RE: [fw-wiz] (In)security of wireless LANs and the Cisco Wireless Security Sui te

From: Ben Nagy (
Date: 11/04/03

  • Next message: Mikael Olsson: "Re: [fw-wiz] (In)security of wireless LANs and the Cisco Wireless Security Suite"
    To: "'Stewart, John'" <>, <>
    Date: Tue, 4 Nov 2003 15:34:28 +0100

    Wow, that's a nice paper - thanks. For lazy readers, here's the ref from
    John, shortened.

    We touched on this briefly a little while ago, when we were talking about
    802.1x, so you might want to go and read the recent archives.

    If you like, skip to the end for the summary. :)

    Here's my (notoriously inexpert) opinion on the crypto problems with Cisco
    LEAP and some of the derivatives.

    LEAP is "broken". That's easy for people to say, and to an extent it's true.
    However, some people may overestimate the extent of its broken-ness. The
    basic problem is that there's a really, really _stupid_ crypto mistake which
    I can't believe they missed.

    The LEAP Flaw:

    The SekRiT PaSsWorD is shoved through MD4, which produces a 16 byte hash.
    This hash is then padded with 5 nulls (whups!) to produce 21 bytes. The
    result is split into three chunks of 7. That happens to be the same as a 56
    bit DES key. These three keys are each used to encrypt one single challenge
    in sort of ECB (no chaining, anyway), concatenate the outputs and send it as
    the response. In other words, the response is E(chunk1){challenge} +
    E(chunk2){challenge} + E(chunk3){challenge}. This is a dumb idea. I'm sure
    they had some reason for it which I don't understand, but on the face of it
    they could have used CBC with a 5 byte IV, used a salt, or one of various
    other methods. Anyway.

    As you can see, the last DES key is very easy to guess (5 known nulls, thus
    2 bytes of entropy ~= 2^16), which gives you Chunk 3 - the last two bytes of
    the password hash. Given that there is no salt, you can now just scream
    through an existing password database, matching on the last two bytes of the

    So, how bad is it? Well, if you use strong passwords, it's not very bad at
    all. If I tell you that the last two bytes of my password are "<!" then it's
    not going to buy you much. However, if you use dictionary words or simple
    derivatives then it's pretty bad.

    Other Problems

    There are still some other EAP problems, mostly to do with cunning MitM
    attacks, even on EAP-TTLS, PEAP and the like, depending on the tunneled
    protocol you use for authentication. There is an IETF draft[1], which may
    have expired by the time you read this. It's a little more complicated, but
    my basic summary is - authenticate BOTH ends, if you can, and don't use a
    tunneled protocol which is itself vulnerable to MitM (CHAP is bad, for
    example), or you are probably in trouble.

    Please remember that the authentication is only one part of the security -
    there is still some link encryption, and to my quick skim Cisco's
    pre-standard "TKIP" fixes the most egregious of the WEP problems.


    So, you ask if it's "good enough". Hrm. Myself, I would implement all the
    bells and whistles, but still do it your way (create an untrusted,
    firewalled segment and let them VPN in from it - you can do this
    transparently using Windows IPSec if you are native AD etc). Overall,
    however, I believe that if you use all of the available wireless features
    (MAC filter, SSID, WEP and TKIP (nonstandard) and 802.1x with LEAP or PEAP
    (better) ) then it will almost certainly not be the weakest link in your
    chain. The risk profile is something you need to work out yourself, of
    course, based on how valuable the data flowing over this wireless network

    In one sentence: There are still some crypto problems with the current
    wireless protocols, but if you are happy with users running IE and receiving
    email attachments then you shouldn't lose sleep over a best-practice
    wireless solution.



    > -----Original Message-----
    > From:
    > [] On Behalf
    > Of Stewart, John
    > Sent: Tuesday, November 04, 2003 12:49 AM
    > To: ''
    > Subject: [fw-wiz] (In)security of wireless LANs and the Cisco
    > Wireless Security Sui te
    > I've been getting a lot of heat from management at one of our
    > sites to implement wireless networking. I've been adamant in
    > the past that it would not be feasible due to the inherent
    > insecurities with WEP under 802.11.
    > My opinion has been that if they want to use wireless LANs,
    > we can set up a seperate leg on the firewall, treat it like a
    > completely untrusted network, and they can VPN in to get
    > access to internal networks.
    > However, of course the pointy-hairs in that office want to be
    > able to walk around with their laptops as if they were wired.
    > I don't know why it would be so hard to plug the laptop into
    > the wall in the conference room, but I do understand that it
    > would be "nice to have". I use a WAP at home, and like it.
    > Anyhow, the Cisco offering in this area does look to be
    > somewhat promising at ameliorating the risks involved with
    > wireless. Here is their white paper on their Wireless
    > Security Suite offering:
    > _white_paper09
    > 186a00800b469f.shtml
    > It does sound like they're doing some good things, and I'm
    > wondering what the opinion is from you wizards on it. Anyone
    > used it? Is it Good Enough?
    > While I understand that adding wireless access points, even
    > when done properly, is inherently adding security risk that I
    > did not have before, my job (of course) is to balance
    > business need versus security.
    > I guess the question is, with this product, am I taking a
    > larger risk than I am with, say, some of these other issues
    > which would not be necessary in an ideal, secured, world:
    > - Allowing VPNs from users' PCs (a software firewall is
    > required in that case, but certainly this is riskier than not
    > allowing it)
    > - HTTP access to everywhere from the internal (Windows) desktops
    > - Email on Outlook/Exchange. While we disallow executable
    > attachments, and run virus/trojan scanners on the server and
    > desktop, this is certainly another worrisome vector of attack.
    > So, with this "Wireless Security Suite" on some Aironet
    > access points, is a wireless LAN (connected to our internal
    > network) really a bigger risk than these other risks,
    > necessitated by our business requirements?
    > thanks!
    > johnS
    > _______________________________________________
    > firewall-wizards mailing list

    firewall-wizards mailing list

  • Next message: Mikael Olsson: "Re: [fw-wiz] (In)security of wireless LANs and the Cisco Wireless Security Suite"

    Relevant Pages

    • RE: palm VIIx wireless modem
      ... Here is a Wireless LAN Security FAQ, ... What are solutions to minimizing WLAN risk? ... that connects clients to the internal network. ...
    • RE: Wireless Audit Cost
      ... "complete analysis" - to me this means that a full audit of both ... the wired and wireless networks is taking place. ... network off the internal LAN. ... >network has the usual security measures in place, ...
    • Re: Wireless security question...
      ... > related to wireless security. ... to the computer on that network that's a little different, ... Can this hacker take control of the wireless laptop? ... but it depends on the security running on said laptop..if they have ...
    • Re: Wi-Fi: Essential Checklist
      ... I prefer, and heartily recommend, regardless of wireless encryption, ... the most basic and easist form of security, which in this case is WPA. ... Is it access to the network? ... will protect your network from sniffing. ...
    • Re: Using a home T-1 line to evade company filtering
      ... installing the wireless card would ... network policy - if you had, you would know that most companies don't ... allow employees to bring in their own computers for security reasons. ...