Latest News
Updated:
04/21/2003
Is
802.11 Ready for VOIP?
5-Minute
Security Advisor - Strengthening Wireless Authentication
Catch-22
of WLANs
eWEEK
Excellence Awards: Networking Infrastructure
IEEE
Plots Speedier WLAN
Extreme
Springs Switch Surprise
Nortel
Launches WWAN-WLAN Products
Nortel
Preps 'Security Switch'
Wi-Fi
Developers Pursue Plans for More Services
How
to Fine-Tune Your VPN Strategy
Cisco
to Buy Linksys
Verizon's
Surprise Evolution
WLANs
Spur Security Questions
Verizon
Plans 2.4-Mbits/s Wireless Rollout
Study
Exposes WLAN Security Risks
Roaming
From WLAN to WAN
Wireless
Clouds Of Connectivity
WLAN:
The Four S's
Cisco
Bolsters Its WLAN Hand
Cisco
to License WLAN Technology
Telesuite
Virtual Conference Room
IBM
Connects Wireless Networks, Enterprise Systems
Ten
Steps to a Secure Wireless Network
Top
Vulnerabilities in Web Applications
Hospital
Cures WLAN Insecurity
System
Boosts WLAN Security
Wireless Network Security
Major Threats:
1. Most current products use spread spectrum technology. Vendors initially claimed it was difficult or impossible to de-spread or demodulate the signals. All you have to do is steal an SSID (Service Set Identifier), the ID attached to packets sent over WWANs that functions as a password for joining a network. All radios and access points within a network use the same SSID. Packets with other SSIDs are ignored.
2. Vendors have stated that you couldn't get an SSID unless you were given it. However, you can get very simple software, some of it free on the Internet that easily intercepts somebody's SSID. NetStumbler, WEPCrack and AirSnort are such programs.
3. Hackers using statistical mathematical analysis tools can compromise the 802.11b WEP encryption. Two recent studies, one from AT&T another at Rice University, have made this clear.
4. Once they smash through inadequate WWAN defenses, infiltrators can steal an SSID, gain access to a network, hack passwords on the enterprise LAN and then delete or alter files stored on servers - or steal trade secrets contained in files.
5. Hackers can infiltrate the network and leave behind "Easter eggs", hidden and undocumented programs or messages embedded in the code of commercial software residing on the network. Some Easter eggs are harmless, even funny, but they can also be destructive viruses.
6. Theoretically, hackers could intercept WWAN packets, decrypt them if they're encrypted using WEP, change them, re-encrypt them and send them on to the intended recipient - who would never know. However, this would require major resources of hardware and software.
7. WEP formerly utilized 40-bit encryption although the 802.11 standard was amended in late 2000 to allow for the support of 128-bit encryption keys - a substantial improvement in the overall strength of WEP. However, the primary design flaws that make WEP vulnerable are not addressed by an increase in key size.
8. Media Access Control (MAC) lists provide a reasonable level of security when a strong form of identity is used. Unfortunately, this is not the case with MAC addresses for two reasons. First, MAC addresses are easily sniffed by an attacker since they must appear even when WEP is enabled, and second most all of the wireless cards permit the changing of their MAC address via software. As a result, an attacker can easily determine the MAC addresses permitted access via eavesdropping, and then subsequently masquerade as a valid address by programming the desired address into the wireless card - bypassing the access control and gaining access to the "protected" network.
Solutions:
1. It has been reported that just 30 to 40 percent of discovered WWANs now use WEP. Enable WEP and change keys frequently. Use 802.11b products with dynamic key generation, like Agere's ORiNOCO AS-2000 or NextComm's R7210.
2. Configure long, hard-to-guess SSIDs.
3. Apply Media Access Control (MAC) filters or use VLANs to restrict access to authorized cards. Track inventory to make sure those cards stay in employee hands and block MACs that belong to lost or stolen cards. MAC address filtering, where available, can be implemented to great effect. Several 802.11 equipment vendors allow for MAC address restrictions. In order to find out the MAC address for a given device, administrators will simply need to consult the 802.11 client interface software which is installed with the 802.11 hardware.
4. Use anti-virus and personal firewall software to keep the wireless client clean.
5. By combining firewall defense with IPsec, SSH, or SSL, you can better prevent wireless eavesdropping and block access by unauthenticated clients. For example, many companies have already deployed a SafeNet or Ashley-Laurent VPN client on laptops for secure remote access. The same client can often tunnel IPsec over wireless to a VPN gateway located between the access point and the rest of the corporate network. Alternatively, consider an access point with built-in IPsec, available from vendors like Colubris Networks.
6. Change the default settings on ALL network components. Default information for all 802.11 vendors is widely available on the Internet in newsgroups, bulletin boards and on manufacturer web sites. Tools such as Netstumbler and APSniff allow a "snooper" to see all the network settings in an 802.11 network - even if WEP is applied. If the defaults are still in place for the 802.11 network, and it is unprotected by WEP, then it is likely that the other defaults for other components may be in place.
7. Install
Virtual Private Networks (VPN) for they will not care whether the
physical carrier and data-link are wires, optical or radio waves. VPNs
off very good confidentiality for data and are available from a wide range
of vendors. They can be transparently implemented on top of 802.11 networks.
On the downside, VPNs tax the resources of a portable, wireless device.
Similarly, they will generate network overhead which, with multiple users,
could rapidly overload the wireless networks. Additionally, VPNs are not
easy to manage and administer. IPsec VPNs do not "roam" well
since a change in IP will require re-
authentication.
8. Use access points that support the RADIUS protocol. The Remote Authentication Dial-In User Service (RADIUS) protocol is a client/server security protocol. RADIUS allows network managers to reduce the risk of distributing security information across many devices by centralizing authentication and permission attributes in a single server. You can use a RADIUS server to authenticate the Media Access Control (MAC) addresses of your 802.11b network cards - giving you complete control over who has access to your wireless network. Most major Internet Service Providers (ISPs) use a variant of RADIUS to authenticate dial-up customers and track their usage.