Wireless Security: Attacks and Defenses
In office 411 on the fourth floor of the Herbert L. Smith Plaza, Diane Johnson, an accountant, was eagerly opening a package that had been delivered to her moments ago. She tore open the cardboard box and removed a shiny new 802.11g wireless router from the packaging. The instructions inside read clearly and were easily understandable, even by Diane who was a novice at best when it came to computers and networking. Within an hour she was connected to the company network using her personal laptop computer, which had come equipped with a factory-installed 802.11g antenna. Diane had recently seen a friend use wireless networking at their home and had decided to set up this wireless access point so that she could move about the office easily and still stay connected with the company network, as well as access her important accounting documents from her laptop. Diane was able to accomplish this without shelling out a lot of cash, and without having to learn a lot of networking jargon and skills. As she browsed the Internet in amazement of this intriguing technology, she convinced herself of her technological prowess and smirked at the haughtiness of the folks in her company´s IT department.
Meanwhile, at the Cool Beans Coffee Shop across the street from the Herbert L. Smith Plaza sat a curious and devious individual. Taking a sip from his large double latte, he fired up his laptop computer and watched a myriad of startup command lines appear on his LCD in standard green and black monochrome. Using the antenna plugged into the PCMCIA slot of his computer and a collection of various open-source software programs, he began to scan the area for wireless networks. As the software began listing all of the detected access points in the range of his antenna, one in particular caught his attention. It was broadcasting itself with the name of “linksys” and it was determined by his software that the access point was broadcasting unencrypted data, or packets. From his experience, the man knew instantly that he was dealing with a wireless router that was using a factory configuration. With a few keystrokes, the man began to capture and examine the broadcasted packets from this transmitter, and with much amusement he scanned through numerous pieces of confidential accounting information that were originating from somewhere in the office building across the street.
Security – denial of access to assets for malicious intent. It is the capability to defend against intrusion and to ultimately protect your assets from access and disclosure, change, or destruction. A deeper interest within security is privacy, which is security of sensitive material for eye-only, often information about a person. In the corporate environment another form of privacy is encountered–material of a proprietary nature. This information is of particular importance to an organization because its disclosure could harm competitive advantage or divulge trade secrets.
Security takes three forms: physical, virtual, and data. We encounter physical security in our homes with locks; the same is true in industry. Physical security in the networking arena encompasses the protection of the physical assets, such as access points, wired channels, and the ultimate nodes. For the wireless domain, we don´t think of physical security, we consider the next form, virtual security.
Virtual security is the ability to keep data secure when access is possible without physical access, i.e. access over a network. In wireless domains, this is a particular problem and is the subject of the rest of this paper.
Data security is generally the purpose and result of physical and virtual security, e.g., to deny an authorized persons access to data in transit or storage.
Wireless technology can provide numerous benefits in the business world. By deploying wireless networks, customers, partners, and employees are given the freedom of mobility from within and from outside of the organization. This can help businesses to increase productivity and effectiveness, lower costs and increase scalability, improve relationships with business partners, and attract new customers. Indeed, there are numerous reasons to deploy wireless technology, but like most, it is not without its risks and downfalls.
The previous scenario illustrates just a few simple vulnerabilities that exist within the realm of wireless networking. We saw how confidential accounting data was compromised due to the actions of a well-intentioned employee with a simple lack of knowledge in what she was doing. It could have been much, much worse. Had our mysterious hacker been more proficient, he could have disabled critical software, initiated a denial-of-service attack, erased or destroyed data, or even wiped out the entire network, resulting in the complete stoppage of business functions.
While this may seem like a frightening outcome, there are many different ways to overcome the imperfections native to wireless networking. This paper is designed to help you understand these flaws and to assist you in making your wireless networks a secure and beneficial asset.
The State of the Wireless World
In June of 2004, WorldWide Wardrive 4 reported that an alarming 61.6 percent of all submitted wireless access points were broadcasting data with no encryption enabled. That is, the data (or packets) in being sent by their wireless hardware could be easily viewed by anyone listening in. This could include usernames, passwords, credit card numbers, or other sensitive information. The study also showed that 31.4 percent of the logged access points were using default SSIDs (which makes them easy to find and access) and that 27.5 percent were using no encryption with default SSIDs. The study found that the amount of access points using no encryption decreased by 6.04 percent from the previous year´s endeavor. However, the number of wireless networks broadcasting default SSIDs and which used no encryption and default SSIDs actually increased by 3.57 percent and 2.54 percent, respectively. Even as time passes and awareness increases, there will always be more room for improvement in securing our airwaves.
As time goes by, improvements are being made in wireless standards, but it has yet to be seen whether or not wireless hardware in itself will eventually take care of security flaws. Contrary to beliefs in the IT profession, the recently released 802.11g standard does very little to improve upon the state of wireless network security. It should not be assumed that security problems will take care of themselves; we must familiarize ourselves with the vulnerabilities and the defenses of wireless networking in order to protect our businesses from the possibility of attacks.
What is 802.11?
In this text, when we are discussing wireless security we are referring to 802.11 networks. 802.11, or the Institute of Electrical and Electronic Engineers (IEEE) 802.11, which is a set of standards for radio communications used in wireless local area networks, or WLANs. IEEE is an organization composed of engineers, scientists and students that specialize in creating standards for the computer and electronics industry in order to ensure smooth operability and compatibility. The organization uses a number system to represent the standards it comes up with for different technologies. IEEE uses the number 802 to categorize standards for local and wide area networks, while the number 11 narrows that down to wireless area networks. In our discussions, you will also notice certain letters that appear after the number 11. These letters represent the different versions of the protocol, which specify things such as what frequency they operate in, and bandwidth they employ. These letters can also specify different security methods, as well.
802.11 networks are everywhere. The number of shipped 802.11-enabled hardware devices is estimated to exceed 40 million units by the year 2006 (Vladimirov, Gavrilenko, Mikhailovsky). Because of the popularity of this communications standard and its prevalence in the world of organizational wireless networking, our focus in this text will be primarily on 802.11 WLANs. By familiarizing yourself with the various aspects of the 802.11 standards, you will also be familiarizing yourself with the same technologies that are employed within the business world.
Vulnerabilities and Attack Methods
Human Error – It is understood that an individual with no understanding of networks can easily set up a flawed and vulnerable network. However, some executives need to be aware that even their system administrators could be lacking in their understanding of wireless network implementations. With the broad number of floating, corporate hotspots being found everyday it has be to be assumed that some of those hotspots were put into place by knowledgeable IT staff within those corporations. However, some of those techs missed something. Maybe a manager gave some of his development staff permission to install a wireless router while providing no oversight to the installation. Though developers may know something about software architecture and design, they may or may not know anything about network security.