WIRELESS NETWORK VULNERABILITIES AND REMEDIAL MEASURES
TITLE: WIRELESS NETWORK VULNERABILITIES AND REMEDIAL MEASURES
Wireless local area network systems (LANs), also referred to as Wi-Fi can be found everywhere. Since their introduction in the mid-990s, they have proliferated among home users and have taken over organizations whether or not they are authorized. We would be hard pressed to find a new computer that does not have wireless LAN capability, and like their wired counterparts, wireless LANs are prone to security vulnerabilities. However, most of these so-called vulnerabilities exist only because enough care is not taken to ensure that there is strong security in place. The only exception being Denial of Service (DoS) for which there is no one resolution so far, but it is possible to reduce the likelihood of it affecting your LAN by using a combination of precautions.
This paper describes many of the vulnerabilities that can exist for home wireless LAN systems, also referred to as small office/home office (SOHO) LAN systems, as well as for enterprise LAN systems. Both LAN types are vulnerable to the same kinds of attacks and errors, but this paper places the emphasis on details of the larger more complex enterprise wireless LANs. The paper discusses where the vulnerabilities reside, methods that can be used to detect them, and how to secure them. Discussion of hackers’ tools, 802.11 security standards, and points to consider in planning a wireless LAN are also incorporated into the paper because of their importance when attempting to secure a wireless LAN. Although the main focus of the paper is wireless LAN security vulnerabilities, some information on current and future trends in wireless LANs is also included. The paper concludes that wireless LANs can be used safely, if safety measures are taken to secure them.
Introduction – What is a Wireless LAN?
In its simplest form, a wireless LAN can be thought of as two or more unwired computers using the airwaves for typical computer purposes, with the help of an access point. In the case of a home computer system, one computer is usually wired while the other(s) is not, hence the wireless concept. The unwired computer uses a Wireless Access Point (WAP) to network the two computers, thereby allowing both machines to use the same Internet access, printer, scanner and other peripherals. This is in contrast to previous configurations that required that some form of cable be run to each computer on the network. In the case of an enterprise, a wireless LAN can consist of several computers, usually laptops because of the mobility factor, using wireless access points to connect to a larger, more complex enterprise system with large amounts of data transactions occurring over radio frequencies.
People want to be able to travel anywhere and use their laptops without the need to connect to a wired central location. As a result an even newer technology known as WiMax is slated to be the next big step in the wireless industry. However, in keeping with the discussion of our current technology, wireless capabilities are popping up in coffee shops like Starbucks, hotels and motels, marinas, truck stops, even at the base of Mt. Everest. Wireless is also in use in law enforcement, the Department of Parks and Wildlife and other organizations that need to immediately communicate with headquarters. Because of the varying needs for wireless, organizations must have strict security policies in place and communicate the policies to their users. In conjunction with the security policies, adequate measures must be consistently implemented. It must be noted that the main difference in the vulnerabilities that SOHOs and enterprises suffer is found in the magnitude to which each group suffers loss. Enterprises are larger with more data, vital sensitive applications, and more people who can be affected therefore their loss may appear to be greater, when in fact a loss for the smaller SOHO can be just as devastating.
Since today’s society is more mobile than in past years, wireless LANs are becoming more and more popular every day. Everyone or all of those interested in technology or using computers, wants to have a “wireless” whether or not they know or understand the technology. In the past year, I have personally witnessed the explosion of requests for wireless in my company. The rush to wireless can present concerns because, in addition to its unique problems, it can also experience the security issues present in wired networks. This reality necessitates the implementation of tight security to prevent or curtail the vulnerabilities that wireless LANs present.
Some Common Wireless LAN Vulnerabilities
Vulnerability can be described as some event that exposes us, or in this case a network system, to an action that may be detrimental to its ability to operate efficiently and effectively with its desired level of confidentiality. Systems become vulnerable to negative forces due to the lack of proper safeguards, as in the case of wireless LANs. There are several known vulnerabilities that occur mostly because of the very nature of the LAN, which uses radio frequencies (RFs) to permit the transmission of data over the airwaves. One major reason that a number of vulnerabilities occur, in both SOHOs and Enterprises, is because uninformed users setup wireless LANs without the prudence necessary to secure these systems from malicious or even accidental events. Following are some of the commonly known Wi-Fi vulnerabilities.
a. No configured security or poor security
If the 802.11 security settings for authentication and encryption are not functional, or the service set identifiers (SSIDs) are not changed, this can cause external attacks. For example, it is known that Linksys uses the default SSID “linksys “, Cisco defaults to “tsunami”, and Symbol defaults to “101”. Also, if an access point is configured simultaneously for both VPN and open authentication, authorized users will authenticate via VPN while unauthorized users will use open authentication to sneak in. Another configuration problem to be aware of is failure to change defaults in a Windows XP machine with wireless capability. In this case the XP system automatically searches for an access point connection and may accidentally connect to an undesirable system.
b. No set physical boundaries
Wireless access points can lose signals because of wall, doors, floors, insulation and other building materials. The signals may also enter into another user’s airspace and connect with their wireless local area network. This is referred to as accidental associations and can occur in densely populated areas where several people or businesses use wireless technology.
c. Physically insecure locations
Access points should not be placed where they are easily accessible because they can be removed and tampered with (configurations copied or altered) then returned.
d. Untrained users setting up unauthorized workstations and networks
This group constitutes users who either are uninformed and therefore unaware of security measures that must be taken when deploying wireless, or whose desire to have wireless is so strong that it completely overshadows the rules set by the organization to ensure that systems are secure. These actions can be costly to an organization, therefore it becomes the enterprise’s responsibility to change attitudes through education, and provide policies that outline consequences for violators. It has been my experience that in addition to having policies in place and outlining consequences, it is necessary to perform repeat monitoring to encourage compliance. Also, organizations must control who can gain access to the wireless LAN to prevent the unauthorized deployment of ad hoc networks where employees’ machines can “talk” back and forth to each other.
e. Rogue access points
These may be illicit access points brought in to the enterprise by employees, or poor access point setup by the untrained employee described above. An employee might also mistakenly use SOHO access points that are not designed to be used in an enterprise because of its weak security options. Other rogues may include external malicious users such as hackers engaging in war driving in an attempt to access the wireless LAN from nearby locations.
f. Lack of network monitoring
Intrusion detection tools can be used successfully to continuously monitor for rogue access points. Not deploying some means of detection with alarms and event data recorders practically leaves the door wide open to hackers or other undesirable users.
g. Insufficient network performance
This occurs when a network system is not designed for capacity. With the headers, packets, interframe spacing and other activities that occur, throughput becomes significantly degraded to cause the wireless LAN to operate at about half its expected data rate.
h. MAC address filtering
A media access control (MAC) address is a unique number assigned to a computer. In wireless LANs this number is used to allow an access point to connect to a particular network. Total