RE: (In)security of wireless LANs and the Cisco Wireless Security Sui te

["Ben Nagy" <ben () iagu net>]

Wow, that's a nice paper - thanks. For lazy readers, here's the ref from
John, shortened.
http://snurl.com/2u02 

We touched on this briefly a little while ago, when we were talking about
802.1x, so you might want to go and read the recent archives.

If you like, skip to the end for the summary. :)

Here's my (notoriously inexpert) opinion on the crypto problems with Cisco
LEAP and some of the derivatives.

LEAP is "broken". That's easy for people to say, and to an extent it's true.
However, some people may overestimate the extent of its broken-ness. The
basic problem is that there's a really, really _stupid_ crypto mistake which
I can't believe they missed.

The LEAP Flaw:

The SekRiT PaSsWorD is shoved through MD4, which produces a 16 byte hash.
This hash is then padded with 5 nulls (whups!) to produce 21 bytes. The
result is split into three chunks of 7. That happens to be the same as a 56
bit DES key. These three keys are each used to encrypt one single challenge
in sort of ECB (no chaining, anyway), concatenate the outputs and send it as
the response. In other words, the response is E(chunk1){challenge} +
E(chunk2){challenge} + E(chunk3){challenge}. This is a dumb idea. I'm sure
they had some reason for it which I don't understand, but on the face of it
they could have used CBC with a 5 byte IV, used a salt, or one of various
other methods. Anyway.

As you can see, the last DES key is very easy to guess (5 known nulls, thus
2 bytes of entropy ~= 2^16), which gives you Chunk 3 - the last two bytes of
the password hash. Given that there is no salt, you can now just scream
through an existing password database, matching on the last two bytes of the
hash.

So, how bad is it? Well, if you use strong passwords, it's not very bad at
all. If I tell you that the last two bytes of my password are "<!" then it's
not going to buy you much. However, if you use dictionary words or simple
derivatives then it's pretty bad.

Other Problems

There are still some other EAP problems, mostly to do with cunning MitM
attacks, even on EAP-TTLS, PEAP and the like, depending on the tunneled
protocol you use for authentication. There is an IETF draft[1], which may
have expired by the time you read this. It's a little more complicated, but
my basic summary is - authenticate BOTH ends, if you can, and don't use a
tunneled protocol which is itself vulnerable to MitM (CHAP is bad, for
example), or you are probably in trouble.

Please remember that the authentication is only one part of the security -
there is still some link encryption, and to my quick skim Cisco's
pre-standard "TKIP" fixes the most egregious of the WEP problems.

Overall

So, you ask if it's "good enough". Hrm. Myself, I would implement all the
bells and whistles, but still do it your way (create an untrusted,
firewalled segment and let them VPN in from it - you can do this
transparently using Windows IPSec if you are native AD etc). Overall,
however, I believe that if you use all of the available wireless features
(MAC filter, SSID, WEP and TKIP (nonstandard) and 802.1x with LEAP or PEAP
(better) ) then it will almost certainly not be the weakest link in your
chain. The risk profile is something you need to work out yourself, of
course, based on how valuable the data flowing over this wireless network
is.

In one sentence: There are still some crypto problems with the current
wireless protocols, but if you are happy with users running IE and receiving
email attachments then you shouldn't lose sleep over a best-practice
wireless solution.

ben

[1] http://www.ietf.org/internet-drafts/draft-puthenkulam-eap-binding-04.txt

> -----Original Message-----
> From: firewall-wizards-admin () honor icsalabs com 
> [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf 
> Of Stewart, John
> Sent: Tuesday, November 04, 2003 12:49 AM
> To: 'firewall-wizards () honor icsalabs com'
> Subject: [fw-wiz] (In)security of wireless LANs and the Cisco 
> Wireless Security Sui te
>
>
> I've been getting a lot of heat from management at one of our 
> sites to implement wireless networking. I've been adamant in 
> the past that it would not be feasible due to the inherent 
> insecurities with WEP under 802.11.
>
> My opinion has been that if they want to use wireless LANs, 
> we can set up a seperate leg on the firewall, treat it like a 
> completely untrusted network, and they can VPN in to get 
> access to internal networks.
>
> However, of course the pointy-hairs in that office want to be 
> able to walk around with their laptops as if they were wired. 
> I don't know why it would be so hard to plug the laptop into 
> the wall in the conference room, but I do understand that it 
> would be "nice to have". I use a WAP at home, and like it.
>
> Anyhow, the Cisco offering in this area does look to be 
> somewhat promising at ameliorating the risks involved with 
> wireless. Here is their white paper on their Wireless 
> Security Suite offering:
>
> http://www.cisco.com/en/US/products/hw/wireless/ps430/products
> _white_paper09
> 186a00800b469f.shtml
>
> It does sound like they're doing some good things, and I'm 
> wondering what the opinion is from you wizards on it. Anyone 
> used it? Is it Good Enough?
>
> While I understand that adding wireless access points, even 
> when done properly, is inherently adding security risk that I 
> did not have before, my job (of course) is to balance 
> business need versus security.
>
> I guess the question is, with this product, am I taking a 
> larger risk than I am with, say, some of these other issues 
> which would not be necessary in an ideal, secured, world:
>
> - Allowing VPNs from users' PCs (a software firewall is 
> required in that case, but certainly this is riskier than not 
> allowing it)
> - HTTP access to everywhere from the internal (Windows) desktops
> - Email on Outlook/Exchange. While we disallow executable 
> attachments, and run virus/trojan scanners on the server and 
> desktop, this is certainly another worrisome vector of attack.
>
> So, with this "Wireless Security Suite" on some Aironet 
> access points, is a wireless LAN (connected to our internal 
> network) really a bigger risk than these other risks, 
> necessitated by our business requirements?
>
> thanks!
>
> johnS
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () honor icsalabs com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards