Skip the navigation

Secrets in the Air

By Deborah Radcliff
September 17, 2001 12:00 PM ET

Computerworld - Even as you read this, some of your corporate gear-heads are installing wireless base stations and network interface cards (NIC) behind your back. They may not know it, but they're essentially broadcasting the message "Here I am" to the world around them.


In that world are hackers like Dr. Who (in the Boston area) and Pete Shipley (in the San Francisco area), who drive around with their own wireless NICs in what's called promiscuous mode. The hackers' NICs are picking up the signals and Media Access Control (MAC) addresses of your company's broadcasting devices and using them to map your network access points. They can then impersonate those MAC addresses to waltz right into the wired network.


"Corporate information is floating through the air, and the company doesn't even realize they're wireless," says Ed Skoudis, vice president of security strategy at Predictive Systems Inc., an IT services firm in New York. "Of your Fortune 100 companies, the vast majority of them have wireless [networks]; they just don't know it yet."


It's too late to outlaw wireless access, because die-hard users will find ways to use it behind your back. But your company can mitigate risk with an effective wireless deployment policy that covers internal, remote and traveling workers.


The Risks


Rogue wireless access points open new avenues for old attacks, says Skoudis, who covers wireless security in his new book, Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses (Prentice Hall, 2001).


Uncontrolled wireless access means attackers can read e-mail, sniff for superuser accounts and passwords, and gain root or administrative access to certain machines. They can also drop in Trojan horses (hidden executable programs) like Back Orifice for remote monitoring and open other back doors into the network.


Wireless access points can also be subverted to launch attacks against other businesses, something that's trivial to do, according to Chris Wysopal, who runs a wireless hacking lab as director of research and development at @Stake Inc., a security services firm in Cambridge, Mass.


A comprehensive user and wireless security policy will help reduce those risks. Start by scanning your networks to find and map access points, the way Shipley and Dr. Who do. You can use your own wireless device to do this (the NICs ship in promiscuous mode), or you can use freeware and commercial wireless scanning tools to help map these access points.


Then start a user awareness campaign, suggests Katherine T. Fithen, senior manager of the cybercrime prevention and response unit at PricewaterhouseCoopers in New York. Tell them why wireless LANs need to be secured and update your user policy to treat wireless access points the same way you do modems.



Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Mobile and Wireless White Papers
Digital Transformation: Creating New Business Models Where Digital Meets Physical
Individuals and businesses alike are embracing the digital revolution. Social networks and digital devices are being used to engage government, businesses and civil...
Empowering Your Mobile Worker
Today's most productive employees are mobile, and your company's IT strategy must be ready to support them with 24/7 access to the business...
An Interactive Guide: Bring Your Own Device
BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets....
Calculating ROI for Mobile Client Acceleration
As mobile devices continue to expand in business use, ensuring these devices have optimal performance is becoming an IT imperative. This EMA paper...
Tablet Computing Without Compromise
This paper provides an overview of how and why that migration-from any old tablet to Windows tablets-came to be.
All Mobile and Wireless White Papers
Mobile and Wireless Webcasts
Live Webcast
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Supporting Mobile Productivity With A Limited IT Budget
Join us and hear from Kaseya mobile IT management experts as we discuss core strategies for supporting the mobile revolution on a shoestring...
North Pole to South Seas: Overcoming the Pitfalls of remote Performance
In today's always-on world, connectivity is a business requirement. You need the tools that allow you to operate as if you were on...
Unified Communications 101
What's the best way to implement a unified communications solution for your organization?
QNX® and BlackBerry® PlayBook™ Tablet.
RIM's multi-processor, multi-tasking BlackBerry PlayBook runs a new Tablet OS powered by QNX, a bullet-proof microkernel operating system. This track will take a...
A Close Look at Tablets
Learn More
All Mobile and Wireless Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs