The Usefulness of WEP Closed ESSIDs MAC Filtering and SSH Port Forwarding

by Hazrul Aaron.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on network security  

You are here: Categories » Electronics and communication » Network security

This brings us to the topic of enabling WEP, closed ESSIDs, and MAC filtering as protective measures. Such defenses are "bypassable", you know how to do it. However, there are still sound reasons to enable these safeguards. One such reason is legal. An attacker who bypasses any of these countermeasures cannot plead ignorance and claim that his or her association with the network was purely accidental. Thus, WEP or closed ESSID can serve as a form of warning saying, "We expect a certain level of privacy on this network; keep your hands off." An organization losing valuable data or assets after a wireless-based attack can be sued for insufficient due diligence if no security safeguards were deployed. However, if baseline countermeasures were implemented, the blame can be shifted somewhere else (manufacturers, standards designers, literature sources claiming that "static WEP is enough," etc.).

Another reason is raising the bar. Penetrating any defenses requires time and effort. Time equals battery power and the higher possibility of being spotted. A large proportion of wireless crackers are the "bandwidth leech" type. They use laptops with preinstalled Windows and Netstumbler to find open wireless networks for a free Internet connection, which they might use to download pornography and warez or send spam. With the system and tools at their disposal, they usually cannot crack WEP, generate custom frames to disclose hidden ESSIDs, or launch Layer 2 man-in-the-middle or DoS attacks. With their knowledge they might not even know how to change the MAC address of their wireless interface. Thus, the baseline safeguards will protect you from this kind of attacker, but never assume that all crackers are this unqualified. At some crucial point it might not be the case.

On the contrary, properly implemented SSH port forwarding can raise the bar by a significant margin. A good idea is to compile your sshd with the TCP Wrappers support and deny all non-SSH traffic on the wireless network while filtering out SSH traffic from unknown IP addresses (don't forget to turn off DHCP). This can be successfully combined with MAC address filtering and static ARP caches where possible. A typical example of SSH port forwarding use is exporting X Window applications via SSH: 


  arhontus# ssh -X -f Xserverhost xapplication_to_use

Apart from providing data encryption and user authentication, this would preserve the CPU cycles and battery power on the mobile host. Another common example is browsing the Web or shopping online via a proxy on the wireless gateway protecting your browsing session with SSH:

  arhontus# ssh -L 5777:localhost:3128 proxyhost

Then set up your browser to use localhost:5777 as the HTTP proxy and you are done (providing that the proxy does listen on port 3128 on the other side). The choice of port 5777 on a local host is completely random, whereas the Squid proxy listens on port 3128 on one of our wireless gateways. If your mobile host is a Windows box, you can use the third-party applications for SSH tunneling. For instance, in PuTTY, do the following:

  1. From the menu on the left side of the Configuration window, select Connection -> SSH -> Tunnels.

  2. Under Add new forwarded port, enter the port number that your computer is going to listen to as the Source port.

  3. For the Destination, enter localhost:5777.

  4. Make sure the Local button is selected and click the Add button.

  5. The newly added port forwarding rule should show up in the Forwarded ports box. If you need to remove the forwarded port, select it and click the Remove button.

  6. Save your changes by going back to the Session page and clicking Save.

  7. Now we have defined the port forwarding tunnel. To make it active, simply log in to the SSH server.

The number of possible examples of SSH port forwarding use is endless and we won't dwell on it any further. Just make sure that you use SSHv2 protocol if you can and your SSH server and clients are up to date and don't have known security holes (or face the possibility of being r00ted by Trinity in years to come). Be as paranoid as we are. We have mentioned that the default ciphers selection in the Linux/etc/ssh/ssh_config is 


  #Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

We recommend replacing it with the unhashed

  Ciphers aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,cast128-cbc, 3des-cbc,arcfour

and adding the following lines to the file:

  MACs hmac-ripemd160,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96    
  HostKeyAlgorithms ssh-dss,ssh-rsa

To summarize, SSH port forwarding provides a quick and easy add-on to the traditional weak wireless safeguards such as WEP and MAC filtering. Although for some specific environments this might be sufficient, if you are looking for a more complete wireless security solution above the data link layer, we strongly recommend considering IPSec.

Share
Leave a comment or ask a question
Total comments: 0

Network security Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Wireless Security Policy - The first thing to start from when deploying and securing a corporate wireless network is a design of a proper wireless security policy. The best source of information on writing a detailed a (more...)
Layer 1 Wireless Security Basics - Let's build on the more technical aspects of the discussed policy considerations. We'll start from physical layer security. The physical layer security of wireless networks encompasses avoiding (more...)
Network Vulnerability Analysis - Vulnerability analysis, sometimes called vulnerability scanning, is the act of determining which security holes and vulnerabilities may be applicable to the target network. In order to do this, (more...)
Wireless attacks at Corporations Small Companies and Home Users - There is a general misconception that only large enterprises are at risk from cracking, wireless cracking included. This is a myth, but it is very prevalent. Large corporations are where the mo (more...)
Practical Use of Asymmetric Cryptography: Key distribution Authentication and Digital signatures - The basic idea of using asymmetric cryptography is distributing public keys while keeping the private keys private and using a person's public key to encrypt data sent to this particular indivi (more...)
Deploying a Linux Based Custom Built Hardened Wireless Gateway - We have to ensure the security of the gateway that separates our AP or bridge or wireless-connected VLAN from the wired side. Such gateways are nothing more (or less) than a flexible stat (more...)
Network Isolation - Isolation of networks affects the flow of network data, which services run on particular systems, and where they are located. It does not affect any of the internal or external network data f (more...)
Ethernet specification - The progenitor of all of today's networks was the Ethernet system originally developed in the 1970s at the Xerox Corporation's Palo Alto Research Center for linking its Alto workstations to lase (more...)
Network Topologies - The topology of a network is the lay of the cables across the land. Most networks involve cables, lots of them, with at least one leading to every PC. Like the proverbial can of worms, they can (more...)
Network Hierarchies - Topology describes only one physical aspect of a network. The connections between the various PCs in a network also can fit one of two logical hierarchies. The alternatives form a class system a (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.