Wireless local-area networks based on IEEE 802.11 standards aren’t completely secure, but this doesn’t mean companies should refrain from installing them, according to an industry consultant.
“”Should we not use it? No no no no no,”” said Diana Kelley, founder of Security Curve, a Boston-based
consulting firm. She said 802.11 networks are not impossible to secure, but wired networks aren’t airtight either.
Kelley made her remarks during a seminar at InfoSecurity Canada, a trade show held last month at Toronto’s Sheraton Centre.
She began her seminar by warning that wireless LANs are essentially radios, because they transmit data over radio frequencies. But she added many security problems were caused by the fact that over the last few years the technology was new and vendors were rushing products to market.
Network managers who decide not to install wireless equipment need to be on the lookout for “”rogue”” access points (APs) — equipment set up by users without permission from their IT departments.
Kelley said rogue APs are not set up by hackers who want to cause harm, but rather by employees who simply purchase the equipment themselves from electronics retailers because they want to use portable devices.
Some users know they’re not supposed to have the wireless access points and go to great lengths to hide them. Kelley noted one IT manager did a security audit and found an access point hidden in a potted plant. The antenna was made to look like a twig.
She said it’s not difficult for the so-called war drivers to hack into insecure wireless networks.
“”You don’t have to be a rocket scientist. You just have to be a potato chip eater.””
Kelley was referring to hackers who said they were able to access wireless LANs from outside by hooking up metal potato chip cans to the network interface cards on their notebook computers.
She added many unauthorized users are simply “”WiFi tourists,”” or mobile users who inadvertently log on to wireless LANs.
On a recent trip to California, she said some men in her car were using a WiFi-enabled clients to access the Internet.
“”They were saying, ‘Oh, we’re on Oracle’s network,’ and ‘Oh, we’re on Sun’s network.'””
With 802.11 networks, one of the most important things to keep in mind is the wired equivalent privacy (WEP) standard, which is an optional feature on most WiFi products, is only suitable for home users or small offices.
“”A lot of people think it’s ‘wireless encryption protocol’ but it’s not,”” she said, adding WiFi Protected Access (WPA) is more secure.
WPA incorporates some of the features of the IEEE 802.11i security standard, which is still under development.
For example, WPA enables dynamic key allocation, Extensible Authentication Protocol (EAP) and Temporal Key Integrity Protocol.
Kelley noted WPA is not perfect. The Message Integrity Check (MIC) feature, for example, is vulnerable to denial of service (DoS) attacks.
Users should bear in mind the SSID is not a security feature. Its purpose is to identify different segments of a LAN. Turning the SSID feature off is not always an option because this can cause traffic congestion. In order to reduce the risk of a hacker joining a network, users should always change the default settings and should not use an SSID that gives away too much information.
“”Don’t change it to ‘Company X, East Wing, Fourth Floor.'””