Tuesday, 9 December 2008

Recommended Business WiFi Encryption

I was forwarded an interesting wifi security tech question yesterday which resulted in a debate about whether hiding a WiFi SSID made you secure. I just couldn't resist answering the question, and as usual went off on a security mission with my answer. Lots of positive comments on my answers and my general advice around home and enterprise wifi security, so I'd thought I'd post it up on my blog for all to see. 

Original Q. "I've been having an ongoing debate about the the practice of hiding SSIDs in a corporate environment.  I'm curious to know if hiding SSIDs is widely (emphasis on widely) considered a best practice or whether there are equal arguments on both sides.  My thoughts are that if you couple high grade encryption (WPA2) with some form of authentication (802.1x?) then hiding the SSID is unnecessary - and in fact makes it harder for valid users to find the network."

"Hiding the SSID can keep out the casual WiFi browsing neighbour, but will not prevent the “school boy” level of WiFi broadband thieves from finding out details of your WiFi network, you know those guys who steal WiFi for downloading illegal games, music and other unsavourily whatnot…

The SSID name plays an important part of the WPA-PSK encryption process, as the name is used to uniquely create (or salt as it is referred to) the hash of the WPA passphrase in order to protect against bruteforce attacks, as each bruteforce attempt needs to be hashed 4096 times, meaning it takes ages to try combinations for the passphrases, although it is doable if you have power and time on your hands.  I have rainbow tables (like a hash answer cheat sheet) for top most popularly used SSID names against pre-computed hash values, which allows me to bruteforce passphrases extremely quick, so I can quickly crack poor WPA-PSK passphrases for the most commonly used SSIDs like “NetGear”.  

So therefore my advice, for commercial companies using WiFi always goes with the enterprise WPA encryption options instead of using WPA-PSK (static key/passphrass). At home, go with a long and unique SSID name and decent random passphrase which will prevent rainbow table hash bruteforce. If you are super paranoid at home, go with 20 char+ random SSID name, hiding it doesn’t make any difference to those with the capability of breaking in.

Another point already made, do not name the SSID after your family name or company/department, you shouldn’t advertise what it is to the world, unless you are offering a guest WiFi network.

And yes, we all know WEP is has been broken for 6 years, any WEP key can be cracked in a couple of minutes no matter length and complicity of password and SSID name you used.

Also in the corporate environment, best practice is to scan for WiFi rogue access points at least once a quarter, or even buy a device with continually scans if you have a particularly sensitive site to protect, this is regardless of whether you use WiFi or not at the site.

Oh MAC address filtering is a waste of time too, MAC addresses can be easily spoof (in fact they are impossible to prevent from being sniff), applying a sniffed MAC address to a network card within any OS is easy." 
 
Response - "Thank you for your informative response.  While I’m quite knowledgeable of Microsoft’s products (AD, Exchange, etc.), I’d consider myself an intermediate when it comes to wireless security.  When setting up WAPs, I’ve always used WPA-PSK because that’s what I know to do.  I assume that Enterprise WPA is more secure, but I don’t know what it is.  Is there a website that you could point me to help learn more about this?  I understand that there’s a thing called 802.1x authentication that, for example, would let me require authentication against my Active Directory.  I envision a wireless user establishing the connection, and being prompted to enter their AD credentials, or perhaps it takes what’s cached from when you login to the computer.  Again, any good concise references to this stuff would be greatly appreciated."

"To recap, WPA-PSK (Pre-Share Key) is a personal mode designed for home and small office users who basically do not have any authentication servers available, i.e. Active Directory. WPA-PSK operates in an unmanaged mode using a pre-shared key (PSK), and uses a passphrase to create the encryption key, this the big weakness, as it’s vulnerable to bruteforce attacks. If you have to use this mode within the business setting, I recommend a passphrase of at least 13 characters and regularly changing of that passphrase. BTW the passphrase can be up to 95 characters in length.

By Enterprise modes, I was referring to WPA & WPA2 with IEEE 802.1X and EAP, which operates the WLAN in a managed mode. It uses IEEE 802.1 authentication framework and EAP (Extensible Authentication Protocol) to provide authentication between the client and authentication server. In this mode each user is assigned a unique key to access the WLAN. In answering your question, it uses single-sign on with AD or it can prompt, or it can be setup to use certicates.

Something else I should mention about enterprise modes is WPA-TKIP.  TKIP encrypts each data packet for each individual user at a time, making the encryption extremely difficult to break.  WPA uses the RC4 encryption cipher, where as WPA2 uses the AES encryption cipher, which provides a stronger degree of encryption than RC4. Recently TKIP was proven to have several minor weaknesses with it, in that it’s possible in inject a few packets, and decrypt ARP frames in around 15 minutes, although this is not over concerning and a major flaw, however in my view it is always best to completely avoid such potential issues and go with WPA2 AES option given a choice.

You can use digital certificates with WPA-EAP-TLS, and there’s PEAP authentication as well; all have single sign on capabilities with Active Directory, LDAP, NDS and even with NT Domains."

2 comments:

Anonymous said...

I believe there is a minor comparison error ...

"WPA2 uses AES encryption instead of TKIP, which is a stronger encryption standard."

It should read ...

WPA2 uses AES encryption instead of RC4, which is a stronger encryption standard.

As the correct statement would compare chiper to chiper (instead of chiper to protocol).

Dave Whitelegg CISSP said...

Good spot Cheers, I'll edit the post