What to watch out for with Wi-Fi

January 26, 2006 (Computerworld) Wi-Fi networks use short-range radio frequencies to communicate between devices, eliminating the necessity for running cable. While operating without wires is an advantage, users and IT personnel need to be aware that Wi-Fi networks do not recognize walls as barriers. The challenge is that Wi-Fi networks extend outside of approved areas, leaving users with leaky Wi-Fi and in the position where someone else's Wi-Fi network may be present and beckoning.
Wi-Fi technology creates many opportunities for malicious hackers to compromise systems and gain access to private data. In addition, the most common safeguards to securing 802.11 wireless LANs -- authentication, encryption and virtual private networks (VPN) -- are insufficient.
Like a grass hut, WLANs have doorways that close, but the structure remains porous. In the same way that sunlight leaks into a grass hut, Wi-Fi signals leak into and out of a company, building, campus or military base. The door on the hut is akin to the complex encryption, authentication and VPN layers designed to keep wireless networks safe. However, strengthening the "steel door" will not minimize the hut's remaining weak defense. While enterprise security professionals are concerned with outsiders breaking in, Wi-Fi networks heighten this concern with outside networks that overlap physical space.
Security is fundamentally about assumptions, and the problem with Wi-Fi is that assumptions change. There is a threat of exposed data in the air in the 300-to-500-foot radius around all laptops and access points. Because hackers can "spoof" a Media Access Control address and remain anonymous, it's almost impossible to block them at the so-called steel door. In addition, Wi-Fi attackers can deploy their own networks into an office by using their access points to attack laptops and systems. And they don't even need to be in the building.
What can be done to stop Wi-Fi attackers? First, look at the genesis of attacks. The majority of these attacks fall into one of these categories: to crack, to compromise and to circumvent the existing wireless security. In this piece, we will examine these attacks and provide best practices to safeguard WLANs.
Cracking the code
"Cracks" are the most direct attacks on encryption algorithms and have been particularly successful within the Wi-Fi environment. A Wi-Fi attacker can sit outside of his target in a parking lot or across the street and unassumingly engage in active or passive attacks while trying to crack an organization's encryption.
In the 1990s, when Secure Sockets Layer (SSL) was introduced, hackers attacked it, not by going after the underlying encryption algorithm, but through random number generators. It was hard to break SSL, but because SSL was built on top of random number generation, attackers could guess for access. Similarly with other encryption standards, there will be flaws in the implementation, and it's a matter of time before attackers find and infiltrate WLANs.
Compromising security virtues
With more vulnerabilities present than in the wired world, Wi-Fi networks are ripe for attacks based on compromised security and the anonymous nature of the attack. Attackers target parts of the WLAN system where minimal security has been deployed using strategies such as the following:

• Social engineering: Calling employees while posing as members of a security team to obtain credentials/protocols


• Stealing laptops


• Conducting malicious compromises: Disgruntled or disenfranchised employees create vulnerabilities for an attacker.

Circumventing the security traps
The most dangerous threat is when attackers circumvent existing security mechanisms. Attackers can create new, unfortified holes to trick wireless devices, such as laptops, to connect to them instead of approved, secured systems. To mitigate this risk, many organizations have adopted a "no wireless allowed" policy. However, even with regular internal checks to ensure that no unauthorized access points are present, an attacker can successfully trap enterprise devices from the outside.
Common device attacks include the following:

• Man-in-the-middle attack: Attackers inject an unapproved access point and have it associate with a legitimate access point to uncover and exploit exchanged credentials.


• Phishing attack: Attackers provide Web pages that look legitimate and that request users to enter valid credentials, which are then harvested and used by the attacker.


• "Evil twin" attack: Attackers deploy access points that look identical to legitimate ones to bait unsuspecting devices. Users unwittingly uses the evil twin access point where the attacker can steal credentials, read files or plant malicious code that uploads the next time the device connects to the legitimate network.

Summary
Securing Wi-Fi networks can be challenging for any organization -- whether a WLAN deployment is planned in strategic incremental steps or even when an organization works to enforce a "no Wi-Fi" policy to protect wired-side networks. There are far too many variables and assumptions that creep into the Wi-Fi security picture and make it increasingly difficult to lock down.
Because of the wireless activity that penetrates a physical space from neighbors and/or attackers, all organizations have a Wi-Fi network, whether it's approved or not. Perimeter-level security puts walls back up between a wireless infrastructure and the external world, preventing outsiders from communicating with internal systems and insiders from communicating with external systems.
Enterprises should investigate systems and best practices that provide them with the equivalent of stretching the security of the steel door across the entire grass-hut structure. Attackers will continue to exploit weaknesses in wireless infrastructure to gain access to systems by way of Wi-Fi signals that transmit beyond an organization's perimeter. A protected enterprise can visualize Wi-Fi activity, including where devices are and what they are connecting with in real-time. The result is a comprehensive overview that allows IT professionals to manage their organization's security in a new, more efficient and more effective way.
Matthew Gray is chief technical officer at Newbury Networks Inc., a supplier of location-enabled networks in Boston.