Securing Your Wireless Access Network
When it comes to cutting the network cord and going wireless, people often fail to consider the security implications. Wireless is all about convenience, as it untethers users from the shackles of the Ethernet cable. But first-time users often open themselves up to the myriad security issues that surround wireless.
Many people are oblivious to computer security in general. But the protections that can keep users safe in the wired network world, regardless of their level of awareness, fall away in the wireless world. At its essence, wireless networking is just another form of radio communication. Since wireless networks broadcast radio frequencies, anyone with a wireless receiver can hear all communications on the network.
With that, wireless is just as vulnerable to eavesdropping, traffic injection, spoofing and other forms as attack as other radio communication. Wireless is no different from a baby monitor, which also operates at a 2.4 GHz frequency.
Despite these security concerns, there are numerous benefits to wireless. The most obvious of these is its mobility. Being constantly tethered to a workstation or laptop often is a hindrance to productivity. The improved employee effectiveness and efficiency that comes with the openness of a wireless network is one reason that wireless voice and data networks are one of the fastest growing and most dynamic areas in the technology industry today.
Businesses, municipalities, home users and others are moving to wireless in droves. Wireless also can offer significant cost savings, while increasing the availability of information on demand. In addition, the inherent flexibility of wireless to network changes is helpful.
The low cost of entry is one of the main benefits of wireless. But just as it is inexpensive for organizations to deploy wireless, it corresponds that inexpensive wireless equipment also makes it easier for hackers to mount an attack against a wireless network.
Wireless Is Ubiquitous
There is hardly an industry where wireless is not in active use. From retail and manufacturing to hospitals, large hotel chains, coffee shops, convention centers, airport waiting areas and the enterprise networks, wireless is there. For these industries, organizations and locations, wireless is an additional revenue opportunity for providing Internet connectivity to clients.
Meanwhile, for larger organizations, wireless is turning into the backbone of IT infrastructures, with wireless applications increasingly being deployed on various platforms. For those organizations in which wireless technology already is a network component, security often is in place. But for many, wireless is being deployed haphazardly; some may not even have a clue it has been deployed.
Also note that wireless includes new integrated technologies such as BlackBerry and other high functioning mobile phones. These technologies have given users increased benefits, but they have also resulted in a convergence of the inherent security risks associated with each integrated technology.
As you venture into the wireless world, you likely will see terms such as Wi-Fi, WLAN, 802.11 and others. Wireless, like other technologies, has a set of acronyms. For example, 802.11 is a set of technical standards created by the Institute of Electrical and Electronics Engineers for wireless networks.
From a security perspective, the range of functionality specified by 802.11 is about 100 meters. That means that if you don’t protect yourself, there is a potentially large pool of people that can take a free security ride on your wireless network.
In considering the security risks associated with wireless, many people ask a simple question: “Why would hackers want to attack me?”
Say you’re an ordinary guy with some MP3 files and movies on your computer. While you may have nothing worth stealing, hackers do not necessarily know that. Often they want the data.
But more than that, they may simply want to access other parts of your network. Many users will have VPN connections back to their corporate networks. Such access is extremely valuable to hackers. They may simply want you to be their ride to anonymous network access and deny you service to your own network. Your wireless access is the perfect vehicle for that. So no matter how ordinary or how average you are, your wireless network is at risk.
So from a practical perspective, wireless is insecure. And as wireless technologies gain wider acceptance, it is imperative that wireless security concerns be taken into account.
It is important to first realize that every security risk that exists in physical networks is prevalent in wireless networks. In fact, wireless introduces new risks. According to the National Institute of Standards and Technology, the main concerns around wireless security are device theft, denial of service, malicious hackers, malicious code, theft of service and industrial and foreign espionage.
As wireless becomes more ubiquitous, it is becoming the vehicle of choice for attack. While there are many security risks associated with wireless protocols and encryption, most of them are surmountable. But with the growing use of wireless hacking tools, the onus of wireless security is falling on the user.
For those who think wireless security is a bunch of hot air created by the security industry, realize that wireless security issues go back decades. While we are discussing 802.11, wireless security of the past dealt with espionage against microwave relay systems, theft of satellite TV service, cloning and fraudulent use of cellular phones.
Defining Security and Wireless Risks
At the high level, information security is a concern in three core areas:
Confidentiality: Data can’t be read by anyone for whom it wasn’t intended.
Integrity: Data can’t be altered in storage or transit between sender and intended receiver without the alteration being detected.
Availability: The data, systems and security controls used to protect the data are all available and functioning correctly when the data is needed.
Some of the more prominent 802.11 wireless risks that end users need to be aware of are:
- Data interception: Unencrypted wireless traffic is intercepted and confidential information compromised via wireless transmission intercepts.
- Accidental association: A user turns on a wireless device, which in turn connects to a wireless access point from a different organization’s network. The risk is that proprietary corporate data may be exposed. There also is a link into the network here that could be exploited.
- Wi-Phishing: An attacker covertly sets up an access point to get wireless-enabled laptops to associate with it as a prelude to an attack. These access points often are a source of malware.
- Rogue access points: Access points illicitly set up permission. Rogue access points will enable wireless transmission intercepts and can be used to bypass security controls.
- Data loss: Sensitive unencrypted data or data encrypted with poor cryptography is transmitted between two wireless devices and may be intercepted and disclosed.
- Insertion attacks: Unauthorized devices are deployed, or new wireless networks are created.
- Evil twin traffic interception: An attacker fools legitimate wireless clients into connecting to the attacker’s network by placing an unauthorized access point with a stronger signal in close proximity to the wireless client. Users then attempt to log in to the substitute servers and unknowingly give away passwords and similar sensitive data.
Wireless Security To-Do List
While out-of-the-box wireless is insecure, it doesn’t have to be that way. With a little effort, you can easily obviate most of the main wireless security risks. By implementing the following items, you can quickly secure your wireless network:
- Utilize strong encryption: The most effective way to secure your wireless network is via strong encryption. Most wireless access points have built-in encryption functionality. Unfortunately, many manufacturers leave encryption disabled as a default setting.
- The two main wireless encryption types available are Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Your computer, router and other equipment must use the same encryption. WPA protocol itself is much improved over WEP. WPA is stronger and the better choice. Some older routers use only WEP, which is insecure and can be broken in minutes. It is debatable if WEP is better than no encryption.
- Change router identifier: The default identifier for your access point likely is easy to guess. You should change the default, as hackers know the default identifiers and can use them to try to access your network. Change your identifier to something only you know, and remember to configure the same unique identifier into your wireless router and your computer so they can communicate.
- Change default administrative password: Change the wireless router’s default password before you connect it to the Internet.
- Disable remote management: Unless you have a specific need to leave it on, turn off remote management. If you leave it enabled, anyone can get into the route and at that point it is owned.
- Change default Server Set ID (SSID): The SSID sends out a signal to any listening wireless device in the vicinity, announcing its presence. You don’t need to broadcast this information. The SSID is akin to a shared password, a configurable identification that allows clients to communicate with an access point. Only clients with the correct SSID should be able to communicate with the access point. Hackers know the default factory set names of all of the different types of wireless equipment, so you need to change it to something that can’t be easily guessed.
- Turn off SSID broadcast: This is one of the most elementary wireless security requirements. If you allow SSID broadcasts, anyone can connect to your network. Disable the identifier broadcasting mechanism if your wireless router allows it.
- MAC address authentication: You should set up MAC address authentication via access control lists (ACLs) on the access point. Configure the access point so that it only allows clients with specific MAC addresses to access the network, or allow access to only a given number of MAC addresses. MAC address authentication is far from perfect, but it is an added layer of defense.
- Wireless audit: You should perform a regular security audit for rogue access points in your environment. For enterprise networks, this should be done at least quarterly. You don’t need a sophisticated device to do that, but it helps. You can simply walk around with a wireless notebook and sniffer (NetStumbler, Kismet, etc.) to determine if new unauthorized wireless devices have been added to your network. If you find a rogue access point, you can attempt to shut it down.
- Access-point segmentation: For the corporate arena, segment the access point wired portion of your network on to a separate VLAN. This enables you to separate this traffic and, in the event of a breach, minimize the level of access that an attacker has to your network.
- Reception area: The wireless coverage area should be fit to the desired work area. The greater the excessive broadcasting is on the perimeter access points, the greater the risk of attack. Where possible, directional antennas should be used at the perimeter, directing their broadcasting inward. Some access points allow attenuation levels to be set via their Web-based setup utility.
Wireless is insecure, but it does not have to be that way. By making yourself aware of the security risks and deploying the appropriate security controls, you can secure your wireless network and not have to worry about becoming yet another victim of wireless insecurity.
For further investigation of wireless, the risks associated with it and how to guard against them, see our May Security Community Feature on www.certmag.com.
Ben Rothke is senior security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know. He can be reached at editor (at) certmag (dot) com.
Check CertScope to read 232 articles and link to 224 Web sites on “wireless.”