WPA aims to finish the job WEP started: what to know before it does.
Gartner analysts estimate that by 2005, 80% of all commercial notebooks sold will be wireless-enabled. They also predict that by 2005, 50% of Fortune 1000 companies will have extensively deployed wireless LAN technology based on the latest 802.11 standards. And, by 2010, the majority of Fortune 2000 companies will have deployed wireless LANs to support standard wired network technology LANs.
Does this mean that a Jetsons-inspired society with people regularly beaming information from their laptops to company servers from hotels, airport lounges, conference centers--Starbucks and McDonald's--is in our future? For many, the answer is yes. But not so fast. One major roadblock that needs to be overcome is the lack of security that arises from having all of this valuable information floating around in our airwaves for any hacker to take.
According to Dr. Ron Sperano, director of mobile market development at IBM's Personal Computing Division, adopting a wireless LAN is a wise decision. "Financial justification comes from two areas; cable versus no cable and increased productivity." He continued, "WLANs can be less expensive than wired LANs due to the high cost of cabling and maintenance; however this varies by location. The real justification for WLANs is due to the increased employee productivity. Employees can maintain high-speed connectivity anywhere on campus, at home and on the road."
But prior to implementing a wireless solution, companies need to ask themselves these three basic questions:
* Is there a need for mobility?
* Where is the financial justification?
* Can it be made secure?
Rundown of the Latest IEEE Standards
There is a thin cloud of confusion as to the numerous wireless standards that have been implemented by the IEEE. As of today, there are four--with 802.11b having the largest company install-base. In order of appearance and certification, they are as follows: 802.11b, 802.11a--and the latest and greatest, recently certified and more costly--802.11g. (802.11i, should be coming out, too, by the end of this year or the beginning of next.) What differentiates each of them is mainly their speed and frequency.
802.11b operates at a 2.4-GHZ range and has a maximum throughput of 11Mbps. The more advanced 802.11a standard operates at a 5-GHZ frequency and has a throughput of 54Mbps. While the latest, g standard has the high throughput of 54Mbps and operates like the b standard at 2.4GHZ. As far as interoperability is concerned--and forgive me if this brings back bad memories of Statistics 101--b is compatible with g, g is compatible with b but only at b's throughput, and a--the most difficult one out of the bunch--is compatible with neither but is willing to cohabitate with either within the same device.
Now that we know the technology that's out there, let's examine the risks involved in implementing it. In a recent survey by Jupiter Research, out of 500 companies polled, less than half had implemented security procedures for their wireless architecture. According to a whitepaper written by Internet Security Systems (ISS) entitled "Wireless LAN Security," apart from the widely known encryption attacks already made public about the 802.11b standard, the others that fall into these six categories:
* Rogue access points
* Interception and unauthorized monitoring of wireless traffic
* Client-to-client attacks
* Brute force attacks against access point passwords
Rogue Access Points
Insertion attacks happen when hackers use unauthorized devices to create new wireless networks without going through proper procedure. What may facilitate this process--and what many organizations may not be aware of--is that internal employees may have deployed their own wireless capabilities onto company networks. This lack of awareness could lead to the previously described attacks, with unauthorized clients gaining access to corporate resources through what are called "rogue" access points. To avoid hackers taking advantage of this, companies need to implement policies designed to secure the configuration of access points.
Interception and Monitoring of Wireless Traffic
As you can imagine, interception of wireless traffic is similar to the interception of wired traffic. Whereas a wired attacker needs to be where there is a functioning network connection to attack, the wireless attacker needs only to be within range of an access point (approximately 300 feet for 802.11b) to carry out his attack. Also keep in mind that implementing directional antennas can drastically extend either the transmission or reception range of WiFi products. Therefore, the 300-foot maximum range commonly attributed to 802.11b, only applies to bare installations. Enhanced equipment will also enhance the chances of others picking up the signal. This is amplified by the fact that access points transmit their signals in circular patterns. All this to say that the 802.11b signal, by nature, extends beyond the physical boundaries of the work area it is intended to cover. This signal can therefore be intercepted outside of buildings, or even between floors of the same building.
This is a term used to describe the stalled state of a network, when traffic cannot reach the clients or the access point because competing traffic has taken over a certain frequency. An intruder with the proper equipment and tools can easily flood the 2.4GHz frequency, corrupting the signal and stalling the network. In addition, cordless phones, baby monitors--and other devices that operate on the 2.4 GHz band--can also disrupt a network by using that same frequency.
The fact that two wireless clients can talk directly to one another, bypassing the access point as a whole, can jeopardize both party's confidential files. WiFi LAN administrators therefore need to defend their clients not just against any external threats but also from each other.
Brute Force Attacks Against Access Point Passwords
Most access points use a password that is shared with all connecting wireless clients. Brute force dictionary attacks attempt to compromise this authentication procedure by methodically testing every possible password. Once that password is guessed, the intruder gains full access to the access point.
Many access points ship in an unsecured configuration for ease of use and rapid deployment. Unless administrators understand wireless security risks and properly configure each unit prior to deployment, these access points will remain a high risk for attack or misuse. A tip for administrators: Look out for the SSID. This is a configurable identification code that allows clients to communicate with an appropriate access point. With proper configuration, only clients with the correct SSID can communicate with that access point. Without it, the system as a whole is rendered completely vulnerable to potential attackers.
Implementing Security Practices: WPA vs. WEP
In reaction to the above-mentioned flaws in wireless LAN technology, the WiFi Alliance has taken it upon itself to try to beef-up wireless security. Over the past couple of years, it has been working diligently to bring to market a standards-based interoperable security specification to increase the level of data protection and access control.
The newest specification (which is still in the works) is being called Wi-Fi Protected Access (WPA). WPA has addressed the past flaws of Wired Equivalent Privacy (WEP), the original security mechanism for WLANs that has been in place since the adoption of the IEEE 802.11 standard in 1997. Throughout the years, WEP has been put to shame by a series of independent studies from various academic and commercial institutions that have shown that an intruder equipped with the proper tools and a moderate amount of technical know-how can gain unauthorized access to a WLAN, even with WEP enabled.
Concerned that this lack of security could strongly hinder the adoption of Wi-Fi devices, the Wi-Fi Alliance in conjunction with the IEEE, have initiated an effort to bring a strongly improved, standards-based, interoperable Wi-Fi security solution to the market.
According to the WiFi alliance, WPA is that solution. WPA is designed to secure all versions of 802.11 devices, including 802.11b, 802.11a, and 802.11g, multi-band and multi-mode. WPA is a subset of the IEEE's forthcoming 802.11i standard, which is expected to be unveiled during the first quarter of 2004.
Until a more secure standard of security than WEP is on the market, Dr. Sperano offers a do it yourself approach to protecting your organization's wireless network with these helpful tips:
Don't broadcast your wireless radio: According to Sperano, the most important and easiest step to protecting yourself is to stop any access points from broadcasting their name. "Any wireless access point attached to a wired network essentially broadcasts an Ethernet connection and an on-ramp to the entire enterprise network," he said. "But by turning off this default feature, stations must know the SSID in order to connect to an access point. If the hacker does not know the name of the network, he cannot roam into it."
Sniff Out 'Rogue' WLANs: Rogue access points are a well-documented problem. Sperano says that because a simple access point can be installed for $150, employees are deploying unauthorized WLANs when IT departments are slow to adopt the new technology. "These rogue access points generally lack security," he explained. "By implementing software that sniffs out access points, such as IBM's Distributed Wireless Security Auditor, IT managers can manage this problem."
Lock down access points: Organizations should change the default service set identifiers (SSID), or the 'names of the access points.' A default SSID usually alerts hackers to vulnerable wireless LANs.
Use a Virtual Private Network: And finally, until WAP becomes the norm for wireless security, and with the authentication vulnerabilities from WEP, Virtual Private Networks may be the most efficient solution. By employing strong authentication and encryption mechanisms between access points and the network, you can secure the overall wireless environment.
It seems that security remains to be the principal hurdle in WiFi's race towards market acceptance. Until security replaces productivity as the main motivator behind the technology, wireless LANs may never see the light of day. Some analysts are saying that much of the money being poured into public WLANs today to enable access from places as diverse as bars, hotels, airports, trains, bus and metro stations, is going to waste.
Analysts at Forrester Research have even gone so far as to call WLAN hotspots the next dot-com crash. "With all the hype today about the rollout of WLAN public hotspots, it's as if the dot-com boom and bust never happened," said Forrester senior analyst Lars Godell, in a statement issued last July. Let's just hope that WPA can wipe clean the sloppy slate that WEP has left on what could very well be the wonderful world of WiFi. What we need now is another boom--definitely not another bust.
|Printer friendly Cite/link Email Feedback|
|Publication:||Computer Technology Review|
|Date:||Nov 1, 2003|
|Previous Article:||Practical considerations for iSCSI target deployment.|
|Next Article:||Cost-effective disaster recovery: with snapshot-enhanced, any-to-any data mirroring.|