Wireless networks are catching on at an alarming rate. While they solve many problems that can’t be solved with traditional wired LAN (local area network) technology, at the same time wireless LANs (WLANs) raise many troubling security issues.
Current security solutions aren’t entirely satisfactory, but there are preventative measures network administrators can take to avoid losing data through their wireless networks. Everyone should be aware that wireless networks not only allow for greater freedom but also create a potential hazard for any organization that comes to rely upon them for transmitting sensitive data.
The War Driving Hazard
As with so many good ideas that are not clearly thought out before they are implemented, there are some major drawbacks to going wireless. The biggest problem is that wireless networks have numerous security holes. Part of the beauty of having a WLAN is it allows people to move around and access the network easily. Unfortunately, this particular benefit allows a lot of people you don’t want on the network to access the information stored there as well.
War driving is a popular pastime among wireless hackers, involving cheap, easily obtained equipment and insecure networks. Hackers drive around, searching for open access points in wireless networks, and attaching to them. The phrase “war driving” is derived from the name of a hacking activity of the 1980s, called “war dialing” – the process of dialing random numbers using a modem, searching for insecure networks with modem access. War driving, also called “drive-by hacking,” is even easier and cheaper than war dialing was in the ‘80s.
Many organizations with wireless networks believe that they are safe from hackers because shortwave receivers and scanners cannot intercept or decode wireless information, and the networks only broadcast to a distance of 300 feet. However, with an omnidirectional antenna, a hacker can easily get into a wireless network even from as far away as six blocks. These antennas are available for purchase for around $75, or can be made from common materials from plans for even less.
The problems with war drivers are obvious. While some hackers simply drive around to steal bandwidth, using open access points as a way to use corporate high-speed networks to access the Internet for free, others have more nefarious purposes. By capturing network traffic, hackers can get login IDs and passwords with greater simplicity than many network administrators realize. Depending on the access obtained, intruders can launch denial of service attacks, deface Web sites, monitor transmissions, steal or delete data, or release viruses, among other unlawful activities.
So pervasive is wireless hacking that war drivers are combining GPS locaters with their equipment. This is allowing them to create directories similar to telephone books, listing easily hacked access points. War driving is illegal, as it falls into the category of unauthorized electronic surveillance, but it’s difficult to catch war drivers.
Security – Real or Imagined?
WiFi (Wireless Fidelity) is a certification for wireless networking products, essentially meaning the devices employ the 802.11b protocol. While WiFi offers some security, there are still many holes. For example, much wireless security relies upon SSID (set service ID). SSID means that each access point has an ID, and clients on the wireless network communicate with the access point using its SSID. However, most access points broadcast their SSIDs, so it’s not very difficult to scan for SSIDs and attach to the network that way. The most popular protocol of wireless networks, 802.11b, offers a basic security option called WEP (Wireless Equivalency Privacy). WEP involves two keys – one kept by the server and another held by the mobile user. The dual key system is designed to keep unauthorized snoopers from viewing the data as it is transferred between user and server.
This idea works better in theory than it does in fact, however. WEP depends on RC4 encryption to make security work. Unfortunately RC4 is flawed. For this reason WEP can be cracked using several programs available for download on the Internet. Even 128-bit encryption can be cracked. Cryptographers estimate they can gather enough information in 15 minutes to gather enough information to decrypt the wireless network’s key. There currently is no way to update keys regularly or to effectively handle more than around 100 network nodes using WEP. Even worse, many administrators never enable WEP at all. This total lack of encryption makes stealing user passwords a very easy process for hackers.
As a convenience measure, some networks are set up so they don’t require password authentication for a user to access them. This makes things easier for users but it also makes it easy for hackers to get in. War drivers can park outside a building and use a laptop or PDA to access the wireless network within.
Compounding the problem are wired networks connected to wireless networks. Some organizations bridge their wireless networks with their wired networks, allowing mobile users to use servers on the wired LAN side and also access the Internet. If the wireless side is not secure, then hackers also have free access to the wired network, too.
Solutions
While a clever hacker can find a way around most types of network security, employ every option at your disposal. Most war drivers are looking for easy targets. If hackers try to break into your system, don’t make it easy for them. They may move on to look for easier prey.
So what’s a wireless administrator to do? At present, there are very few perfect solutions. There are a few things that can help foil hackers, however:
1. Turn on WEP.
WEP can be cracked but it is better than no security at all.
2. Keep an eye on rogue access points.
Employees will sometimes set up wireless connections on their own, extending the range of the wireless network beyond the administrator’s intent. Regularly check your network with a scanning tool.
3. Do not connect mission critical systems to WLANs.
Wired LANs are more secure than wireless LANs – keep your important data on the wired side and do not bridge between a wired LAN containing vital data and a wireless LAN.
4. Use unique passwords.
Make sure network users don’t use the same password on the wireless LAN as on the wired LAN. Hackers often try to use the user names and passwords harvested from the wireless side on the wired side later on. Often, users use the same password.
5. Change the default password when you set up the system.
Some administrators never change the default password from the time of installation. Hackers will try the default password first – don’t be an easy target.
6. Treat WLANs as untrusted networks.
Again, watch where those wireless packets are allowed to travel.
7. Use VPNs (virtual private networks) or VLANs (virtual local area networks).
VPN offers some degree of security by establishing connections between nodes and encrypting those connections. In theory, the data going through the connection cannot be intercepted. VLANs are not proprietary, so you aren’t restricted to a particular vendor’s product.
8. Use firewalls between public and secure areas.
Keep an eye on where your traffic is coming from. Firewalls aren’t a perfect solution, but they will help you keep an eye on things. If you use wireless to connect to the Internet, it’s very important to use a firewall between your network and your bridge to the Internet.
9. Use firewalls on WLAN devices.
In addition to setting up firewalls on servers, personal firewalls are available for PCs and for PDAs as well. Make sure your network users understand how to use them.
10. Turn off SSID broadcasting.
Some access points offer the option of not broadcasting their SSIDs. Turning off the broadcast option may limit convenience for WLAN users, but it is more secure. At the very least, be sure to change the SSIDs of wireless devices from the default they are shipped with.
11. Employ vendor-based security features.
Because security is seen as such a major drawback of WLANs, vendors of wireless systems are offering their own security systems. If you haven’t invested in a WLAN yet and security is a major concern for your network, then look into a vendor such as Cisco, Agere, or Symbol for vendor-based security solutions.
12. Use hacking programs on your own network.
Most administrators realize that hacking your own network is the best way to recognize security flaws. If you can get in using a freely downloadable program, so can someone else. Use programs like AiroPeek, AirSnort, and WEPCrack to find the holes in your own wireless security.
13. Be careful what you broadcast over wireless video cameras.
A recent trend is the use of X10 cameras. They’re very popular for monitoring babies and public areas, but be sure you don’t broadcast anything you would not want the general public to view. Other X10 receivers in the vicinity intercept X10 camera transmissions very easily.
14. Watch what you share.
If you share devices on your wireless network, don’t use TCP/IP (use NetBEUI or some other protocol instead). Also avoid sharing entire hard drives that probably contain passwords hidden in files. Share folders instead.
15. Put wireless devices toward the interior of buildings.
Placing an access point near a window is practically asking for trouble. Again, don’t make it easy for hackers. Keep your wireless devices away from windows and areas easily accessed from the exterior of the building. Walls will provide your network with some protection.
Deciding On A Strategy
Whenever you have a network you need to balance convenience, security, and administrative effort. If your network doesn’t have anything particularly sensitive on it, then security is probably not a major concern for you. If user convenience is a high priority, then take measures to secure any information that’s sensitive. And if you don’t have the time or staff to deploy an intensive security effort, then you’ll need to decide whether security or convenience should receive the benefit of the time you have available.
Balance security with convenience and be sure to factor in the amount of effort you’re willing and able to expend enforcing policies. Remember there’s a point of diminishing returns where the inconvenience to both you and your users outweighs the benefits of having a wireless network at all. Striking the right balance is the challenge facing all administrators, wireless or wired, and that balance is your ultimate goal.
Jackie Rosenberger is an editor with Murdok, Inc.
