Secrets in the Air

Computerworld - Even as you read this, some of your corporate gear-heads are installing wireless base stations and network interface cards (NIC) behind your back. They may not know it, but they're essentially broadcasting the message "Here I am" to the world around them.

In that world are hackers like Dr. Who (in the Boston area) and Pete Shipley (in the San Francisco area), who drive around with their own wireless NICs in what's called promiscuous mode. The hackers' NICs are picking up the signals and Media Access Control (MAC) addresses of your company's broadcasting devices and using them to map your network access points. They can then impersonate those MAC addresses to waltz right into the wired network.

"Corporate information is floating through the air, and the company doesn't even realize they're wireless," says Ed Skoudis, vice president of security strategy at Predictive Systems Inc., an IT services firm in New York. "Of your Fortune 100 companies, the vast majority of them have wireless [networks]; they just don't know it yet."

It's too late to outlaw wireless access, because die-hard users will find ways to use it behind your back. But your company can mitigate risk with an effective wireless deployment policy that covers internal, remote and traveling workers.

The Risks

Rogue wireless access points open new avenues for old attacks, says Skoudis, who covers wireless security in his new book, Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses (Prentice Hall, 2001).

Uncontrolled wireless access means attackers can read e-mail, sniff for superuser accounts and passwords, and gain root or administrative access to certain machines. They can also drop in Trojan horses (hidden executable programs) like Back Orifice for remote monitoring and open other back doors into the network.

Wireless access points can also be subverted to launch attacks against other businesses, something that's trivial to do, according to Chris Wysopal, who runs a wireless hacking lab as director of research and development at @Stake Inc., a security services firm in Cambridge, Mass.

A comprehensive user and wireless security policy will help reduce those risks. Start by scanning your networks to find and map access points, the way Shipley and Dr. Who do. You can use your own wireless device to do this (the NICs ship in promiscuous mode), or you can use freeware and commercial wireless scanning tools to help map these access points.

Then start a user awareness campaign, suggests Katherine T. Fithen, senior manager of the cybercrime prevention and response unit at PricewaterhouseCoopers in New York. Tell them why wireless LANs need to be secured and update your user policy to treat wireless access points the same way you do modems.