™ 1 YEAR UPGRADE BUYER PROTECTION PLAN Protect Your Wireless Network From Attack • Complete Coverage of Wireless Standards: IEEE 802.15, HomeRF, IEEE 802.11, IEEE 802.16, Bluetooth, WEP, and WAP • Hundreds of Damage & Defense, Tools & Traps, and Notes from the Underground Sidebars, Security Alerts, and FAQs • Complete Case Studies: Using Closed Systems, Deploying IP Over the WLAN, Utilizing a VPN, Filtering MAC Addresses, and More! Christian Barnes Tony Bautts Donald Lloyd Eric Ouellet Jeffrey Posluns David M. Zendzian Neal O’Farrell Technical Editor solutions@syngress.com With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we continue to look for ways we can better serve the information needs of our readers. One way we do that is by listening. Readers like yourself have been telling us they want an Internet-based ser- vice that would extend and enhance the value of our books. Based on reader feedback and our own strategic plan, we have created a Web site that we hope will exceed your expectations. Solutions@syngress.com is an interactive treasure trove of useful infor- mation focusing on our book topics and related technologies. The site offers the following features: ■ One-year warranty against content obsolescence due to vendor product upgrades. You can access online updates for any affected chapters. ■ “Ask the Author” customer query forms that enable you to post questions to our authors and editors. ■ Exclusive monthly mailings in which our experts provide answers to reader queries and clear explanations of complex material. ■ Regularly updated links to sites specially selected by our editors for readers desiring additional reliable information on key topics. Best of all, the book you’re now holding is your key to this amazing site. Just go to www.syngress.com/solutions, and keep this book handy when you register to verify your purchase. Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there’s anything else we can do to help you get the maximum value from your investment. We’re listening. www.syngress.com/solutions 182_HPwireless_FM.qxd 2/6/02 12:43 PM Page i 182_HPwireless_FM.qxd 2/6/02 12:43 PM Page ii 1 YEAR UPGRADE BUYER PROTECTION PLAN Christian Barnes Tony Bautts Donald Lloyd Eric Ouellet Jeffrey Posluns David M. Zendzian Neal O'Farrell Technical Editor 182_HPwireless_FM.qxd 2/6/02 12:43 PM Page iii Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,” and “Ask the Author UPDATE®,” are registered trademarks of Syngress Publishing, Inc. “Mission Critical™,”“Hack Proofing™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 QJG4TY7UT5 002 KKLRT5W3E4 003 PMERL3SD6N 004 AGD34B3BH2 005 NLU8EVYN7H 006 ZFG4RN38R4 007 CWBV22YH6T 008 9PB9RGB7MR 009 R3N5M4PVS5 010 GW2EH22WF8 PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370 Hack Proofing Your Wireless Network Copyright © 2002 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN: 1-928994-59-8 Technical Editor: Neal O’Farrell Cover Designer: Michael Kavish Technical Reviewer: Jeffrey Posluns Page Layout and Art by: Shannon Tozier Acquisitions Editor: Catherine B. Nolan Copy Editor: Michael McGee Developmental Editor: Kate Glennon Indexer: Ed Rush Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada. 182_HPwireless_FM.qxd 2/6/02 12:43 PM Page iv v Acknowledgments v We would like to acknowledge the following people for their kindness and support in making this book possible. Ralph Troupe, Rhonda St. John, and the team at Callisma for their invaluable insight into the challenges of designing, deploying and supporting world-class enterprise networks. Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent Anderson, and Frida Yara of Publishers Group West for sharing their incredible marketing experience and expertise. Jacquie Shanahan and AnnHelen Lindeholm of Elsevier Science for making certain that our vision remains worldwide in scope. Annabel Dent of Harcourt Australia for all her help. David Buckland,Wendi Wong, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support. Ethan Atkin at Cranbury International for his help in expanding the Syngress program. Jackie Gross, Gayle Voycey,Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their help and enthusiasm representing our product in Canada. Lois Fraser, Connie McMenemy, Shannon Russell and the rest of the great folks at Jaguar Book Group for their help with distribution of Syngress books in Canada. 182_HPwireless_FM.qxd 2/6/02 12:43 PM Page v 182_HPwireless_FM.qxd 2/6/02 12:43 PM Page vi vii Contributors Donald Lloyd (CCNA, CCSE, CCSA), co-author of Designing a Wireless Network (Syngress Publishing, ISBN: 1-928994-45-8), is a Senior Consultant at Lucent Worldwide Services (Enhanced Services and Sales) and a Regional Leader for their Fixed Wireless Practice. His specialties include network security architecture and wireless network design, as well as the implementation of Juniper routers. Donald’s background includes a successful career with International Network Services, and now Lucent Technologies. Besides “unwiring” corporate offices, Donald has spent considerable time designing and deploying secure wireless networks in remote oil and gas fields.These networks not only carry voice and data traffic, but also help energy companies monitor the pipelines that carry these commodities. David M. Zendzian is CEO and High Programmer with DMZ Services, Inc. He provides senior IT and security solutions to single person startups and multi-national corporations “anywhere the Net touches.” His specialties include large- and small-scale IT and security designs, deployments, infrastructure audits, and complete managed sup- port. David’s background includes positions with Wells Fargo Bank as a Security Consultant where he developed and evaluated platform-specific security standards, assisted with identification of security risks to applica- tions, and designed bank interconnectivity projects that required firewalls, VPNs, and other security devices. He was also a founding partner in one of the first Internet service providers of South Carolina and founder of the first wireless ISP in the Carolinas, Air Internet. David is an active Debian Linux developer who maintains packages for network audio streaming (icecast, liveice) and the PGP Public Keyserver (pks). He has provided patches to several projects, most notably to the Carnegie Mellon Simple Authentication and Security Layer (SASL). David studied computer science at the oldest municipal college in America,The College of Charleston in Charleston, SC. He currently lives in the San Francisco area with his wife, Dana. David would like to thank 182_HPwireless_FM.qxd 2/6/02 12:43 PM Page vii viii Change and N8 for providing support and critical commentary needed to finish this work. Eric Ouellet (CISSP) is a Senior Partner with Secure Systems Design Group, a network design and security consultancy based in Ottawa, Ontario, Canada. He specializes in the implementation of networks and security infrastructures from both a design and a hands-on perspective. Over his career, he has been responsible for designing, installing, and trou- bleshooting WANs using CISCO, Nortel, and Alcatel equipment, config- ured to support voice, data, and video conferencing services over terrestrial, satellite relay, wireless, and trusted communication links. Eric has also been responsible for designing some of the leading Public Key Infrastructure deployments currently in use and for devising operational policy and procedures to meet the Electronic Signature Act (E-Sign) and the Health Insurance Portability and Accountability Act (HIPAA). He has provided his services to financial, commercial, government, and military customers including US Federal Government, Canadian Federal Government, and NATO. He regularly speaks at leading security confer- ences and teaches networking and CISSP classes. He is currently working on two upcoming titles with Syngress Publishing, Building a Cisco Wireless LAN (ISBN: 1-928994-58-X) and Sniffer Network Optimization and Troubleshooting Handbook (ISBN: 1-931836-57-4). Eric would like to acknowledge the understanding and support of his family and friends during the writing of this book, and “The Boys” for being who they are. Christian Barnes (CCNP, CCDA, MCSE, MCP+I, CNA, A+) is a member of the Consulting Staff at Lucent Worldwide Services (Enhanced Services and Sales). He is a contributing author to Designing a Wireless Network (Syngress Publishing, ISBN: 1-928994-45-8) and he currently provides technical consultation to clients in the South Central Region for Lucent Technologies. His areas of expertise include Cisco routers and switches, wide area network architecture, troubleshooting and optimiza- tion, network security, wireless access, and Microsoft NT and 2000 net- working design and support. Chris has worked with clients such as Birch Telecom,Williams Energy, and the Cerner Corporation. 182_HPwireless_FM.qxd 2/6/02 12:43 PM Page viii ix Randy Hiser is a Senior Network Engineer for Sprint’s Research, Architecture and Design Group, with design responsibilities for home dis- tribution and DSL self-installation services for Sprint’s Integrated On Demand Network. He is knowledgeable in the area of multimedia ser- vices and emerging technologies, has installed and operated fixed wireless MMDS facilities in the Middle East, and has patented network communi- cation device identification in a communication network for Sprint. He lives with his wife, Deborah, and their children, Erin, Ryan, Megan, Jesse, and Emily, in Overland Park, KS. Andy McCullough (BSEE, CCNA, CCDA) has been in network con- sulting for over seven years. He is currently a Distinguished Member of the Consulting Staff at Lucent Worldwide Services (Enhanced Services and Sales). Andy has done architecture and design work for several global customers of Lucent Technologies including Level 3 Communications, Sprint, MCI/WorldCom, the London Stock Exchange, and British Telecom. His areas of expertise include network architecture and design, IP routing and switching, and IP multicast. Prior to working for Lucent, Andy ran a consulting company and a regional ISP. Andy is co-author of Building Cisco Remote Access Networks (Syngress Publishing, ISBN: 1-928994-13-X). He is also an Assistant Professor at a community college in Overland Park, KS, where he teaches networking classes. Tony Bautts is a Senior Security Consultant with Astech Consulting. He currently provides security advice and architecture for clients in the San Francisco Bay area. His specialties include intrusion detection systems, firewall design and integration, post-intrusion forensics, bastion hosting, and secure infrastructure design.Tony’s security experience has led him to work with Fortune 500 companies in the United States as well as two years of security consulting in Japan. He is also involved with the BerkeleyWireless.net project, which is working to build neighborhood wireless networks for residents of Berkeley, CA. 182_HPwireless_FM.qxd 2/6/02 12:43 PM Page ix [...]... Chapter 1 The Wireless Challenge Introduction Wireless Technology Overview Defining Cellular-based Wireless Defining the Wireless LAN The Convergence of Wireless Technologies Trends and Statistics Increasing Use of Information Appliances The Future of Wireless, circa 2005 Understanding the Promise of Wireless Wireless Networking Wireless Networking Applications for Business Wireless Networking Applications... 2/6/02 11:46 AM Page xiv Contents The Limitations of Wireless Security Cellular-based Wireless Networks and WAP Wireless LAN Networks and WEP Examining the Wireless Standards Cellular-based Wireless Networks Communications Technologies Wireless LAN Networks 802.11 WLAN HomeRF 802.15 WPAN 802.16 WMAN Understanding Public Key Infrastructures and Wireless Networking Overview of Cryptography Summary Solutions... greater security risk to your information Someone could more easily read your financial data, look at your saved documents, or browse your e-mails The advances in ease of use with wireless systems come at a cost—they must go hand in hand with advances in information security.You will now have to deal with issues like: network identification and encryption keys; making your wireless network invisible to people... applied to wireless technologies, you can simply follow the instructions on planning and implementing a wireless network, along with the security aspects surrounding it.You will benefit from the hands-on descriptions of hardening and securing your wireless networks and devices, allowing you to rest easy knowing that no one will compromise your information or take advantage of your systems without your knowledge... 123 182_HPwireless_TOC.qxd xvi 2/6/02 11:46 AM Page xvi Contents Fixed Wireless Technologies In a fixed wireless network, both transmitter and receiver are at fixed locations, as opposed to mobile The network uses utility power (AC) It can be point-to-point or pointto-multipoint, and may use licensed or unlicensed spectrums Chapter 3 Wireless Network Architecture and Design Introduction Fixed Wireless. .. audits of your network using NetStumbler or other wireless scanning tools to make sure that others aren’t enabling unauthorized APs s Update security policy to reflect the dangers of an unsecured wireless network Appendices Glossary Final Thoughts on Auditing Sample Audit Reports Sample Management Report :Wireless Network Security Audit Report XYZ Corporation Sample Technical Report Wireless Network Security... CCNP www.syngress.com 182_HPwireless_01.qxd 2/6/02 1:53 PM Page 1 Chapter 1 The Wireless Challenge Solutions in this chapter: s Wireless Technology Overview s Understanding the Promise of Wireless s Understanding the Benefits of Wireless s Facing the Reality of Wireless Today s Examining the Wireless Standards Summary Solutions Fast Track Frequently Asked Questions 1 182_HPwireless_01.qxd 2 2/6/02 1:53... wireless networking technologies will impact our work and home lives, and that security will have to play an important role in wireless deployments Let’s get started! Wireless Technology Overview Wireless technologies today come in several forms and offer a multitude of solutions applicable to generally one of two wireless networking camps: www.syngress.com 182_HPwireless_01.qxd 2/6/02 1:53 PM Page 3 The Wireless. .. Future of Wireless, circa 2005 Think of a nice sunny morning.The year is 2005 and you are about to go on a business trip in a foreign city.You have your trusty universal integrated two-way voice, data, and video multimedia PDA by your side Using references to your personal digital identification module stored in your PDA, your travel agent registered all of your travel arrangements, including your flights,... lane .Your PDA will take care of passing on the prepayment when you get to the tool booth You arrive at the hotel and leave the car with the valet.They will take care of carrying your heavy bags up to your room As you make your way through the lobby, your PDA authenticates your reservation and provides you with your room assignment.You conditionally sign for the room, and the keys are downloaded to your . Future of Wireless, circa 2005 6 Understanding the Promise of Wireless 7 Wireless Networking 9 Wireless Networking Applications for Business 9 Wireless Networking. Wireless LAN Networks and WEP 35 Examining the Wireless Standards 38 Cellular-based Wireless Networks 38 Communications Technologies 39 Wireless LAN Networks