Wireless is attracting many users for its flexibility and power to deliver quality service at high speed. But the security built into the 802.11 protocol in all its flavours is inadequate on its own, warns security expert Rogan Dawes of Deloitte & Touche Enterprise Risk Services.
Speaking at a joint marketing breakfast designed to spur acceptance of Centrino notebooks, hosted by Intel and NEC, Dawes provided welcome perspective on the security hoodoo surrounding wireless - a topic which along with legalities and business models is still clouding the issue.
Dawes says wireless networks are by definition a broadcast technology, enabling one to pick up the transmission and the content of the network session.
"The Wired Equivalent Protocol (WEP), which is an integral, albeit optional part of the 802.11 standard, is not worth much on its own," Dawes says. "It has been badly designed and cannot provide adequate security by itself. It is possible to recover the encryption key once sufficient information is intercepted, from the safety and comfort of your own car, parked outside the wireless premises."
A way out
Hastening to add that there are things corporates and hotspots can do to further bolster security, he says: "One choice is to abandon WEP altogether and to run a good security protocol like IPSec on the unsecured network. Or, on top of WEP, one can implement 802.1x, an authentication protocol, which supports periodic and automatic change of the WEP key, which isn`t possible with WEP by itself."
There are a variety of ways to breach wireless network security, despite an implementation of WEP, Dawes adds. Most of them are not possible once additional security measures in the above ways have been undertaken, but a denial of service attack, as well as access point compromises are still possible.
"The scary thing", he says, "is that on a recent excursion to detect open access points (APs), only one of 40 wireless networks even had WEP implemented." He urges companies to take the necessary measures of at least implementing WEP, and IPSec or 802.1x in addition, if possible.
Small businesses and home wireless users may however find the costs prohibitive. An 802.1x implementation requires an authentication server.
50 ways to compromise you data
Dawes says simple broadcast monitoring of a wireless session can lead to capturing of the SSID (a station-identifier) and enough data to decrypt information. "Companies therefore at the very least should have WEP enabled."
"People are often not aware of the area their wireless network covers. Anyone with a notebook or PDA and the appropriate wireless card can 'see` your network, and surf prohibited sites on your account, or access your data."
It is possible to have a "man in the middle" attack, where the interceptor puts a base station between the user and his own base station, with or without the same SSID, gets the user to associate with his base station, which often has a stronger signal, and accesses that user information.
An interceptor can hijack a wireless session, knocking the user off, or launch a denial of service attack with a stronger signal. Userid packets can even be forged to "maliciously disassociate" the user from the network, Dawes adds.
Not only the infrastructure, but also the client device is vulnerable. "Windows XP has a firewall, but this is not necessarily enabled on the wireless device. Just as attacks on the AP are possible when improperly configured, compromise of the device is possible."
A last instance of misuse of wireless networks is when an employee sets up his own AP to access the network. "Such types are often not cognisant of the risks and won`t take the necessary precautions, which will compromise your security," says Dawes.
Share
