Think wireless computing is secure? Think again. Here are tips for keeping the baddies out.
Mobile and home-based workers comprise a growing percentage of the corporate workforce, making the implementation of wireless technology an important initiative for corporate IT. However, even as wireless solutions and Wi-Fi hotspots are growing in their numbers and distribution points, so are the security concerns that come with wireless technology.
Let’s take a detailed look at these wireless security threats and the methods IT can use to combat them as it installs and supports wireless technology.
Wireless security in 2005
Companies are moving ahead with wireless technology. Some have formal planning strategies and projects in place, while others are adopting wireless technology informally at the end user level. In the latter case, this informal adoption can be as simple as a corporate executive purchasing a wireless PDA (personal digital assistant) or a laptop to use at home or on travel. Informal adoption of wireless technology is risky when devices are placed into operation before security is addressed.
Even with a plan, there are those in the wireless industry who maintain cautionary stances when it comes to wireless security. One industry executive recently observed that companies were using wireless technology at various levels of standard 802.11b-g. 802.11 uses WEP (wireless equivalency protocol), which has tried to address security shortcomings in the 802.11 standard, and newly evolving standards like WPA (Wi-Fi Protected Access) and WPA2 are even more promising and will probably replace WEP.
Nevertheless, there is still wariness when it comes to implementing wireless networks. Standards continue to evolve, and encryption and authorization algorithms can be implemented incorrectly in both software and hardware-which is where the vector for security attacks resides.
John Isaac, vice president of sales and program manager for Clare Computer Solutions, a network designer and installer, says: “Despite security risks, wireless security can be capably addressed if IT focuses on exceptional LAN security. When an individual connects with a network, whether that network is wireless or wired, there must be strong security policies and methodologies on the network.”
Wireless information travels across the airways, and can be sniffed or captured by anyone monitoring those airways. To help mitigate this, sites can implement sophisticated user ID/password authentication, along with data encryption. This complicates the job of the hacker, because user IDs and passwords are harder to decipher, and without them, the hacker can’t associate his device with a wireless access point.
To foil hackers, industry vendors also use data encryption algorithms (most commonly, 128-bit encryption). Most vendors additionally employ WEP, and are moving into WPA2 and other protocols for both wired and wireless networks.
“In combination, all of these security measures are there to prevent unauthorized use,” says Isaac. “In addition, there are techniques like MAC level authorization, where a network card is associated with a specific device. There are pros and cons to the MAC strategy. If a laptop with a MAC identifier gets stolen, the thief has ready access to the network.”
How easy is it?
Because wireless technology is being widely deployed in homes and public places, industrial-strength IT security, with regular security audits and strict security regulations, is not consistently planned for. It is no surprise that hacking into a wireless network can be easy and straightforward. Here are two examples:
Let’s say you’re at an airport with your laptop, and you want to connect into the office network to check e-mail. The airport has a Wi-Fib hotspot and your wireless laptop connects into the Wi-Fib access point. Anyone sitting nearby with the right set of tools can try to hack into your communications, which are even more vulnerable if you have an easily decipherable password.
Public disregard for security in a wireless setting, combined with malicious attempts at obtaining information and compromising networks, give IT managers considering widespread wireless deployment a lot to think about.
Most experts agree there are seven major threats to wireless security. Let’s look at each in turn.
* Insertion attacks: Hackers can “insert” devices on your network, and can even create new wireless networks while bypassing security. Frequently, this is accomplished by connecting a wireless client like a laptop or a PDA to an access point without security authorization. This is where a sophisticated password scheme that is hard to decipher can become invaluable as a preventive measure. Other password protection techniques include password “timeouts” if login doesn’t occur within a prescribed number of seconds, and a policy and process that assures the frequent reissuance of passwords.
A second type of insertion attack is more inadvertent. This attack occurs when employees of the company have personal wireless devices that they want to connect to corporate information in order to do work from home or offsite. The move might be innocent enough-but it is still unauthorized and potentially threatening. Regular network scans for authorized devices help to keep this in check.
* Interception and unauthorized monitoring of wireless traffic: Network traffic can be monitored and intercepted across a wireless LAN. For 802.11 standard wireless networks, the attacker needs to be within 300 feet of an access point, but in practice, this distance can even be greater, depending on the device reception and transmission ranges. Wireless intrusion is easier than its wired counterpart, because all a wireless intruder needs is access to the network data stream. In contrast, a wired attack minimally requires placement of a monitoring agent on a compromised system.
Wireless and wired network intrusions operate on the same principles. The intruder uses tools that capture the first part of a connection session, which typically includes the username and password. With these, the intruder can then appear to the network as an authorized user.
Wireless intruders can also monitor network broadcasts if your wireless network access point is connected to a hub instead of a switch. This is because Ethernet hubs broadcast all data packets to the wireless access point.
A third wireless network data interception approach occurs when the intruder creates his own wireless network, and broadcasts a signal that is stronger than the corporate network’s signal. Wireless clients detect the stronger signal, and unknowingly give away passwords and sensitive information.
* Jamming: Denial of service (DOS) attacks victimize both wireless and wired networks. In a wireless network scenario, any attacker with the proper equipment and tools can easily flood the 2.4GHz wireless frequency, corrupting the wireless network signal to where it ceases to function. Wireless network transmissions can also be compromised with other proximate wireless devices like cordless phones and baby monitors, since all of these devices operate in the 2.4GHz frequency band.
* Client-to-client attacks: Two wireless clients can talk to each other, bypassing the wireless access point. In these communications, attacks can occur in two major areas: file sharing and TCP/IP abuse; and denial of service, where one wireless device floods others with bogus data packets. Peer to peer attacks will potentially become a greater issue with the promulgation of more peer to peer technologies in wireless and in VoIP.
* Brute force attacks against access point passwords: Many access points use a single key or password that is shared with all wireless clients. An attacker resorts to a brute force dictionary attack, trying every imaginable password combination until he “cracks” the password of the wireless access point. Failure to frequently change access point passwords increases network vulnerability.
* Encryption attacks: WEP has had some exploitable security weaknesses, and is being enhanced by new protocols like WPA and WPA2. The same applies to Triple DES (data encryption standard) encryption, which is moving to AES (advanced encryption standard). The key is balancing a strong encryption formula against the extension in transaction time that more robust encryption creates.
* Misconfigurations: Many routers and hubs deployed as wireless access points come preset from the factory to allow for easy configuration and installation at the site. These device presets are unsecured. It is critical for IT to have security configuration of these incoming devices on an installation checklist before the devices are placed into service. For sites subject to annual security examinations and audits, access point security is one of the first items reviewed by auditors.
Playing it safe
Regardless of where your organization is on the wireless adoption spectrum, here are nine best practices for wireless security that address the most frequent security threats.
* Adopt strong user ID, password and login policies: Passwords should be used at both the wireless network access and application access points-and policies should dictate that they are changed regularly. The passwords should mix lower and upper cases and alphas and numerics.
“Don’t use your dog’s name, or anything else that is straightforward to decipher,” says Isaac. “And try to avoid using words that can be found in a common dictionary, because hackers have software that performs dictionary attacks–the hacker software literally runs a massive dictionary against your computer to figure out the password.”
Login times can also be limited to 30 seconds on both remote user devices and the validating corporate servers. This limits the window for password interception.
* Distribute authorization to wireless access on a need-to-know basis:
“A lot of small and medium-sized businesses set up security, but they trust everyone by not restricting access,” says Isaac. “Another common information access strategy is to leave everything open to everyone except for accounting and HR.”
An alternative strategy is to give workers access only to the information they requires to perform their job. In a wireless scenario, this strategy also reduces corporate exposure when there is an information or access breach.
* Use security certificates: This is one more piece of software on your laptop that has to match the corresponding software on the server. It is relatively inexpensive, and it is very difficult to hack into.
* Deploy VPNs and heavy-duty data encryption: Many companies use virtual private networks to shield their network and their corporate users. They combine this with 128-bit data encryption, and some even use Triple DES or AES encryption.
* Buy security-enabling network components and make sure they’re correctly configured for strong security: Some providers provide access control servers (ACS), which are especially created for tamper-proof security authentication. Others provide routers and hubs where security levels can be set to meet the corporate security standards identified in your policies. The latter devices ship from the factory with security defaulted to a wide-open status. You can lock down your network by pre-configuring these devices for the security called for in your corporate policies before they are installed on your network.
* Constantly monitor wireless network devices and activity: Commercially available network monitoring software monitor wireless devices and networks, access points and bridges 24 hours a day-for performance, availability and possible security breaches.
* Create security policies and procedures for your network and wireless technology, and have an independent party review them: Security policies and procedures are an absolute requirement for both networks and wireless technology. Because internal staff is so closely engaged with the technology, it is a good idea to either obtain some upfront consulting from an outside source when you are developing your policies and procedures, or to have an outside source periodically review the policies and procedures to ensure that there are no security holes, and that new technology developments are adequately covered in the existing set of policies and procedures.
* Have a proactive approach to disaster recovery: If someone breaks into your system and destroys or compromises data, nightly backups to tape or disc can save a lot of headaches and get the enterprise up and running again quickly. Nightly backups, regular media rotations, and offsite media storage should be integral parts of daily operations on your wireless network.
The cost of freedom
Wireless networks, standards and security measures are still evolving, but that’s not preventing some organizations from aggressively pursuing wireless as part of their IT architecture. In many cases, the same security issues that confront wireless can also be found in wired environments. In both cases, careful planning; the development and enforcement of policies and procedures; and the adoption of the right tools and security measures create sound insulation for corporate data and communications.
Finally, wireless is unique because of its mobility as a solution, and its ability to travel in airways, where it is vulnerable to interception. However, even these unwired transmissions have to connect with access points, which in turn must connect to network resources and applications. Bullet-proofing these access points and interfaces goes a long way in securing a wireless network.
Mary E. Shacklett is president of Transworld Data, a marketing and technology practice for technology companies and organizations.