Basic Wireless Security Concepts

He has: 286 posts

Joined: Mar 2003

Even if you're not a "techie", you should be aware of some recent developments in wireless security, because they could effect your business and/or home networks.

Wi-Fi security currently has four choices:WEP, VPN, WPA and IDS. Let's take a quick look at them.

WEP

The Wired Equivalence Privacy protocol is the orginal and most widely-used security protocol for wireless devices. There are two problems connected with WEP, however. First, it is based on a system of alphanumeric "keys". Hackers using the brute-force or "dictionary" method of entering alphanumeric combinations can eventually uncover the public and private keys.

The keys themselves are short (and therefore easier to guess) and static, instead of being updated dynamically from the server. To update the keys, a technician must visit each device at every location (hot spot, motel, etc). This just isn't practical for most companies.

WAPs

WAPs (Wireless Access Points) are essentially low-frequency radio devices capable of broadcasting over short distances: ten or twenty feet in a home or up to a few city blocks for a business. You can buy a WAP at Best Buy for about $100. They're manufactured by Microsoft, D-Link, Linksys, Netgear, and similar consumer-oriented companies. You can set up a WAP cable modem in your home, install a WAP card in each of your PCs and you now have a wireless home network, with each device having internet access. But all radio signals are subject to interference; for example, they can be blocked by buildings and bridges. High-tension electrical cables can jam their signals.

Many WAPs are set up by default to respond to the strongest RF signal available. Therefore, anyone can set up a "rogue" WAP to pull the signals from another WAP. You can eavesdrop on your neighbors' wireless networks by setting up your own WAP in your car and driving through the neighborhood.

Going to the next step, users can implement user authentication and dynamic WEP, with keys that change, to protect themselves from "script kiddies," teenagers who use packaged hacking tools to infiltrate systems.

Wireless VPNs

Virtual private networking is currently being used to secure internet transmissions through phone lines. This is done by encapsulating the data within a protocol and sending the package out via the TCP/IP protocol. A similar use of this "tunneling" technology can be adapted to wireless transmissions.

Although the IPSec VPN is a tried and true security method for dial-up, it is also limited to IP traffic, complex to configure and needs client-side code. However, VPNs might always be necessary for people working in "hot spots" to connect with the company WLAN.

Therefore, the VPN market is clearly here to stay. VPN market leaders include Cisco, Check Point, Nokia, Nortel Networks, and Symantec. Nokia, in fact, is launching compression software to speed the operation of its cell phones. The company is also planning to market the Opera browser on all its phones.

PDA Security

PDAs are subject to a number of security breaches, including password theft, viruses and data theft through line sniffing.

The biggest security risk to PDAs is theft of the device itself. Securing the data on the device in standalone mode is probably the best type of precaution users can take (along with putting it in your pocket when you go for that second cup of coffee).

The encryption solutions that exist for PDAs typically are one of two types: products to secure the data as the PDA sits in standalone mode, or products to secure the link as the data moves back and forth from infrastructure devices (such as the desktop unit that it uses for hot-syncing).

As with other wireless devices, one of the best ways to protect your PDA is to install a VPN client on it. VPNs operate using a client-server architecture, therefore PDAs using VPN clients need to connect to a VPN gateway server residing on the destination network. It is not possible to establish a VPN tunnel with the VPN client by itself. Therefore, unless you have a VPN gateway server on the destination network that your PDA client will connect to, there is no point in trying to configure a VPN client. For stronger VPN security, you'll want to use X.509 digital certificates for authentication.

For example, a policy that requires the wireless port be disabled will reduce the risk of sensitive data being transmitted to unauthorized individuals. By creating end-user behavior security policies, organizations can hold the end-users accountable for security violations.

CheckPoint Security has developed special VPN software for PDAs, and The Intranet Journal has published an excellent primer on PDA security.

An Attacker Can Introduce a "Rogue" WAP to the WLAN

Many wireless LANS simply connect to the WAP (Wireless Access Point) with the strongest signal. Low-cost WAPs can be used to detour transmissions which can then be monitored by the attacker. In fact, someone inside a company can install a WAP on the company's wired LAN via the ethernet node in the wall in his office. Hide the WAP under his desk. Then anyone outside the building in a car at midnight has complete access to the corporate LAN. this individual can be detected by monitoring sensors placed at key points around the building.

Denial of Service (DoS) Attacks

This basic form of cyber attack easy to use on WAPs. Like all generators of radio signals, WAPs can be blocked by buildings or bridges and they also can be jammed by other RF devices, including other WAPs. The only drawback for the attacker is that he or she must be physically close to the WAP or else its low-frequency signals can be used.

Wireless Intruder Detection Systems

These are often sniffer devices or software that have been optimized to identify computer system and network intrusions by gathering and analyzing data. The wireless IDS does its work by recognizing patterns of known attacks, identifying abnormal network activity. The software also detects policy violations for WLANs and generates alerts based on predefined signatures or anomalies in the traffic.

1. IDS can be purchased from a vendor or developed in-house. There are also open source solutions like Snort-Wireless and WIDZ.

2. Wireless IDS's can also work in combination with physical sensors because hackers must be within a close physical distance to the WLAN. This procedure also involves the physical deployment of agents to identify the attacker. For this reason IDS technolgy might require more human resources.

3. An IDS typically uses directional antennae to triangulate the 802.11 attacker's signal source. IDS can also spot MAC address spoofing.

4. Wireless IDS is a new technology, so be careful it doesn't interefere with normal WLAN operation by cutting off too many routes and subnets. It can also slow down traffic.

WPA

Wi-Fi Protected Access, developed by Microsoft, Cisco and the Wi-Fi Alliance, an industry trade group which also developed WEP.

WPA is the interim protocol before the ratification of 802.11i, WPA includes rapid key updates, stronger encryption algorithms, and stronger authentication.It also periodically and dynamically generates a new encryption key for each client.

WPA is vulnerable to Denial of Service attacks, however. A hacker can bring down a WPA-protected network by sending at least two packets using the wrong key each second. When this occurs, the WAP assumes that an attacker is trying to gain access to the network and it closes down.

They have: 37 posts

Joined: Dec 2010

Great post. Thanks for this useful post.

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.