Watch Out for Wireless Rogues

Computerworld - Twenty years ago, employees started sneaking PCs into the office, under the radar of mainframe-oriented IT departments.

Now, tens of thousands of unauthorized wireless LAN hardware devices called access points (AP) have popped up in enterprise networks nationwide, according to analysts, vendors and users. The majority of these rogue APs are being brought in through the back door without the IT unit's knowledge. They're installed by employees who crave mobility and don't mind spending $200 or less for a wireless AP.

It's "a classic example of technology bypassing corporate IT," says Dave Bray, director of network technology at ADC Telecommunications Inc. in Eden Prairie, Minn. But the proliferation of unauthorized APs is a far more serious threat than the stand-alone PCs that were brought in 20 years ago, he says.

These industry-standard 802.11b, or Wi-Fi, devices are plugged directly into an enterprise network, often behind a firewall. They transmit sensitive data that can be easily picked up by a snoop using freeware hacking tools and a $99 wireless LAN card while sitting in an office parking lot.

Sophisticated hackers don't even need to be near the premises to pick up a signal. Using long-range antennas—either commercial products or home-brew devices crafted from, say, Pringles potato-chip cans or coffee cans—they can pick up 802.11b signals from 1,000 to 2,000 feet away.

These serious hackers could be exploiting what analysts call "malicious" APs that are secretly installed in an Ethernet network by people who have easy access to property, such as maintenance personnel. Thor Sigvaldson, director of the advanced technology group at PwC Consulting in New York, says it's an easy form of industrial espionage. "You just stick one [wireless AP] into a network. It doesn't even need maintenance," he says.

Sigvaldson estimates that any U.S. enterprise, branch office, plant or store with more than 50 employees probably has one or more rogue APs.

Bray says IT managers should adopt policies that welcome the wireless LAN technology but protect networks at the same time.

"We don't want to inhibit the technology, but we do want it installed in a secure fashion," he says. "We now have a policy against installing wireless LANs without corporate IT approval."

IT managers also have to engage in a time-consuming wireless AP "discovery process" to hunt down unauthorized installations, says Bray.

ADC initially sent staffers to walk around the company's 100-plus facilities worldwide with wireless LAN-equipped laptops and "sniffer" software to detect rogue APs. The staffers found an unspecified number of rogue APs in manufacturing facilities, but none in office operations, Bray says.

Vendors take various approaches to automating this process. AirDefense Inc. in Alpharetta, Ga., provides a suite of tools that make it easy to pinpoint the electronic signatures of the majority of wireless LAN APs and access cards on the market. The AirDefense tool set includes sniffers that can detect 802.11b transmissions, so that signatures of unknown APs can be compared to a database of authorized gear.

Finisar Corp. in Sunnyvale, Calif., recently introduced a wireless LAN spectrum analyzer that can help pinpoint unauthorized APs. IBM last month introduced the Distributed Wireless Security Auditor, which uses authorized wireless clients as sensors to detect rogue APs .

The Sniffer, from Network Associates Inc. in Santa Clara, Calif., can analyze either the wireless or wired side of the network in
order to pinpoint Rogue devices and measure activities the rogue devices are being used for.

Securing wireless LANs against rogue APs and hackers can be costly, says Chris Kozup, an analyst at Meta Group Inc. in Stamford, Conn.

"The cost of truly securing a wireless LAN will run anywhere from 10% to 100% of the hardware cost," Kozup says. "Once we walk customers through this, they sometimes decide wireless is too expensive."

EXCLUSIVE COMPUTERWORLD SURVEY

Secrets in the Air A survey of 159 IT professionals finds that almost half of them aren't confident that all of their wireless LAN access points are secured. And 30% have found rogue APs. Are you confident that any and all wireless LAN APs in your organization have been identified and secured? Do you have a written policy against employees installing their own wireless LAN networking gear (without IT department involvement)? Have you identified any rogue wireless APs in your organization? Do you "sniff" or monitor your corporate premises to determine the existence of rogue wireless APs? Base: 159 IT professionals familiar with wireless LANs. Survey was conducted June 4-21 on Computerworld.com.