159802.11a Spectrumn 3 primary non-contiguous bandsn 100MHz each band with power restrictionsn split in

81V 2.2 Copyright SystemExperts 2001,2002,2003161802.11a Coveragen 802.11a signals lose strength more quicklyn Higher frequencies lose power more qui

82V 2.2 Copyright SystemExperts 2001,2002,2003163802.11a Problemsn Use of 5 GHz band will cause contention in different parts of the worldn Remember

83V 2.2 Copyright SystemExperts 2001,2002,2003165Notes:V 2.2 Copyright SystemExperts 2001,2002,2003166Notes:

84V 2.2 Copyright SystemExperts 2001,2002,2003167Where are We?n From 50,000’ to 5’n Handheld Practicalsn LAN Practicalsn *NIX and Wireless n Currents

85V 2.2 Copyright SystemExperts 2001,2002,2003169Antennas: Basicsn A radiation pattern is a diagram that allows us to visualize in what directions th

86V 2.2 Copyright SystemExperts 2001,2002,2003171Antennas: Dipolen Most common antenna and the default type on most APsn Usually a 1-inch radiating e

87V 2.2 Copyright SystemExperts 2001,2002,2003173Antennas: Directionaln Directional antenna concentrate their energy into a conen Known as a beamn Ra

88V 2.2 Copyright SystemExperts 2001,2002,2003175Antennas: PCMCIA Cardsn Their terrible, awful, did I mention yuck?n It’s hard to form antennas onto

89V 2.2 Copyright SystemExperts 2001,2002,2003177Antennas: More Factsn Constant trade-off of range and throughputn Remember that the “low” speed of 1

9V 2.2 Copyright SystemExperts 2001,2002,200317802.11b BSSn Basic Service Set (BSS)n Infrastructure moden Uses an AP to connect clients to a wired ne

90V 2.2 Copyright SystemExperts 2001,2002,2003179Notes:V 2.2 Copyright SystemExperts 2001,2002,2003180Notes:

91V 2.2 Copyright SystemExperts 2001,2002,2003181Reviewn Why is it basically impossible to get full 2, 5.5, or 11 Mbps?n What’s the common management

92V 2.2 Copyright SystemExperts 2001,2002,2003183The Endn Thank you for attending!n Thank you for your comments!n Please fill out the Instructor Eval

93V 2.2 Copyright SystemExperts 2001,2002,2003185Referencesn Access Pointsn www.cisco.com/warp/public/cc/pd/witc/ao340ap/n www.apple.com/airport/spec

94V 2.2 Copyright SystemExperts 2001,2002,2003187References (cont.)n Reference materialn www.cmu.edu/computing/wireless/index.htmln www.teleport.com/

95V 2.2 Copyright SystemExperts 2001,2002,2003189Wireless Stuffn Wireless performance articlen www.networkcomputing.com/1113/1113f2full.htmln IEEE 80

96V 2.2 Copyright SystemExperts 2001,2002,2003191Glossary3G (third generation) An industry term used to describe the next, still-to-come generation o

97V 2.2 Copyright SystemExperts 2001,2002,2003193Glossary(cont.)GPRS (general packet radio service) A technology that sends packets of data across a

98V 2.2 Copyright SystemExperts 2001,2002,2003195Glossary(cont.) WCDMA (wideband CDMA) A third-generation wireless technology under development that

99V 2.2 Copyright SystemExperts 2001,2002,2003197Apple AirportGold 128 bit cardSilver 64 bit cardV 2.2 Copyright SystemExperts 2001,2002,2003198Buil