| This document explains topics relating to
| |
| | said that, "at least 20 percent of
|
| wireless networks. The main topics
| |
| | enterprises already have rouge access
|
| discussed include, what type of
| |
| | points." Another type of attack would be
|
| vulnerabilities exist today in 802.11
| |
| | if, someone from outside the
|
| networks and ways that you can help
| |
| | organization, enters into the workplace
|
| prevent these vulnerabilities from
| |
| | and adds an Access Point by means of
|
| happening. Wireless networks have not
| |
| | Social Engineering.
|
| been around for many years. Federal
| |
| | Insecure Network Configurations- Many
|
| Express has been using a type of wireless
| |
| | companies think that if they are using a
|
| networks, common to the 802.11 networks
| |
| | firewall or a technology such as VPN,
|
| used today, but the general public has
| |
| | they are automatically secure. This is
|
| recently just started to use wireless
| |
| | not necessarily true because all security
|
| networking technology. Because of weak
| |
| | holes, big and small, can be exploited.
|
| security that exists in wireless
| |
| | Also if devices and technologies, such as
|
| networks, companies such as Best Buy have
| |
| | VPNs, firewalls or routers, are
|
| decided to postpone the roll-out of
| |
| | mis-configured, the network can be
|
| wireless technology. The United States
| |
| | compromised.
|
| Government has done likewise and is
| |
| | Accidental Associations - This can happen
|
| suspending the use of wireless until a
| |
| | if a wireless network is setup using the
|
| more universal, secure solution is
| |
| | same SSID as your network and within
|
| available.
| |
| | range of your wireless device. You may
|
| Background
| |
| | accidentally associate with their network
|
| What is Wireless?
| |
| | without your knowledge. Connecting to
|
| Wireless LANs or Wi-Fi is a technology
| |
| | another wireless LAN can divulge
|
| used to connect computers and devices
| |
| | passwords or sensitive document to anyone
|
| together. Wireless LANs give persons more
| |
| | on the neighboring network. Wireless LAN
|
| mobility and flexibility by allowing
| |
| | Security - What Hackers Know That You
|
| workers to stay connected to the Internet
| |
| | Don't Copyright 2002
|
| and to the network as they roam from one
| |
| | Social Engineering - Social Engineering
|
| coverage area to another. This increases
| |
| | is one of the most effective and scariest
|
| efficiency by allowing data to be entered
| |
| | types of attacks that can be done. This
|
| and accessed on site.
| |
| | type of attack really scares me and can
|
| Besides being very simple to install,
| |
| | be done for many other purposes besides
|
| WLANs are easy to understand and use.
| |
| | compromising security in wireless
|
| With few exceptions, everything to do
| |
| | networks. A scenario: Someone dressed up
|
| with wired LANs applies to wireless LANs.
| |
| | as a support person from Cisco enters the
|
| They function like, and are commonly
| |
| | workplace. The secretary sees his fake
|
| connected to, wired Ethernet networks.
| |
| | credentials and lets him get pass the
|
| The Wireless Ethernet Compatibility
| |
| | front desk. The impersonator walks from
|
| Alliance [WECA] is the industry
| |
| | cubicle to cubicle, collecting user names
|
| organization that certifies 802.11
| |
| | and passwords as he/she goes. After
|
| products that are deemed to meet a base
| |
| | finding a hidden corner, which seems to
|
| standard of interoperability. The first
| |
| | be lightly traveled, he plugs an insecure
|
| family of products to be certified by
| |
| | Access Point into the network. At the
|
| WECA is that based on the 802.11b
| |
| | same time he configures the Access Point
|
| standard. This set of products is what we
| |
| | to not broadcast its SSID and modifies a
|
| will be studying. Also more standards
| |
| | few other settings to make it hard for
|
| exist such as 802.11a and 802.11g.
| |
| | the IT department to find this Rouge
|
| The original 802.11 standard was
| |
| | Access Point. He then leaves without ever
|
| published in 1999 and provides for data
| |
| | being questioned by anyone because it
|
| rates at up to 2 Mbps at 2.4 GHz, using
| |
| | looks like he just fits in. Now, all he
|
| either FHSS or DSSS. Since that time many
| |
| | has to do is be within 300 feet from the
|
| task groups have been formed to create
| |
| | access point, (more if he added an
|
| supplements and enhancements to the
| |
| | antenna), and now has access to all kinds
|
| original 802.11 standard.
| |
| | of secure documents and data. This can be
|
| The 802.11b TG created a supplement to
| |
| | a devastating blow to any corporation and
|
| the original 802.11 standard, called
| |
| | could eventually lead to bankruptcy if
|
| 802.11b, which has become the industry
| |
| | the secrets of the company were revealed
|
| standard for WLANs. It uses DSSS and
| |
| | to competitors.
|
| provides data rates up to 11 Mbps at 2.4
| |
| | Bruce Schneier came to my classroom and
|
| Ghz. 802.11b will eventually be replaced
| |
| | said the following about Social
|
| by standards which have better QoS
| |
| | Engineering, "Someone is just trying to
|
| features, and better security.
| |
| | do their job, and be nice. Someone takes
|
| Network Topology
| |
| | advantage of that by targeting this human
|
| There are two main topologies in wireless
| |
| | nature. Social Engineering is
|
| networks which can be configured:
| |
| | unsolvable."
|
| Peer-to-peer (ad hoc mode) - This
| |
| | Securing Wireless Networks
|
| configuration is identical to its wired
| |
| | According to Bruce Schneier and others
|
| counterpart, except without the wires.
| |
| | such as Kevin Mitnick, you can never have
|
| Two or more devices can talk to each
| |
| | a totally secure computing environment.
|
| other without an AP.
| |
| | What is often suggested is to try and
|
| Client/Server (infrastructure networking)
| |
| | control the damage which can be done if
|
| - This configuration is identical to its
| |
| | security is breached. One can try many
|
| wired counterpart, except without the
| |
| | different tools on the market which can
|
| wires. This is the most common wireless
| |
| | help prevent security breaches.
|
| network used today, and what most of the
| |
| | WEP - WEP supports both 64 and 128-bit
|
| concepts in this paper apply to.
| |
| | keys. Both are vulnerable, however,
|
| Benefits of Wireless LANs
| |
| | because the initialization vector is only
|
| WLANs can be used to replace wired LANs,
| |
| | 24-bits long in each case. Its RC4
|
| or as an extension of a wired
| |
| | algorithm, which is used securely in
|
| infrastructure. It costs far less to
| |
| | other implementations, such as SSL, is
|
| deploy a wireless LAN than to deploy a
| |
| | quite vulnerable in WEP. Wireless
|
| wired one. A major cost of installing and
| |
| | Insecurities By Dale Gardner. Different
|
| modifying a wired network is the expense
| |
| | tools exist to break WEP keys, including
|
| to run network and power cables, all in
| |
| | AirSnort, which can be found at Although
|
| accordance with local building codes.
| |
| | this method is not a secure solution, it
|
| Example of additional applications where
| |
| | can be used to help slowdown an attacker
|
| the decision to deploy WLANs include:
| |
| | if other means are not possible
|
| Additions or moves of computers.
| |
| | financially or otherwise.
|
| Installation of temporary networks
| |
| | VPN and IPSec- IPSec VPNs let companies
|
| Installation of hard-to-wire locations
| |
| | connect remote offices or wireless
|
| Wireless LANs give you more mobility and
| |
| | connections using the public Internet
|
| flexibility by allowing you to stay
| |
| | rather than expensive leased lines or a
|
| connected to the Internet and to the
| |
| | managed data service. Encryption and
|
| network as you roam.
| |
| | authentication systems protect the data
|
| Cons of Wireless LANs
| |
| | as it crosses the public network, so
|
| Wireless LANs are a relatively new
| |
| | companies don't have to sacrifice data
|
| technology which has only been around
| |
| | privacy and integrity for lower costs. A
|
| since 1999. With any new technology,
| |
| | lot of VPN's exist on the market today.
|
| standards are always improving, but in
| |
| | An important note about VPNs is,
|
| the beginning are unreliable and
| |
| | interoperability does not really exist,
|
| insecure. Wired networks send traffic
| |
| | and whatever you use for your server has
|
| over a dedicated line that is physically
| |
| | to be the same brand as your clients most
|
| private; WLANs send their traffic over
| |
| | of the time. Some VPNs include:
|
| shared space, airwaves. This introduces
| |
| | Borderware
|
| interference from other traffic and the
| |
| | BroadConnex Networks
|
| need for additional security. Besides
| |
| | CheckPoint
|
| interference from other wireless LAN
| |
| | Cisco
|
| devices, the 2.4 GHz is also used by
| |
| | Computer Associates
|
| cordless phones and microwaves.
| |
| | DMZ - Adding this to your network enables
|
| Security Issues of WLANs
| |
| | you to put your wireless network on an
|
| War-driving
| |
| | untrusted segment of your network.
|
| War-driving is a process in which an
| |
| | Firewalls - Firewalls are all over the
|
| individual uses a wireless device such as
| |
| | place. Firewalls range from hardware to
|
| a laptop or PDA to drive around looking
| |
| | software versions. By adding a firewall
|
| for wireless networks. Some people do
| |
| | between the wireless network and wired
|
| this as a hobby and map out different
| |
| | network helps prevent hackers from
|
| wireless networks which they find. Other
| |
| | accessing your wired network. This paper
|
| people, who can be considered hackers,
| |
| | doesn't go into specifics about different
|
| will look for wireless networks and then
| |
| | firewalls and how to set them up, but
|
| break into the networks. If a wireless is
| |
| | there are many. Some of the firewalls
|
| not secure, it can be fairly easy to
| |
| | include:
|
| break into the network and obtain
| |
| | - ZoneAlarm (an inexpensive based
|
| confidential information. Even with
| |
| | software firewall) - Symantec has many
|
| security, hackers can break the security
| |
| | different firewalls depending what you
|
| and hack. One of the most prevalent tools
| |
| | require.
|
| used on PDAs and Microsoft windows
| |
| | PKI - Public-key infrastructure (PKI) is
|
| devices is, Network Stumbler, which can
| |
| | the combination of software, encryption
|
| be downloaded at Equipped with the
| |
| | technologies, and services that enables
|
| software and device, a person can map out
| |
| | enterprises to protect the security of
|
| wireless access points if a GPS unit is
| |
| | their communications and business
|
| attached. Adding an antenna to the
| |
| | transactions on the Internet. What is
|
| wireless card increases the capabilities
| |
| | PKI?
|
| of Wi-Fi. More information can be found
| |
| | Site Surveys - Site Surveys involve using
|
| at: and to name a few.
| |
| | a software package and a wireless device
|
| War-chalking
| |
| | to probe your network for Access Points
|
| War-chalking is a method of marking
| |
| | and security risks.
|
| wireless networks by using chalk most
| |
| | Proactive Approaches
|
| commonly. War-driving is usually the
| |
| | Since wireless technology is insecure,
|
| method used to search for networks, and
| |
| | companies or anyone can take a proactive
|
| then the person will mark the network
| |
| | approach to try and identify hackers
|
| with chalk that gives information about
| |
| | trying to gain access via wireless
|
| the network. Some of the information
| |
| | networks.
|
| would include, what the network name is,
| |
| | Honeypots - are fake networks setup to
|
| whether the network has security, and
| |
| | try and lure in hackers. This enables
|
| possibly the contact information of who
| |
| | administrators to find out more about
|
| owns the network. If your wireless
| |
| | what type of techniques hackers are using
|
| network is War-chalked and you don't
| |
| | to gain access. One product is Mantrap
|
| realize it, your network can be used and
| |
| | created by Symantec.
|
| or broken into faster, because of
| |
| | "ManTrap has the unique ability to detect
|
| information shown about your network.
| |
| | both host- and network-based attacks,
|
| Eavesdropping & Espionage
| |
| | providing hybrid detection in a single
|
| Because wireless communication is
| |
| | solution. No matter how an internal or
|
| broadcast over radio waves, eavesdroppers
| |
| | external attacker tries to compromise the
|
| who just listen over the airwaves can
| |
| | system, Symantec ManTrap's decoy sensors
|
| easily pick up unencrypted messages.
| |
| | will deliver holistic detection and
|
| These intruders put businesses at risk of
| |
| | response and provide detailed information
|
| exposing sensitive information to
| |
| | through its system of data collection
|
| corporate espionage. Wireless LAN
| |
| | modules."
|
| Security - What Hackers Know That You
| |
| | Intrusion Detection - Intrusion Detection
|
| Don't Copyright 2002
| |
| | is software that monitors traffic on the
|
| Internal Vulnerabilities
| |
| | network. It sounds out a warning if a
|
| Within an organization network security
| |
| | hacker it trying to access the network.
|
| can be compromised by ways such as, Rouge
| |
| | One such free product is Snort.
|
| WLANs (or Rouge Aps), Insecure Network
| |
| | "Before we proceed, there are a few basic
|
| Configuration, and Accidental
| |
| | concepts you should understand about
|
| Associations to name a few.
| |
| | Snort. There are three main modes in
|
| Rouge Access Points - An employee of an
| |
| | which Snort can be configured: sniffer,
|
| organization might hook up an access
| |
| | packet logger, and network intrusion
|
| point without the permission or even
| |
| | detection system. Sniffer mode simply
|
| knowledge of IT. This is simple to do,
| |
| | reads the packets off of the network and
|
| all a person has to do is plug an Access
| |
| | displays them for you in a continuous
|
| point or wireless router into an existing
| |
| | stream on the console. Packet logger mode
|
| live LAN jack and they are on the
| |
| | logs the packets to the disk.
|
| network. One statistic in 2001 by Gartner
| |
| |
|
