The Wi-Fi threats to watch for

Guarding against new types of security attacks like “evil twin” hotspots and pharming may be impossible at all times but security experts agree a combination of best practices and education may be businesses’ best bet in the long run.

Evil twin hotspots are rogue access points

set up by hackers to look like legitimate Wi-Fi hotspots like those in hotels or restaurants that a user would log into and enter their credentials, thereby giving criminals access to their account information. Pharming, on the other hand, poisons a domain name system (DNS) server by infusing false information into the DNS server, resulting in the user’s request being redirected elsewhere.

University of Ontario Institute of Technology (UoIT) professor Miguel Vargas Martin refers to pharming as “an evolution of less-sophisticated attacks like phishing where the attacker makes the user believe that they are being legally requested for information.” They go to the false Web site input their information, and that’s it, he said.

Vargas Martin, who teaches in engineering/applied sciences and business/IT faculties, said pharming has a higher level of automization than phishing in that the user is not being requested anything.

“You visit the Web site and you happen to be in the wrong place without knowing,” he said.

Because the browser shows the user they are on the correct Web site, this type of attack is more difficult to detect, Martin added. “It is unknown to the user whether the DNS server is infected.”

Vargas Martin advises users to employ an encrypted communication with the https protocol, for example, and tools like Anonymizer help protect DNS servers to protect themselves.

Out of the above two threats, UoIT professor Ali Grami, also in engineering/applied science and business/IT faculties, said pharming appears to be the larger problem.

“Wireless fishing (evil twin hotspots) conmen do one user at a time, whereas pharming is set up in conferences to catch many users.”

Encryption aside, Grami said U.S. banks, including Citibank and Bank of America, are giving clients virtual account numbers that can only be used once.

To help businesses fend off these threats, vendors such as Intel and Cisco Systems are working together to ensure their products support the latest standards. For example, the latest version of Intel’s Centrino chip, which launched in 2003, now supports Cisco security extensions, said Doug Cooper, Intel Canada country manager.

Cooper said many businesses often overlook the fact that if a notebook is not secured properly all the information is wide open.

“Anything you send over Internet is fair game for people with enough equipment,” said Cooper.

Having said that, Cooper added a notebook is not hard to lock down. IT departments or small business travelers should assign profiles to sites they frequent using settings within Microsoft Windows XP. The settings also allow users to tell their machine not to connect with anything that’s not listed on their profile.

With over 300 Wi-Fi hotspots across the country in hotels, restaurants and airports, FatPort doesn’t want to exclude any potential customers on the basis they have older versions of Windows that don’t have these types of security features.

“Because we’re public, we have to aim to allow as many people as possible to connect to us,” said FatPort chief technical officer James Nedila. “We can’t use a lot of these security features that are coming out so that’s where we’re stuck.”

Even if companies don’t have all the latest security extensions installed on their access points, Cooper said they can turn on Wired Equivalent Privacy (WEP), for example, put it outside their firewall and use VPNs through it.

Newer Wi-Fi standards such as Web Protected Access (WPA), which was designed to improve upon existing Wi-Fi products that are WEP-enabled, and 802.11x address a lot of flaws associated with earlier standards but are only supported by certain operating systems, said Nedila.

“WEP was broken before it even came out,” said Nedila. “Even if we give out the code it’s based on a shared key. As soon as we give it to one person they can give it out to 10 people and you’ve lost your security.”

Web standards aside, Cooper said companies should look to using a virtual private network (VPN) or another type of security mechanism to connect to their office network from a hotspot. This way, Cooper added, criminals can see the encrypted traffic but can’t do anything with it.

Lawyers at National Canadian law firm Miller Thomson LLP who want Wi-Fi capabilities from their home now use a VPN tunnel to connect to the office network. Authentication on the VPN is carried out through IDs and passwords. One of the advantages to VPN, said the firm’s national director of information technology, Richard Van Dyk, is the VPN software takes over a client machine and makes it part of the network.

“In a Wi-Fi model if somebody is riding on your machine, they get disconnected,” said Van Dyk, adding that the firm is running Microsoft Terminal Serivces for remote users. This means that only screen images are transferred through a Wi-Fi network and no data is passed back and forth, he added.

Miller Thomson, which recently rolled out IBM Lotus Notes in a Notes-based sharing system to organize the firm’s data, said Notes is more secure in a Wi-Fi setting than Microsoft Outlook or Exchange, for example.

Unlike Microsoft, which is touting single sign-on authentication across platforms, Notes requires a separate log in authentication, making the network more secure, said Van Dyk.

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+