[ Pobierz całość w formacie PDF ]
.The IEEE 802.11 Standarddefines the encryption key to be 64 bits in length, 40 bits ofwhich can be defined by the user as the selected secret key.The other 24 bits are generated by the system and change oneach successive transmission to make sure that the actualencryption key changes constantly.This cryptographyscheme is known as RC4.Some vendors have added to this standard encryptionscheme the option to use longer encryption keys.For exam-ple, they may use 128-bit keys, 104 bits of which are theuser-defined secret key.The longer the key, the more time ittakes for a hacker to obtain the key using brute force meth-ods.To prevent comprising the encryption key if the note-book s PC card is stolen, some Wi-Fi vendors even avoidstoring the keys in the wireless PC card s flash ROM (read-only memory).Without the correct encryption key, a wireless client sta-tion cannot communicate with an access point and, there-fore, cannot get onto the network, much less monitor thetraffic from a neighboring station.But not even these safeguards are entirely hacker-proof.There are now tools freely available on the Internet specifi-cally designed for WEP key hacking, eliminating the need touse brute-force methods.These tools exploit weaknesses inthe key-scheduling algorithm of RC4.Once the tool capturesthe data traffic, the key can be derived from it.440 WIRELESS LAN SECURITYThe weakness of WEP lies in the predictability of the so-called initialization vector, which is the 24 bits of the encryp-tion key generated by the system that changes on eachsuccessive transmission ostensibly to improve security.But some values of this initialization vector can be predictedfor generating  weak keys that can be used to gain access tothe wireless network.All IEEE 802.11 compliant wirelessnetworks are vulnerable to this kind of attack, since they allimplement WEP security in a similar manner.Authentication via RADIUSSome access points have the added capability to restrictaccess to the network to those stations whose MAC addressis included in a Remote Authentication Dial-In User Service(RADIUS) database.To enable this feature, the access pointsneed to be configured to communicate to the RADIUS servereach time a wireless station makes the initial contact.To add to the availability of the service, the access pointscan connect to two servers, a primary and a backup, in casethe primary is down.The network administrator builds thedatabase at the RADIUS server by including the MACaddresses of all the stations that are allowed access to thenetwork.Stations with MAC addresses that do not appear inthis table are not granted access, and the traffic generatedby these stations will be filtered out.To ensure the effectiveness of RADIUS, the networkadministrator must make sure that all access points are con-figured to use the RADIUS database for MAC addressauthentication.To do so, the database has to be populatedwith the MAC addresses of PC cards.New cards have to beadded to the database, and cards that have been reported asstolen or no longer in use must be removed from the database.Key Change AdministrationRegular key changes are important to maintain the integrityof the security system.Some Wi-Fi systems allow for the useWIRELESS LAN SECURITY 441of multiple keys in support of dynamic key rollover.Multiplekeys active at the same time can cover the period requiredfor all users to rotate to a new key.To support frequent key change procedures, vendors offersoftware tools that allow changing the WEP encryption keysremotely.In other words, a network or security administra-tor is able to transmit a new WEP key or set of keys to clientstations and to have them active the next time the PC carddriver is loaded.The end-user will not be aware that this keychange has taken place and does not even know the exactvalue of the WEP key [ Pobierz całość w formacie PDF ]