266 IntJ Mobile communications. Vol 4 No. 3. 2006 Corporate wireless lan security threats and an effective security assessment framework for wireless information assurance Young B Choi Department of Computer Information Systems and Management Science James Madison University 800 South main street Harrisonburg, VA 22807-0001, USA E-mail: choiyb@jmu. edu Corresponding author Jeffrey muller Integrated Science and Technology and School of Media Arts and Design James Madison University 800 South main Street Harrisonburg VA 22807-0001, USA E-mail: mullerjx@jmu.edu Christopher V Kopek and Jennifer M. Makarsky James Madison University 800 South main Street Harrisonburg VA 22807-0001, USA E-mail: kopekcv@jmu. E-mail: makarsjm@jmu edt Abstract: In this paper, we propose the necessary steps in implementing strong WLAn security for companies using our visual security assessment amework for wireless information assurance. Through real case studies on the organisations with various security measures and by showing complete execution paths of our framework, we suggest the importance of continual assessment of the WLAn for strong corporate security assurance using our Corporate WLAN Security Assessment Framework Keywords: Wireless Local Area Network(WLAN); corporate wireless LAN wireless LAN assessment framework: wireless information Privacy(WEP): WiFi Protected Access(WPA) Virtual Private N;802.11b;802.1li. Reference to this paper should be made as follows: Choi, Y B, Muller, J Kopek, C V. and Makarsky, J M.(2006)C m wireless LAN security threats and an effective security assessment fr for wireless information assurance.IntJ Mobile communications. V 3.pp.266-290. opyright o 2006 Inderscience Enterprises Ltd
266 Int. J. Mobile Communications, Vol. 4, No. 3, 2006 Copyright © 2006 Inderscience Enterprises Ltd. Corporate wireless LAN security: threats and an effective security assessment framework for wireless information assurance Young B. Choi* Department of Computer Information Systems and Management Science James Madison University 800 South Main Street Harrisonburg, VA 22807-0001, USA E-mail: choiyb@jmu.edu *Corresponding author Jeffrey Muller Integrated Science and Technology and School of Media Arts and Design James Madison University 800 South Main Street Harrisonburg, VA 22807-0001, USA E-mail: mullerjx@jmu.edu Christopher V. Kopek and Jennifer M. Makarsky James Madison University 800 South Main Street Harrisonburg, VA 22807-0001, USA E-mail: kopekcv@jmu.edu E-mail: makarsjm@jmu.edu Abstract: In this paper, we propose the necessary steps in implementing strong WLAN security for companies using our visual security assessment framework for wireless information assurance. Through real case studies on the organisations with various security measures and by showing complete execution paths of our framework, we suggest the importance of continual assessment of the WLAN for strong corporate security assurance using our Corporate WLAN Security Assessment Framework. Keywords: Wireless Local Area Network (WLAN); corporate wireless LAN; wireless LAN security; security assessment framework; wireless information assurance; Wired Equivalency Privacy (WEP); WiFi Protected Access (WPA); Virtual Private Network (VPN); 802.11b; 802.11i. Reference to this paper should be made as follows: Choi, Y.B., Muller, J., Kopek, C.V. and Makarsky, J.M. (2006) ‘Corporate wireless LAN security: threats and an effective security assessment framework for wireless information assurance’, Int. J. Mobile Communications, Vol. 4, No. 3, pp.266–290
Corporate wireless LAN security 267 Biographical notes: Dr. Young B. Choi is Assistant Professor of the Madison University in Harrisonburg, Virginia. His current research interests are human factors in telecommunications. wireless telecommunications service nanagement, security management in HIPAA, data mining and visualisation for telecommunications service delivery chain optimisation, and public healthcare. He has a diverse intemational experience of working in industry research and academia in telecommunications and computer networking since 1978. He received his interdisciplinary Phd degree in C networking and Telecommunications from the University of Missouri Jeffrey Muller is undergraduate scholar at James Madison University. He is ence and tec nation knowledge management and media arts and design and on digital ctive multimedia. His research interests are in telecommu security, bioterrorism defense and education using multimedia Christopher V. Kopek is undergraduate student at James Madison University and graduated in May 2005 with a Bs degree in Computer Science. His research interests are network technologies and database structures. Jennifer M. Makarsky is a student at James Madison University 1 Introduction "Today, end users have an increasing selection of different terminals and devices that support wireless access, as well as support for new technologies like 802.11 based WLANS"(Maunuksela and Nieminen, 2005 ) Wireless Local Area Network (WLAN) technology is an important method of extending corporate networks, but the new technology brings greater security risks. An understanding of the types of security risks and attacks as well as the developing security standards and how to implement them will enable firms to stay protected WLANs have the same risks and vulnerabilities that exist in a conventional wired network and there are also numerous other types of threats specific to them. Some examples of particular Wlan threats are passive attacks, active attacks, loss of confidentiality, loss of integrity and loss of network availability As todays technologies advance, so do the techniques and skills of hackers. New wireless security standards are now being created and released in order to stay one step ahead of hackers. The old Wired Equivalent Privacy (WEP) protocol has been proven to be insecure and does not protect WLANS efficiently. A new 802. 1li protocol is being released in 2005 that will protect corporations from WLAN attacks. In conjunction with 802. 1li, there are several other security standards that are being used such as WiFi Protected Access (WPA)and Virtual Private Network (VPN). With these new technologies, companies and firms can now have confidence that their WLaNs are secure. With wireless becoming such a mainstream technology, there is a growing interest creasing its usage in the enterprise environment (Varshney, 2003). However, all the standards and security techniques under development will be in vain unless they are
Corporate wireless LAN security 267 Biographical notes: Dr. Young B. Choi is Assistant Professor of the Information Technology and Management Science Programme at James Madison University in Harrisonburg, Virginia. His current research interests are human factors in telecommunications, wireless telecommunications service management, security management in HIPAA, data mining and visualisation for telecommunications service delivery chain optimisation, and public healthcare. He has a diverse international experience of working in industry, research and academia in telecommunications and computer networking fields since 1978. He received his interdisciplinary PhD degree in Computer Networking and Telecommunications from the University of Missouri-Kansas City in 1995. Jeffrey Muller is undergraduate scholar at James Madison University. He is double-majoring in Integrated Science and Technology with a concentration on information knowledge management and media arts and design and on digital interactive multimedia. His research interests are in telecommunications security, bioterrorism defense and education using multimedia. Christopher V. Kopek is undergraduate student at James Madison University and graduated in May 2005 with a BS degree in Computer Science. His research interests are network technologies and database structures. Jennifer M. Makarsky is a student at James Madison University. 1 Introduction “Today, end users have an increasing selection of different terminals and devices that support wireless access, as well as support for new technologies like 802.11 based WLANs” (Maunuksela and Nieminen, 2005). Wireless Local Area Network (WLAN) technology is an important method of extending corporate networks, but the new technology brings greater security risks. An understanding of the types of security risks and attacks as well as the developing security standards and how to implement them will enable firms to stay protected. WLANs have the same risks and vulnerabilities that exist in a conventional wired network and there are also numerous other types of threats specific to them. Some examples of particular WLAN threats are passive attacks, active attacks, loss of confidentiality, loss of integrity and loss of network availability. As today’s technologies advance, so do the techniques and skills of hackers. New wireless security standards are now being created and released in order to stay one step ahead of hackers. The old Wired Equivalent Privacy (WEP) protocol has been proven to be insecure and does not protect WLANs efficiently. A new 802.11i protocol is being released in 2005 that will protect corporations from WLAN attacks. In conjunction with 802.11i, there are several other security standards that are being used such as WiFi Protected Access (WPA) and Virtual Private Network (VPN). With these new technologies, companies and firms can now have confidence that their WLANs are secure. With wireless becoming such a mainstream technology, there is a growing interest in increasing its usage in the enterprise environment (Varshney, 2003). However, all the standards and security techniques under development will be in vain unless they are
268 Y.B. Choi, J. Muller, C.V. Kopek and J.M. Makarsky implemented vigilantly by companies. Companies developing a new wireless network need to design their network carefully, while those with existing wireless networks need to understand how to examine the costs and benefits of upgrading to more secure hardware and software The organisation of the paper is as follows. Section 2 introduces wired and wireless LAN architectures. In Sections 3 and 4, various threats and attacks in corporate wireless LAN and corresponding wireless LAN security standards and methods are described. In Section 5, emerging WLAN security technologies are introduced In Sections 6 and 7, are tackled. In Sections 8 and 9, our own Wireless LAN Security Framework and 1 corporate vigilance efforts to protect the companies and continual assessment of WLA applications on some real cases to verify its effectiveness and correctness in security assessment are explained in detail by showing all the possible execution paths of the framework. Finally, Section 10 provides the conclusion. 2 Wired and wireless lan architectures A Local Area Network (LAN) is a connection of multiple computers(called within a corporate site). The term'Wired LAN, refers to the traditional Lan where stations are connected to a switch with a cable and the switch is connected to other stations using the same method. There is typically a switch on every floor of the site(called workgroup switch)and a switch in the basement(called a 'core switch) that connects to all of the workgroup switches. This type of lan uses the IEEE 802.3 protocol, also called Ethernet, and is sometimes referred to as Ethernet LANs'" 802. 3 LANS,. The network topology for a corporate Ethernet Lan is usually hierarchical Switches branch off other switches to extend connections to various stations. Using this topology, there is only one possible path between two stations. Figure I shows the structure of wired Ethernet lan Figure 1 Structure of Ethernet LAN 2 Station 3 Station station 1 station 2 station 3 Station 4 Wireless LAN(WLAN uses the air to transmit data between stations. It uses access points to connect to the existing Wired LAN and to broadcast to stations with Wireless Network Interface Card(NC). In contrast to Wired LANS, Wireless LANs use a bus pology where one station broadcasts to all other stations. "Mobile devices in the IEEE
268 Y.B. Choi, J. Muller, C.V. Kopek and J.M. Makarsky implemented vigilantly by companies. Companies developing a new wireless network need to design their network carefully, while those with existing wireless networks need to understand how to examine the costs and benefits of upgrading to more secure hardware and software. The organisation of the paper is as follows. Section 2 introduces wired and wireless LAN architectures. In Sections 3 and 4, various threats and attacks in corporate wireless LAN and corresponding wireless LAN security standards and methods are described. In Section 5, emerging WLAN security technologies are introduced. In Sections 6 and 7, corporate vigilance efforts to protect the companies and continual assessment of WLAN are tackled. In Sections 8 and 9, our own Wireless LAN Security Framework and its applications on some real cases to verify its effectiveness and correctness in security assessment are explained in detail by showing all the possible execution paths of the framework. Finally, Section 10 provides the conclusion. 2 Wired and wireless LAN architectures A Local Area Network (LAN) is a connection of multiple computers (called within a corporate site). The term ‘Wired LAN’ refers to the traditional LAN where stations are connected to a switch with a cable and the switch is connected to other stations using the same method. There is typically a switch on every floor of the site (called a ‘workgroup switch’) and a switch in the basement (called a ‘core switch’) that connects to all of the workgroup switches. This type of LAN uses the IEEE 802.3 protocol, also called ‘Ethernet’ and is sometimes referred to as ‘Ethernet LANs’ or ‘802.3 LANs’. The network topology for a corporate Ethernet LAN is usually hierarchical. Switches branch off other switches to extend connections to various stations. Using this topology, there is only one possible path between two stations. Figure 1 shows the structure of wired Ethernet LAN. Figure 1 Structure of Ethernet LAN Wireless LAN (WLAN) uses the air to transmit data between stations. It uses access points to connect to the existing Wired LAN and to broadcast to stations with Wireless Network Interface Card (NIC). In contrast to Wired LANs, Wireless LANs use a bus topology where one station broadcasts to all other stations. “Mobile devices in the IEEE
Corporate wireless LAN security 802.11 Wireless Local Area Network(WLAN have the ability to transmit data frames at one of four transmission rates lMb/s, 2Mb/s, 5. 5Mb/s and 1 lMb/s"( Sheu et al., 2003) Each transmission rate is dant on which version of 802. 11 the system is Wireless LANS are not competing with traditional Ethernet LANS. They are used to extend the existing corporate network to mobile clients. Therefore, if the security is lax on a company's wireless LAN, it compromises the security of the wired LaN Figure 2 shows how the wireless network connects to the existing wired LAn using an access point Figure 2 Wireless LAN extending Ethernet LAN Wireless LAN Ethernet LAN Mobile Client Authenticate adio trane ohr Mobil 3 Threats and attacks in corporate wireless LaN Wireless lans have the same risks and vulnerabilities that exist in a conventional wired network. There are numerous other types of Wlan threats and attacks that need to be aken into consideration if a WLan is to be kept free of hackers and crackers. Some of these threats and attacks are passive attacks, active attacks, loss of confidentiality, loss of integrity and loss of network availability 3. Passive attacks a passive attack occurs when an unauthorised party gains access within the network but does not modify the content. There are two types of passive attacks: eavesdropping and traffic analysis or monitoring Eavesdropping is when an attacker, usually from within the perimeter of the business, monitors transmissions for message content by listening to the transmission between two workstations. Nothing is touched physically, but information and privacy is invaded. On the other hand, traffic analysis is typically performed by an intruder that is outside the perimeter of the business, monitoring the transmissions for patterns of co
Corporate wireless LAN security 269 802.11 Wireless Local Area Network (WLAN) have the ability to transmit data frames at one of four transmission rates 1Mb/s, 2Mb/s, 5.5Mb/s and 11Mb/s” (Sheu et al., 2003). Each transmission rate is dependant on which version of 802.11 the system is using. Wireless LANs are not competing with traditional Ethernet LANs. They are used to extend the existing corporate network to mobile clients. Therefore, if the security is lax on a company’s wireless LAN, it compromises the security of the wired LAN. Figure 2 shows how the wireless network connects to the existing wired LAN using an access point. Figure 2 Wireless LAN extending Ethernet LAN 3 Threats and attacks in corporate wireless LAN Wireless LANs have the same risks and vulnerabilities that exist in a conventional wired network. There are numerous other types of WLAN threats and attacks that need to be taken into consideration if a WLAN is to be kept free of hackers and crackers. Some of these threats and attacks are passive attacks, active attacks, loss of confidentiality, loss of integrity and loss of network availability. 3.1 Passive attacks A passive attack occurs when an unauthorised party gains access within the network but does not modify the content. There are two types of passive attacks: eavesdropping and traffic analysis or monitoring. Eavesdropping is when an attacker, usually from within the perimeter of the business, monitors transmissions for message content by listening to the transmission between two workstations. Nothing is touched physically, but information and privacy is invaded. On the other hand, traffic analysis is typically performed by an intruder that is outside the perimeter of the business, monitoring the transmissions for patterns of communication
270 Y.B. Choi, J. Muller, C.V. Kopek and J.M. Makarsky just like a traffic cop. The intruder typically observes and makes assessments about the nature of traffic, amount of traffic and the load on the network but again he/she does not physically alter the information 3.2 Active attacks An active attack is where an unauthorised party makes changes and alters information to a message or file. These types of attacks can be detected but may not be preventable Four types of active attacks are masquerading, replay, message modification and Denial-of-Service(Dos). Masquerading is when an attacker impersonates an authorised user and gains access to the network. The authorised user's identity is compromised and the attacker has full access to the authorised users network information. These attacks can range from very simple to complex based on the security in effect. When an attacker monitors transactions then retransmits the information as the authorised user, replay has occurred The attack starts off as a passive attack, but it eventually becomes an active attack when the attacker replies to the transmission. Meanwhile, message modification occurs when the attacker modifies a message by deleting, adding, changing or reordering the message. Any tampering of the message would be considered message modification. A Denial-of-Service(DoS)attack, on the other hand, is an assault that can cripple or disable a WLAN. It occurs when an attacker prevents or prohibits use of the network The attacker blocks the service or transmission and can slow the network to crawling speeds or actually force it to quit working. There are multiple Dos attacks, one of which is the 'brute force method This can come in one of two forms either a huge flood of packets that uses up all of the networks resources and forces it to shut down, or a very strong radio signal that totally dominates the airwaves and makes access points and radio cards useless 3.3 Loss of confidentiality Confidentiality is a major concern when dealing with any network. An organisation does not want its companys private information and investments open to competitors. With WLANS, an attacker does not need to tap into a network cable to access the network; they can go through radio and broadcast waves which make traditional security for LANs less fective. Passive attacks assault confidentiality just by listening to the transmissions; and due to the extended range of WLaNs, attackers can listen to transmissions outside of the organisation without the users knowing it. If the user has a hub, the chance of being attacked increases as hubs broadcast to the entire network and leaves traffic vulnerable 3.4 Loss of integrity In connection with loss of confidentiality, losses of integrity in WLANS are the same as those in LANS. Unfortunately, most companies do not have adequate protection, thus, integrity is difficult to achieve. If an attacker message modifies data, data integrity is lost through the alterations of the attacker. This can be devastating to an organisation if mportant information is lost or modified
270 Y.B. Choi, J. Muller, C.V. Kopek and J.M. Makarsky just like a traffic cop. The intruder typically observes and makes assessments about the nature of traffic, amount of traffic and the load on the network, but again, he/she does not physically alter the information. 3.2 Active attacks An active attack is where an unauthorised party makes changes and alters information to a message or file. These types of attacks can be detected but may not be preventable. Four types of active attacks are masquerading, replay, message modification and Denial-of-Service (DoS). Masquerading is when an attacker impersonates an authorised user and gains access to the network. The authorised user’s identity is compromised and the attacker has full access to the authorised user’s network information. These attacks can range from very simple to complex based on the security in effect. When an attacker monitors transactions then retransmits the information as the authorised user, replay has occurred. The attack starts off as a passive attack, but it eventually becomes an active attack when the attacker replies to the transmission. Meanwhile, message modification occurs when the attacker modifies a message by deleting, adding, changing or reordering the message. Any tampering of the message would be considered message modification. A Denial-of-Service (DoS) attack, on the other hand, is an assault that can cripple or disable a WLAN. It occurs when an attacker prevents or prohibits use of the network. The attacker blocks the service or transmission and can slow the network to crawling speeds or actually force it to quit working. There are multiple DoS attacks, one of which is the ‘brute force’ method. This can come in one of two forms: either a huge flood of packets that uses up all of the network's resources and forces it to shut down, or a very strong radio signal that totally dominates the airwaves and makes access points and radio cards useless. 3.3 Loss of confidentiality Confidentiality is a major concern when dealing with any network. An organisation does not want its company’s private information and investments open to competitors. With WLANs, an attacker does not need to tap into a network cable to access the network; they can go through radio and broadcast waves which make traditional security for LANs less effective. Passive attacks assault confidentiality just by listening to the transmissions; and due to the extended range of WLANs, attackers can listen to transmissions outside of the organisation without the users knowing it. If the user has a hub, the chance of being attacked increases as hubs broadcast to the entire network and leaves traffic vulnerable. 3.4 Loss of integrity In connection with loss of confidentiality, losses of integrity in WLANs are the same as those in LANs. Unfortunately, most companies do not have adequate protection, thus, integrity is difficult to achieve. If an attacker message modifies data, data integrity is lost through the alterations of the attacker. This can be devastating to an organisation if important information is lost or modified