Security Risks and Ways to Decrease Vulnerabilities in a 802.11b Wireless Environment

Introduction

This document explains topics relating to wireless networks. The main topics discussed include, what type of vulnerabilities exist today in 802.11 networks and ways that you can help prevent these vulnerabilities from happening. Wireless networks have not been around for many years. Federal Express has been using a type of wireless networks, common to the 802.11 networks used today, but the general public has recently just started to use wireless networking technology. Because of weak security that exists in wireless networks, companies such as Best Buy have decided to postpone the roll-out of wireless technology. The United States Government has done likewise and is suspending the use of wireless until a more universal, secure solution is available.

Background

What is Wireless?

Wireless LANs or Wi-Fi is a technology used to connect computers and devices together. Wireless LANs give persons more mobility and flexibility by allowing workers to stay connected to the Internet and to the network as they roam from one coverage area to another. This increases efficiency by allowing data to be entered and accessed on site.

Besides being very simple to install, WLANs are easy to understand and use. With few exceptions, everything to do with wired LANs applies to wireless LANs. They function like, and are commonly connected to, wired Ethernet networks.

The Wireless Ethernet Compatibility Alliance [WECA] is the industry organization that certifies 802.11 products that are deemed to meet a base standard of interoperability. The first family of products to be certified by WECA is that based on the 802.11b standard. This set of products is what we will be studying. Also more standards exist such as 802.11a and 802.11g.

The original 802.11 standard was published in 1999 and provides for data rates at up to 2 Mbps at 2.4 GHz, using either FHSS or DSSS. Since that time many task groups have been formed to create supplements and enhancements to the original 802.11 standard.

The 802.11b TG created a supplement to the original 802.11 standard, called 802.11b, which has become the industry standard for WLANs. It uses DSSS and provides data rates up to 11 Mbps at 2.4 Ghz. 802.11b will eventually be replaced by standards which have better QoS features, and better security.

Network Topology

There are two main topologies in wireless networks which can be configured:

Peer-to-peer (ad hoc mode) ? This configuration is identical to its wired counterpart, except without the wires. Two or more devices can talk to each other without an AP.

Client/Server (infrastructure networking) ? This configuration is identical to its wired counterpart, except without the wires. This is the most common wireless network used today, and what most of the concepts in this paper apply to.

Benefits of Wireless LANs

• WLANs can be used to replace wired LANs, or as an extension of a wired infrastructure. It costs far less to deploy a wireless LAN than to deploy a wired one. A major cost of installing and modifying a wired network is the expense to run network and power cables, all in accordance with local building codes. Example of additional applications where the decision to deploy WLANs include:

• Additions or moves of computers.

• Installation of temporary networks

• Installation of hard-to-wire locations

Wireless LANs give you more mobility and flexibility by allowing you to stay connected to the Internet and to the network as you roam.

Cons of Wireless LANs

Wireless LANs are a relatively new technology which has only been around since 1999. With any new technology, standards are always improving, but in the beginning are unreliable and insecure. Wired networks send traffic over a dedicated line that is physically private; WLANs send their traffic over shared space, airwaves. This introduces interference from other traffic and the need for additional security. Besides interference from other wireless LAN devices, the 2.4 GHz is also used by cordless phones and microwaves.

Security Issues of WLANs

• War-driving

  
  War-driving is a process in which an individual uses a wireless device such as a laptop or PDA to drive around looking for wireless networks. Some people do this as a hobby and map out different wireless networks which they find. Other people, who can be considered hackers, will look for wireless networks and then break into the networks. If a wireless is not secure, it can be fairly easy to break into the network and obtain confidential information. Even with security, hackers can break the security and hack. One of the most prevalent tools used on PDAs and Microsoft windows devices is, Network Stumbler, which can be downloaded at http://www.netstumbler.com. Equipped with the software and device, a person can map out wireless access points if a GPS unit is attached. Adding an antenna to the wireless card increases the capabilities of Wi-Fi. More information can be found at: http://www.wardriving.info and http://www.wardriving.com to name a few.

• War-chalking

  
  War-chalking is a method of marking wireless networks by using chalk most commonly. War-driving is usually the method used to search for networks, and then the person will mark the network with chalk that gives information about the network. Some of the information would include, what the network name is, whether the network has security, and possibly the contact information of who owns the network. If your wireless network is War-chalked and you don't realize it, your network can be used and/or broken into faster, because of information shown about your network.

Eavesdropping & Espionage

Because wireless communication is broadcast over radio waves, eavesdroppers who just listen over the airwaves can easily pick up unencrypted messages. These intruders put businesses at risk of exposing sensitive information to corporate espionage. Wireless LAN Security ? What Hackers Know That You Don't www.airdefense.net Copyright 2002

Internal Vulnerabilities

Within an organization network security can be compromised by ways such as, Rouge WLANs (or Rouge Aps), Insecure Network Configuration, and Accidental Associations to name a few.

Rouge Access Points ? An employee of an organization might hook up an access point without the permission or even knowledge of IT. This is simple to do, all a person has to do is plug an Access point or wireless router into an existing live LAN jack and they are on the network. One statistic in 2001 by Gartner said that, "at least 20 percent of enterprises already have rouge access points." Another type of attack would be if, someone from outside the organization, enters into the workplace and adds an Access Point by means of Social Engineering.

Insecure Network Configurations- Many companies think that if they are using a firewall or a technology such as VPN, they are automatically secure. This is not necessarily true because all security holes, big and small, can be exploited. Also if devices and technologies, such as VPNs, firewalls or routers, are mis-configured, the network can be compromised.

Accidental Associations ? This can happen if a wireless network is setup using the same SSID as your network and within range of your wireless device. You may accidentally associate with their network without your knowledge. Connecting to another wireless LAN can divulge passwords or sensitive document to anyone on the neighboring network. Wireless LAN Security ? What Hackers Know That You Don't www.airdefense.net Copyright 2002

Social Engineering ? Social Engineering is one of the most effective and scariest types of attacks that can be done. This type of attack really scares me and can be done for many other purposes besides compromising security in wireless networks. A scenario: Someone dressed up as a support person from Cisco enters the workplace. The secretary sees his fake credentials and lets him get pass the front desk. The impersonator walks from cubicle to cubicle, collecting user names and passwords as he/she goes. After finding a hidden corner, which seems to be lightly traveled, he plugs an insecure Access Point into the network. At the same time he configures the Access Point to not broadcast its SSID and modifies a few other settings to make it hard for the IT department to find this Rouge Access Point. He then leaves without ever being questioned by anyone because it looks like he just fits in. Now, all he has to do is be within 300 feet from the access point, (more if he added an antenna), and now has access to all kinds of secure documents and data. This can be a devastating blow to any corporation and could eventually lead to bankruptcy if the secrets of the company were revealed to competitors.

Bruce Schneier came to my classroom and said the following about Social Engineering, "Someone is just trying to do their job, and be nice. Someone takes advantage of that by targeting this human nature. Social Engineering is unsolvable."

Securing Wireless Networks

According to Bruce Schneier and others such as Kevin Mitnick, you can never have a totally secure computing environment. What is often suggested is to try and control the damage which can be done if security is breached. One can try many different tools on the market which can help prevent security breaches.

WEP ? WEP supports both 64 and 128-bit keys. Both are vulnerable, however, because the initialization vector is only 24-bits long in each case. Its RC4 algorithm, which is used securely in other implementations, such as SSL, is quite vulnerable in WEP. Http://www.infosecuritymag.com/2002/jan/cover.shtml Wireless Insecurities By Dale Gardner. Different tools exist to break WEP keys, including AirSnort, which can be found at www.airsnort.net. Although this method is not a secure solution, it can be used to help slowdown an attacker if other means are not possible financially or otherwise.

VPN and IPSec- IPSec VPNs let companies connect remote offices or wireless connections using the public Internet rather than expensive leased lines or a managed data service. Encryption and authentication systems protect the data as it crosses the public network, so companies don't have to sacrifice data privacy and integrity for lower costs. A lot of VPN's exist on the market today. An important note about VPNs is, interoperability does not really exist, and whatever you use for your server has to be the same brand as your clients most of the time. Some VPNs include:

• Borderware

• BroadConnex Networks

• CheckPoint

• Cisco

• Computer Associates

DMZ ? Adding this to your network enables you to put your wireless network on an untrusted segment of your network.

Firewalls ? Firewalls are all over the place. Firewalls range from hardware to software versions. By adding a firewall between the wireless network and wired network helps prevent hackers from accessing your wired network. This paper doesn't go into specifics about different firewalls and how to set them up, but there are many. Some of the firewalls include:

• ZoneAlarm (an inexpensive based software firewall) Zonelabs.com

• Symantec has many different firewalls depending what you require.

PKI - Public-key infrastructure (PKI) is the combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on the Internet. What is PKI? http://verisign.netscape.com/security/pki/understanding.html

Site Surveys ? Site Surveys involve using a software package and a wireless device to probe your network for Access Points and security risks.

Proactive Approaches

Since wireless technology is insecure, companies or anyone can take a proactive approach to try and identify hackers trying to gain access via wireless networks.

Honeypots ? are fake networks setup to try and lure in hackers. This enables administrators to find out more about what type of techniques hackers are using to gain access. One product is Mantrap created by Symantec.

"ManTrap has the unique ability to detect both host- and network-based attacks, providing hybrid detection in a single solution. No matter how an internal or external attacker tries to compromise the system, Symantec ManTrap's decoy sensors will deliver holistic detection and response and provide detailed information through its system of data collection modules."

http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157

I ntrusion Detection ? Intrusion Detection is software that monitors traffic on the network. It sounds out a warning if a hacker it trying to access the network. One such free product is Snort.

"Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees." http://www.snort.org/docs/writing_rules/chap1.html#tth_chAp1

Network Monitoring- Network Monitoring would be products such as snort that monitor the flow of traffic over the network.

Quick tips and tricks

• When setting up wireless networks and access points there are a few quick steps that can be taken to immediately secure the network, even though it does not make it secure. Some of these ways include:

• Change your default SSID: each router or access point comes with a default SSID. By changing this it can take longer for an attacker to know what type of device he is trying to hack.

• Change the default password ? generic default passwords are assigned to access points and routers. Sometimes the password is admin. By changing this password, the attacker cannot modify settings on your router as easily.

• Disable broadcasting SSID: By default AP's broadcast their SSIDs, if you shutoff this setting it is harder for outsiders to find your AP.

• Enable MAC filtering: WARNING: this can only work in smaller environments where a centralized access list does not need to be maintained. You can enable only specific wireless cards to access the AP by only enabling those MAC addresses.

• Turn off shares: If security is important, scanning for shares and turning off the shares on the network can help. Also encrypting sensitive data can prevent hackers from accessing the data.

• Put your wireless access points in a hard to find and reach spot.

• Keep your drivers on all wireless equipment updated. This helps patch existing security vulnerabilities.

• Read current press releases about emerging wireless news.

About The Author

Richard J Johnson

Network+ Certified

RJ Computer Consulting

http://rjcomputerconsulting.com

Richard@johnsorichard.com

---

Google News Updated : Sun, 20 Jul 2008 00:45:55 GMT Growth ahead for more diversified game industry - Reuters Telegraph.co.uk Growth ahead for more diversified game industry Reuters - Jul 18, 2008 By Kiyoshi Takenaka - Analysis LOS ANGELES (Reuters) - The video game industry looks set for at least another year or two of strong growth, driven by geographical expansion, a strong hardware lineup and growing pool of casual gamers, ... Nintendo Wii Tops for Console Sales in June DailyTech Sony's press conference at E3 was a dazzling hi-tech showcase BBC News Shacknews - X-bit Labs - New York Times - Wired News all 1,145 news articles Publ.Date : Fri, 18 Jul 2008 12:07:32 GMT Aybar's triple caps Halos' rally over Sox - MLB.com Canoe.ca Aybar's triple caps Halos' rally over Sox MLB.com - 1 hour ago By Rhett Bollinger / MLB.com ANAHEIM -- Pinch-hitter Erick Aybar hit a three-run triple in the seventh inning, Vladimir Guerrero blasted a solo home run and left-hander Joe Saunders pitched 6 2/3 strong innings to lift the Angels to a 4-2 win over the ... Aybar's three-run triple sends streaking Halos over BoSox Sports Network Aybar's bases-clearing triple sparks Angels The Associated Press Rotoworld.com - Press-Enterprise - Boston Globe - United Press International all 506 news articles Publ.Date : Sat, 19 Jul 2008 22:52:04 GMT US banks ask SEC to expand stock trade protection - Reuters Wall Street Journal US banks ask SEC to expand stock trade protection Reuters - 7 hours ago By John Poirier WASHINGTON (Reuters) - An emergency move by US securities regulators this week aimed at curbing manipulative short-selling in some major financial firms should be expanded to all publicly traded banks, or it could erode confidence in ... SEC Short-Sale Rule Gets Negative Reviews Wall Street Journal SEC Spares Market Makers From `Naked-Short' Sales Ban (Update1) Bloomberg Forbes - MarketWatch - Taipei Times - New York Times all 582 news articles Publ.Date : Sat, 19 Jul 2008 17:02:49 GMT Venture Funding Drops for Youngest Companies As Older Ones Suck Up ... - New York Times Boston Globe Venture Funding Drops for Youngest Companies As Older Ones Suck Up ... New York Times - 1 hour ago By Abha Bhattarai In an ominous sign for Silicon Valley’s entrepreneurial machine, venture capital firms are cutting back on their investments in companies at their earliest stage of development and being forced to provide extra funding for later-stage ... VC Deals In Charts (Q2 2008)?Exits? We Don't Need No Stinkin' Exits? Washington Post Venture investments in state total $77.6 million so far in '08 Detroit Free Press CNET News - The Associated Press - MarketWatch - RTT News all 195 news articles Publ.Date : Sat, 19 Jul 2008 22:54:52 GMT What's the best Oscar strategy for Heath Ledger in 'The Dark Knight'? - Los Angeles Times Times Online What's the best Oscar strategy for Heath Ledger in 'The Dark Knight'? Los Angeles Times - 1 hour ago That's a tricky Oscar question. On one hand you might think Heath Ledger should go supporting because, technically speaking, "The Dark Knight" is a film about Batman. Heath is where the heart is The Observer 'Dark Knight' sets box office record with $66.4M The Associated Press YourHub.com - New York Daily News - Chicago Tribune - OpEdNews all 3,291 news articles Publ.Date : Sat, 19 Jul 2008 23:18:18 GMT Panel Finds Misconduct By Fusion Researcher - Washington Post Los Angeles Times Panel Finds Misconduct By Fusion Researcher Washington Post - 18 hours ago INDIANAPOLIS -- A Purdue University panel has found two instances of misconduct by a researcher who says he produced nuclear fusion in tabletop experiments. Purdue physicist found guilty of misconduct Los Angeles Times Details of what Purdue's investigation found Journal and Courier Chicago Tribune - RedOrbit - Newsweek all 157 news articles Publ.Date : Sat, 19 Jul 2008 05:47:31 GMT McCain Co-Chairman, Under Fire, Steps Aside - New York Times ABC News McCain Co-Chairman, Under Fire, Steps Aside New York Times - 9 hours ago Carolyn Kaster/AP At a town-hall-style meeting Friday on energy, John McCain found himself questioned instead on his wartime positions. McCain Takes on the 'Cable Monster' and an 'Extreme' Obama Washington Post Gramm Out as McCain Co-Chair; Obama Reacts FOXNews The Associated Press - Dallas Morning News - Reuters - Boston Globe all 947 news articles Publ.Date : Sat, 19 Jul 2008 14:45:59 GMT Make Money Online RSS Parser

PARLOT::Ebooks, Scripts, Websites, and more...

Adsense websites

How to Get the Case Off Your PC!

This is the first step to servicing, upgrading or removing... Read More

Getting The Proper Laptop Screen Size

Are you sick of viewing everything on that small screen... Read More

How to Purchase a Flat Panel TV

When purchasing a flat panel TV, there are a few... Read More

Generation Laptop

In May 2005 U.S hardware history was made.This was the... Read More

Review of Popular Wireless Headphones

Just about everyone would I agree, I think, that wires... Read More

Laptop Computers and the PVP Effect!

Roll over lumbering desktop computers, the limber laptop is here,... Read More

Printers

Do you feel overwhelmed when buying a computer or a... Read More

Small Computers

Today, small form factor computers demolish the myth that bigger... Read More

Learn to Find Cheap Laptop Computers on the Internet

Cheap laptop computers are coming to a store near you.... Read More

SED is Coming

One of the bigger challenges facing display manufacturers is to... Read More

How To Refill Your Ink Cartridge

Forget about emptying your wallets every time you see the... Read More

Protecting Your Computer From Power Surges, Data Loss, Viruses, And Spyware

Protecting Against A Power Surge:Your computer is an expensive investment;... Read More

A Look Inside The Elusive Inkjet Industry

The Inkjet printer industry is booming. Office supply companies report... Read More

Blu-ray: A Primer

Blu-ray is an optical disc format which is set to... Read More

How To Troubleshoot DVD Drives Fast

You really enjoy those dvd movies and games and the... Read More

Whats In An LCD Display?

Who needs an LCD display? Well, if you're like me,... Read More

Laptop Computer Extras for the Mobile Traveler

A laptop computer certainly provides you with an unprecedented level... Read More

Refurbished Laptop Batteries

There are three refurbished laptop battery types, each named for... Read More

Computer Hardware Preventive Maintenance Software

Computers often break down at the worst of all times.... Read More

Ten Ways (plus 1) to Save on Printer Ink and Toner Cartridges

Are you getting tired of the high cost of printing?... Read More

Your Printer Is Out Of Ink -- Now What?

We've all been there. You're in the middle of printing... Read More

How To Buy A Printer That Won?t Break The Bank

OK I confess I've bought at least 10 inkjet printers... Read More

A Review of Refurbished HP Laptops

HP refurbished laptops can be found on their website hpshopping.com.... Read More

Expansion Cards Part 2: AGP

Expansion Cards Part 2: AGPThe first in this series of... Read More

Cisco CCNA Certification: An Illustrated Guide To Ethernet CSMA/CD

When you're studying for your CCNA exams, you're going to... Read More