Contact:http://www.packetnexus.com
http://securityportal.com/closet/closet20010207.html 802.11 Wireless Security By Kurt Seifried (seifried@securityportal.com) for SecurityPortal Kurt's Closet Archive ---------------------------------------------------------------------------- ---- February 07, 2001 - Wireless networks are becoming de rigeur, something you must have if you want to keep up with the Joneses. You can now surf the Web and pick up email while sitting in an airplane lounge, have your laptop in a conference room with no unsightly cables, or read email while in bed. The cost of these networks has plummeted. Base stations like the Apple AirPort can be had for $300, and the cards are around $100 (both support 11 megabit/sec operation). However, like all network technologies, they both solve problems (like where to run cable) and create a lot of new ones (like how to communicate securely). Unfortunately, most sites seem to have implemented 802.11 wireless networks without much (if any) thought for security. A Wild Wireless World The first problem is controlling access to your network. With Ethernet and related (cable-based) technologies, your site was usually physically secure, helping to prevent people from plugging their laptops, etc. into your network. Thus, even if someone managed to plug into your network, they had to manually discover who else was attached. While this wasn't impossible, its difficulty improved the chances of you noticing an attacker (since they couldn't use completely passive techniques). With a wireless network, unless your building is externally shielded or has a large open area around it, an attacker will be able to gain "physical" access to the network just by bringing his laptop into proximity with your network (up to several hundred feet). An attacker can as well use entirely passive methods to monitor network traffic. All they need, again, is a laptop with a wireless card and slightly modified software to grab all the wireless data — instead of ignoring any traffic not destined to their computer. Another largely unremarked problem is that of wandering wireless users. They are likely to leave their wireless card in and operating, meaning an attacker can set up a rogue wireless network to which the users attach themselves. If the users then send any unencrypted data, or have open file shares, for example, they potentially open themselves up for an attack. Attackers can also set themselves up as servers on other legitimate networks, and by running a rogue DHCP server redirect all traffic through their machine or commit other attacks. Users will open themselves up to monitoring of how much data they transfer, what kinds of data, when they transfer it, and so on. If your network is not properly secured, people will use it as a free ISP and likely commit illegal acts to gain access to the Internet. WEP Will Encrypt Everything This is going to be the biggest problem with wireless networking. Once it is up and running, people will be quite pleased with themselves and not likely to spend real time or effort securing it. Since this form of networking is new and not very well understood — not that much of networking is well understood — administrators are likely to think, "well, it has 128-bit WEP encryption, so we're secure." Unfortunately, it is very easy to set up a network (wireless or otherwise) in such a manner that it works and data moves happily between systems — but leave it insecure. You can configure a wireless network to broadcast its name, or not. It's probably wise not to broadcast, so that people are less like