In: Categories » Electronics and communication » Network security » The Usefulness of WEP Closed ESSIDs MAC Filtering and SSH Port Forwarding
| This brings us to the topic of enabling WEP, closed ESSIDs, and MAC filtering as protective measures. Such defenses are "bypassable", you know how to do it. However, there are still sound reasons to enable these safeguards. One such reason is legal. An attacker who bypasses any of these countermeasures cannot plead ignorance and claim that his or her association with the network was purely accidental. Thus, WEP or closed ESSID can serve as a form of warning saying, "We expect a certain level of privacy on this network; keep your hands off." An organization losing valuable data or assets after a wireless-based attack can be sued for insufficient due diligence if no security safeguards were deployed. However, if baseline countermeasures were implemented, the blame can be shifted somewhere else (manufacturers, standards designers, literature sources claiming that "static WEP is enough," etc.). Another reason is raising the bar. Penetrating any defenses requires time and effort. Time equals battery power and the higher possibility of being spotted. A large proportion of wireless crackers are the "bandwidth leech" type. They use laptops with preinstalled Windows and Netstumbler to find open wireless networks for a free Internet connection, which they might use to download pornography and warez or send spam. With the system and tools at their disposal, they usually cannot crack WEP, generate custom frames to disclose hidden ESSIDs, or launch Layer 2 man-in-the-middle or DoS attacks. With their knowledge they might not even know how to change the MAC address of their wireless interface. Thus, the baseline safeguards will protect you from this kind of attacker, but never assume that all crackers are this unqualified. At some crucial point it might not be the case. On the contrary, properly implemented SSH port forwarding can raise the bar by a significant margin. A good idea is to compile your sshd with the TCP Wrappers support and deny all non-SSH traffic on the wireless network while filtering out SSH traffic from unknown IP addresses (don't forget to turn off DHCP). This can be successfully combined with MAC address filtering and static ARP caches where possible. A typical example of SSH port forwarding use is exporting X Window applications via SSH: arhontus# ssh -X -f Xserverhost xapplication_to_use Apart from providing data encryption and user authentication, this would preserve the CPU cycles and battery power on the mobile host. Another common example is browsing the Web or shopping online via a proxy on the wireless gateway protecting your browsing session with SSH: arhontus# ssh -L 5777:localhost:3128 proxyhost Then set up your browser to use localhost:5777 as the HTTP proxy and you are done (providing that the proxy does listen on port 3128 on the other side). The choice of port 5777 on a local host is completely random, whereas the Squid proxy listens on port 3128 on one of our wireless gateways. If your mobile host is a Windows box, you can use the third-party applications for SSH tunneling. For instance, in PuTTY, do the following:
The number of possible examples of SSH port forwarding use is endless and we won't dwell on it any further. Just make sure that you use SSHv2 protocol if you can and your SSH server and clients are up to date and don't have known security holes (or face the possibility of being r00ted by Trinity in years to come). Be as paranoid as we are. We have mentioned that the default ciphers selection in the Linux/etc/ssh/ssh_config is #Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc We recommend replacing it with the unhashed Ciphers aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,cast128-cbc, 3des-cbc,arcfour and adding the following lines to the file: MACs hmac-ripemd160,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 HostKeyAlgorithms ssh-dss,ssh-rsa To summarize, SSH port forwarding provides a quick and easy add-on to the traditional weak wireless safeguards such as WEP and MAC filtering. Although for some specific environments this might be sufficient, if you are looking for a more complete wireless security solution above the data link layer, we strongly recommend considering IPSec.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
Thus, the main hope of the international 802.11 community and network administrators lies with the 802.11i standard development. Sometimes 802.11i is referred to as the Robust Security Network (RSN) as compared to traditional security network (TSN). The "i" IEEE task group was supposed to produce a new wireless security standard that should have completely replaced legacy WEP by the end of 2003. In the meantime, some bits and pieces of the incoming 802.11i standard have been implemented by wireless equipment and software vendor...
2. Proprietary Improvements to WEP and WEP Usage
The article devoted to the proprietary and standards-based improvements for currently vulnerable 802.11 safeguards. The most publicized 802.11 vulnerability is the insecurity of WEP. We have already reviewed the cryptographic weaknesses of WEP linked to the key IV space reuse and insecure key-from-string generation algorithm. There are also well-known WEP key management issues: All symmetric cipher implementations suffer secure key distribution problems. WEP is no exception. In the original design,...
3. Penetration Testing as Your First Line of Defense
It is hard to overemphasize the importance of penetration testing in the overall information security structure and the value of viewing your network through the cracker's eyes prior to further hardening procedures. There are a variety of issues specific to penetration testing on wireless networks. First of all, the penetration tester should be very familiar with RF theory and specific RF security problems (i.e., signal leak and detectability, legal regulations pertaining to the transmitter power output, and characteris...
4. Asymmetric Cryptography
Message authentication using HMACs works just fine, but how do we distribute symmetric cipher keys among the users? We can pass them around on floppies or fancy USB pen-drives with encrypted partitions on them, but what if many users live all over the world? What if the physical key distribution method takes time and the keys must be frequently changed? This is the case with the traditional WEP, which should be rotated every few minutes. Key-encrypting keys (KEKs) were offered as symmetric cipher keys used only to encrypt...
5. Examples and Analysis of Common Wireless Attack Signatures
The best way of knowing these signatures is trying out the tools in question and sniffing out their output: "Attack through defending, defend through attacking" (Dr. Mudge). The best source on wireless network intrusion tool detection and attack signatures we are aware of is Joshua Wright's "Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection" and "Detecting Wireless LAN MAC Address Spoofing" papers. A large part of this tutorial is inspired by these brilliant articles and our experience of analyzing WLAN tr...
6. Deploying a Wireless IDS Solution for Your WLAN
How many IDS solutions that implement the recommendations and follow the guidelines we have already discussed are present on the modern wireless market? The answer is none. There are many wireless IDS solutions that look for illicit MAC addresses and ESSIDs on the monitored WLAN. Some of these solutions are even implemented as specialized hardware devices. Although something is better than nothing, in our opinion such "solutions" are a waste of both money and time. They might also give you a false sense of security. Let's...
7. Hash Functions Their Performance and HMACs
Other widely used hash functions include 128-bit MD5 from RSA Data Security, Inc., which is a very fast and commonly implemented hash. MD5 is traditionally used to encrypt Linux user passwords (hashes start with the "$1$" character), authenticate routing protocols like RIPv2 and OSPF, create checksums of binaries in RPMs, and verify the integrity of Free/OpenBSD ports files. The specifications of MD5 are available in RFC 1321. Host intrusion detection tools like Tripwire (http://www.tripwire.com) use MD5 to take snapshots of a syst...
8. Introduction to Applied Cryptography and Steganography
One can set up a reasonably secure wireless or wired network without knowing which ciphers are used and how the passwords are encrypted. This, however, is not an approach endorsed by us and discussed here. Hacking is about understanding, not blindly following instructions; pressing the buttons without knowing what goes on behind the scenes is a path that leads nowhere. Besides, security and quality of service are tightly interwoven, incorrect selection of the cipher and its implementation method can lead to a secure but sluggish...