www.ADVISOR.com Home Boomer Advisor DataBased Advisor FileMaker Max Advisor How-To CDs Share Your Advice Buy Subscriptions & CDs Help
My.ADVISOR.com Sign-In
ID
Password

Member Center / Sign-Up
    
SUBSCRIPTION STATUS
If you are a subscriber to this publication, sign-in to access locked articles. To subscribe or renew go to www.AdvisorStore.com.
Go to Article
Search 
Advanced Search Form

Submit your tips and advice
 

ADVISOR VIEW

The Security Implications of Wireless LANs

As if the Internet alone weren't hostile enough, running wireless networks in your office opens a whole new can of worms.

By Ching Tim Meng

Wireless local area network (LAN) technology, more commonly known as IEEE 802.11, is seeing widespread adoption in many companies. Developed by Institute of Electrical and Electronics Engineers (IEEE) in 1990, it was completed and ratified in 1997.

The initial standard, IEEE 802.11b, offers a bandwidth of 11Mbps. Recently, the group approved the IEEE 802.11g standard, which supports a bandwidth of 54Mbps.

The good

This technology solves a lot of network infrastructure problems previously deemed too cumbersome for wired technologies. Using an access point connected to the wired network, anyone with a wireless LAN card can connect to the wired network, as long as the card is within 100 meters of the access point. One logical use for the technology is adding additional users to the wired network without having to lay extra network cables or set up additional switches.

The bad

As the security mantra goes, "Security and convenience are inversely proportional." Accordingly, wireless LAN technology presents major problems for corporate network administrators.

First, if it's easy for a user to access the data flowing within a wired network, it's even easier for him to see that traffic in a wireless environment, as he doesn't have to be physically connected to the network to do so. In this sense, wireless LANs tear down a major barrier to sensitive corporate data: the need for a physical, wired connection.

Second, the encryption method used by 802.11, Wired Equivalent Privacy (WEP), can be easily broken into. In short, wireless networking technology does not have strong security mechanisms built in.

And the really bad ...

Security professionals from the United States, Great Britain, and Australia recently conducted a few experiments involving so-called "war-driving," or "drive-by hacking." They drove around densely populated cities with wireless-enabled laptops to see if they could view wireless data traffic emitting from companies' wireless LANs. In the case of network traffic encrypted with WEP, these professionals were able to use freely available tools to gain access to corporate encryption keys.

What's worrisome is not how easily 802.11 can be broken into, but how it can be abused. Imagine the following scenario.

A disgruntled employee, Tom, with a major corporation recently had his pay cut by 20 percent. He is extremely unhappy, and decides to sabotage the company's computer systems. However, there are certain problems. First, he is not a technically oriented person, and therefore he does not know how to do this himself. Second, the company's network is not connected to the Internet, so attacking from the Web is impossible. Third, the company has strict policies about bringing visitors to the office.

Then Bob, Tom's friend who is an experienced hacker and hacks for financial motivation, tells Tom he can assist in breaking into the company's systems without having to enter the office building. How is Bob able to access Tom's company network? Using wireless networking! The setup is incredibly simple.

To start off, Tom carries a wireless-enabled laptop into his office building. He connects this laptop to his company's network. With Bob coordinating via cell phone from his car, Tom issues commands to connect his laptop to Bob's laptop via wireless card. In this case, Tom's laptop acts as the gateway connecting the company's network to Bob's laptop. From outside the building, Bob can access the network and the sensitive data on it.

To further complicate things, Bob realizes his skills aren't good enough to do any significant damage to the network. But he has a good friend working near Tom's office (less than 100 meters), Charlie, who agrees to invite his hacking buddies to attack Tom's company's network systems from the Internet. Charlie uses his wireless-enabled desktop PC in his nearby office to connect to Tom's laptop, and routes the Internet traffic to Tom's network. With the connection established, any external hackers can access Tom's network.

What you can do

So, how can you prevent this? First, understand that such covert attacks are extremely difficult to detect. The best form of protection is still to ensure your servers are secured at the host level. All patches, access controls, and host attack-detection controls should be in place. If an attacker does get internal network access, at least the servers are still resilient to internal attacks.

Also, for operational purposes, never use wireless networks to transmit sensitive information. Do not connect a wireless network segment to a sensitive wired network segment.

And finally, don't rely on WEP. Instead, consider using virtual private network (VPN) or Internet Protocol Security (IPSec) technologies to supplement 802.11's built-in security.

Wireless networking has yet to reach maturity. Until it does, there are serious security issues you have to address.


Ching Tim Meng, CISSP and CISA, is a senior consultant with Infinitum Security. He specializes in IT and network security consulting. http://www.infinitum.com. chingtm@infinitum.com.

Printer-friendly
page layout

The Security Implications of Wireless LANs

No reader comments ... yet.

    What do YOU think about this topic? Share your advice and thoughts using this form.

    Your Name

    REQUIRED : PUBLIC

    Your E-Mail

    REQUIRED : PRIVATE

    Job, Company

    OPTIONAL : PUBLIC

    City, State, Country

    OPTIONAL : PUBLIC

    Your Web Site

    OPTIONAL : PUBLIC

    Your Comment

    Please help everyone by keeping your comments on-topic, using clean language, and not defaming or making personal attacks.


    Your e-mail address is required, but it will not be displayed to the public or given to anyone. See our Privacy Policy. Comments become visible after they pass our spam filter, and spammers and abusers are permanently blocked. Please report spam or abuse.

    ARTICLE INFO

    Web Edition: 2001.12.10, Doc #09114

    FREE ACCESS FREE ACCESS

    Keyword Tags: 802.11, IT Networking, IT Strategy, Network Management, Networking, Office Technology, Security, Wireless

    MORE ADVISOR

    Advisor on 802.11

    Advisor on IT Networking

    Advisor on IT Strategy

    Advisor on Network Management

    Advisor on Networking

    Advisor on Office Technology

    Advisor on Security

    Advisor on Wireless
    Site Map Advisor Store Privacy Terms of Use Trademarks Advertising About Advisor Media Advisor's San Diego
    ADVISOR NETWORK
    Boomer Advisor | Business Advisor | Business Security Advisor | Caregiver Advisor | Community Advisor | Computer Advisor | DataBased.Advisor.com | Dogs Advisor | Entertainment Advisor | Family Advisor | FileMaker Developer Advisor | FileMaker Max Advisor | Food Advisor | Fun Advisor | Generations Advisor | Health Advisor | HomeLiving Advisor | IBM WebSphere Advisor | Lifestyle Advisor | Money Advisor | Pets Advisor | Recreation Advisor | Retirement Advisor | RV Advisor | Senior Solutions Advisor | Travel Advisor | Work Advisor
    Use of this or any other site, content, product or service of Advisor Media constitutes acceptance of Terms of Use.
    Portions copyright ©1983-2010 Advisor Media, LLC. All Rights Reserved.
    Reuse or reproduction of any portion or quantity of Advisor Media's copyrighted content, in any form, for any purpose, requires written permission.
    ADVISOR®, the ADVISOR logo, and other names and logos that incorporate ADVISOR are registered trademarks, trademarks or service marks of Advisor Media, LLC in the United States and/or other countries.
    Other trademarks are used for identification, editorial or descriptive purposes and are the property of their owners.
    Hosted by Prominic.NET Website powered by
    LOTUS SOFTWARE
    oa MENGC001 posted 2001-12-10 mod 03/15/2010 03:11:27 AM ztdbms/
    domino-144.advisor.com www.advisor.com 03/18/2010 06:07:33 PM