IBM Wireless Security Auditor

by Denny Thomson.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on hardware  

You are here: Categories » Computers and technology » Hardware

WSA is an IBM research prototype of an 802.11 wireless LAN security auditor, running under Linux on an iPAQ PDA. WSA automatically audits a wireless network for the proper security configuration to help network administrators close any vulnerabilities before hackers try to break in. Although there are other 802.11 network analyzers out there (wlandump, ethereal, Sniffer), these tools are aimed at protocol experts who want to capture wireless packets for detailed analysis. WSA is intended for the more general audience of network installers and administrators— those who want to easily and quickly verify the security configuration of their networks, without having to understand any of the details of the 802.11 protocols.

802.11 Security Issues

The current 802.11 standard defines two security protocols: shared key authentication was designed to provide secure access control, and WEP encryption was designed to provide confidentiality. (Some vendors also try to claim that the SSID and station MAC addresses provide secure access control. As the SSID and MAC addresses are transmitted in the clear, they really don't provide any meaningful security, and are easily bypassed.)

There are several security issues with these protocols. Most importantly, WEP and shared key are optional, and turned off by default in access points. If these protocols are not turned on in even one access point, it is trivial for hackers to connect to the network, using standard wireless cards and drivers. The 802.11 signal can travel surprisingly large distances from the access point, often a thousand feet or more, allowing hackers to connect from outside the building, such as from a parking lot, or from the street. If, as is often the case, the wireless network is connected directly to a corporate intranet, this gives hackers direct access to the intranet, bypassing any Internet boundary firewalls.

The problem of "open" access points is made more difficult because of the low cost and easy availability of access points, and the difficulty of detecting them. It is not uncommon to find individuals or groups within a company who have installed rogue access points without the knowledge of the normal networking group, and without properly configuring the access point(s). These rogue access points are often difficult to detect with normal network monitoring tools, as access points are normally configured as Layer 2 bridges.

In addition, the WEP and shared key protocols have been shown to have significant cryptographic errors that permit cryptographic attacks on both the confidentiality and access control functions. (For details, see the Wagner/Goldberg paper at http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html, and the Arbaugh paper at http://www.cs.umd.edu/~waa/attack/v3dcmnt.htm). Note that while WEP and shared key are flawed, they should still be turned on, as attacks are much easier with them off.

Vendors and the IEEE are responding to the flawed protocols with fixes in several stages. In the short term, vendors are adding new authentication/key management protocols that provide secure authentication, and new WEP keys for each card, per session. In addition, in the near term, vendors are working on a tweak to WEP to make attacks more difficult, as well as a long-term complete fix.

From a management perspective, network administrators need a tool to verify that all access points are at the desired firmware revision so that they have the most current version of these 802.11 fixes.

802.11 Management Issues

A network administrator needs a convenient way to answer these questions:

  • What access points are actually installed?

  • Where are they?

  • Are they properly configured?

  • Do they have the latest firmware?

The wireless network needs to be checked periodically, as access points are easily added and modified, and as updates will be rolled out frequently. The wireless auditing tool needs to look at the actual wireless signals, as the needed information might not be available from the wired side. To monitor the wireless data, the auditor needs to be small and lightweight so it can be easily carried around a site to ensure complete analysis and review.

What Does WSA Do?

Most importantly, we wanted WSA to be easy to use, and to require absolutely no knowledge of the 802.11 protocols. WSA is not a packet dump/analyzer. Rather it does all the necessary packet monitoring and analysis, and provides the user with just the answers to the important management questions. The results are color-coded (green is good, red is bad) for rapid and easy understanding.

WSA features the following functionalities and features:

  • Tracks beacon packets to find all access points

  • Determines SSID and AP names

  • Tracks probe packets and the probe responses

  • Tracks data packets

  • Determines link encryption method

  • Tracks authentication packets

  • Determines authentication method

  • Tracks clients

  • Determines firmware versions by fingerprinting the access point's detailed behavior

Components

WSA currently runs under Linux, on either a notebook or an iPAQ PDA. We currently support the Cisco/Aironet PCMCIA 802.11 cards, either the old Prism I-based cards or the current Prism II-based cards. On the iPAQ, we are using the Familiar Linux distribution with the fltk library, and on thinkpads, we are using RedHat 7.1.

Status

WSA is a research prototype, and no definite decision has been made whether to make it a full product or to release it as open source. (The necessary "airo" driver module modifications have already been open-sourced.)

Share
Leave a comment or ask a question
Total comments: 0

Hardware Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Why To Shutdown Your Computer Properly Each Time You Are Not Working on It - There are various reasons why you should shutdown your computer when you are not using it, especially for long periods of time. The main reasons being to save money and prevent damage to your c (more...)
Some Information about the Most Common Computer Ports - When connecting devices to your computer, you should first look at the different types of ports that can be found on it. You may already be familiar with some of the common ones, such as se (more...)
Small Computer System Interface (SCSI) ~ How to Install SCSI Host Adapter in Windows 2000 - This article discusses a type of hard disk that is more popular in high-end machines (servers) than in personal desktop computers. First, I will discuss SCSI and some of its benefits. Then (more...)
What kind of adapters do you choose to connect your iPod to your car - Whether do you ever worry about not to listen to your iPod in your car because of your stereo isn't equipped with a line input or tape deck? Now you can easy to listen your iPod with the three cate (more...)
Types of Memory - Read-only memory Read-only memory (ROM) is a type of memory that cannot be written to. Information is written to ROM chips by the manufacturer, and this information cannot be (more...)
Understanding the Computer System Resources - In this article, when you see the term system resource, I would like you to think of a setting assigned to a device that allows the device to work with the computer. A device is anyth (more...)
The LCD Monitor: A Thin Multimedia Collaboration Client and a New Paradigm for Collaborative Visual Communications - The LCD market is extremely competitive and commoditization has driven prices down. In an effort to increase profitability, manufacturers are seeking ways to differentiate offerings and add value t (more...)
The Technology In a LCD Monitor - Liquid Crystal display or LCD monitor is a thin and flat device for display. It is made by large number of color or monochromatic pixels which are arrayed in way of a light source or a reflector. I (more...)
What is computer and types of computers - Computer is a programmable machine. This means it can execute a programmed list of instructions and respond to new instructions that it is given. Tod (more...)
Maximize Your Printer Investment with HP Maintenance Kits - HP Maintenance Kits give owners and servicers of HP LaserJets the ability to perform basic maintenance, therefore protecting your printer investment. Keeping your HP LaserJets in top working orde (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.