Securing the Air: Recognizing Risk in Wireless

The benefits of wireless LANs are undeniable, but the risks introduced by them are increasing exponentially. According to In-Stat/MDR, more than 75 million Wi-Fi devices have been deployed worldwide, and another 4 million new WLAN devices are being shipped per month.

Some organizations think their investments in firewalls and virtual private networks will protect them from the risks of WLANs. However, they don't realize that the WLAN signal bypasses all wired-side security and opens a back door for an intruder. Simply banning WLANs isn't an option, either, because most laptops are shipped with built-in wireless cards. If companies were to ban wireless networks, they would need to ban the use of laptops, which is an impractical solution.

The fact is, any wireless device connected to a wired network essentially broadcasts an Ethernet connection and an on-ramp to the entire enterprise network. Unless properly secured and monitored across the global enterprise, these self-deploying, transient wireless devices and networks are dangerous to all organizations. Intruders and hackers will use an unsecured WLAN to break into corporate networks and compromise the integrity of financial data, customer information or even trade secrets. No longer should the security of wireless networks be a peripheral thought.

The difficulties of securing the air

To understand the risk of WLANs, one must first understand the security vulnerabilities of all WLANs. WLANs face all of the security challenges of any wired network. In addition, risks are introduced by the nature of wireless technology.

First, the medium in which a WLAN operates is the air, an uncontrollable space. In addition, wireless devices self-deploy and have the capability to connect to strangers. Due to the growth of WLAN-enabled laptops and the increasingly wireless-friendly Windows XP operating system, laptops in the default setting automatically search for an access point (AP) to connect with. Lastly, wireless devices are transient in the way they connect. If a wireless device picks up a strong signal, it may connect with the new AP even if the AP is the laptop of an intruder in the parking lot.

There are many ways in which WLANs can be compromised.

More than rogue access points

A rogue WLAN has traditionally been thought of as a physical AP unsanctioned by network administrators. Today, rogue WLANs are further defined as laptops, handhelds with wireless cards, bar code scanners, printers, copiers or any WLAN device. These devices have little to no security built in, making it easy for intruders to find an entry point. Rogue APs could be maliciously placed by intruders to hack into a corporation, or they can be innocently deployed by employees for easy wireless access.

Soft APs

While hardware APs have been the focus of security concerns, wireless-enabled laptops are easily configured to function as APs with commonly available freeware such as HostAP or software from PCTel Inc. Known as "soft APs," these laptops are harder to detect than rogue APs and are quite dangerous because they appear as user stations to all wire-side network scans.

Accidental associations

Accidental associations are created when an AP across the street or on adjacent floors of a building bleeds over into another organization's airspace, triggering its wireless devices to connect. Once those devices connect with the neighboring network, the neighbor has access back into the organization. Accidental associations between a station and a neighboring WLAN are now being recognized as a security concern.

Malicious associations

A malicious association is when a company laptop is induced to connect with a malicious device such as a soft AP or laptop. The scenario also exists when a malicious laptop connects with a sanctioned AP. Once the association has been made, a hacker can use the wireless device to attack servers and other systems on the corporate network.

Ad hoc networks

Ad hoc wireless networks, or peer-to-peer networking between two computers without connection to an access point, represent another major concern for WLAN security. These ad hoc networks can be self-deploying or intentional. In addition, such networks have little security in terms of authentication and encryption. Therefore, it's easy for an intruder to connect to innocent users' computers and copy private documents or sensitive information.

What is at risk?

WLANs provide an easy open door to the wired network. Through unintentional associations and ad hoc networks, unsecured wireless networks can be sniffed, acting as a launch pad to the wired network and an organization's corporate backbone.

Once accessed, an unsecured WLAN can compromise the following:

  • Financial data, leading to financial loss
  • Reputation, damaging the efforts spent building the brand
  • Proprietary information, leaking trade secrets or patents
  • Regulatory information, foregoing customer privacy or ignoring government mandates

All of these could have legal ramifications.

It's becoming harder to find a laptop without a built-in wireless access card. And for a mere $50, an employee can purchase and plug a WLAN AP into an Ethernet jack providing a gateway to a wireless network.

As wireless networks become ubiquitous extensions of wired networks, the threat of intruders becomes more pervasive. Organizations need to look beyond local APs and think globally to secure the air across the entire enterprise.

I will address just how to do that in an upcoming article. Stay tuned.

Copyright © 2004 IDG Communications, Inc.

Shop Tech Products at Amazon