Wireless LANs (WLANs) are be ing deployed across the world at an amazing
pace. Cultural and social changes are driving people to be loosely tied to a
fixed workstation and work on the move more and more. This is getting more
popular as mobile devices today boast of up to 64 MB of RAM and up to 400 MHz
processing speeds—configurations that rival currently available low-end
desktops. While miniaturization facilitates high-capacity mobile computing,
wireless technology is the key enabler to keep the mobile worker connected to
the enterprise. Many enterprises have deployed WLANs to enable their mobile
employees to stay connected to the corporate network while doing their work.
The IEEE 802.11b wireless Ethernet standard for WLAN, which is designed to
support wireless LAN, is popularly known as Wi-Fi. Wi-Fi LANs operate using
unlicensed spectrum in the 2.4 GHz ISM band. It has a theoretical throughput of
11 Mbps and a range of 200 to 300 feet. This specification is the most widely
used and is considered good enough for basic wireless LAN deployment in the
enterprise or at home. 802.11b WLANs are relatively inexpensive to set up.
Earlier, for WLAN operations in India, one had to obtain a license from the
Wireless Planning and Coordination (WPC) wing of DoT and from the home ministry.
Today, 801.11b is de-licensed for indoor use, but there are complaints about
interference with other devices (Bluetooth, cordless phones, etc). With greater
proliferation of such devices, a move to the 5 GHz band is inevitable, which
raises further issues about future inter-compatibility.
Security Issues in Wireless Communication
Securing information from unauthorized access is a major problem for any
network, wireline or wireless. Security is an even greater problem for wireless
networks, since radio signals traveling through the open atmosphere can be
intercepted by individuals who can be constantly on the move, and hence
difficult to track down. Moreover, wireless solutions are, almost universally,
dependent on public-shared infrastructure where one has much lesser control of,
and knowledge about, the security discipline employed. Some of the most common
problems faced in wireless networks are:
Easy Access: Wireless LANs are easy to find. This is the oxymoron of
wireless security. All wireless networks need to announce their existence so
that potential clients can link up and use the services provided by the network.
Rogue Access Points: Easy access to wireless LANs is coupled with easy
deployment. When combined, these two characteristics can lead to serious
problems for network administrators. Any user can run to a nearby computer
store, purchase an access point, and connect it to the corporate network or your
home network without authorization.
Rogue access points deployed by end users pose great security risks. End
users are not security experts, and may not be aware of the risks posed by
wireless LANs.
Traffic Analysis and Eavesdropping: Not all the wireless standards
available in the market provide protection against attacks that passively
observe traffic. The main risk is that these standards do not provide a way to
secure data in transit against eavesdropping. Frame headers are always ‘in the
clear’ and are visible to anybody with a wireless network analyzer. Available
solutions in the market such as WEP protect only the initial association with
the network and user data frames. Management and control frames are not
encrypted or authenticated by WEP, leaving an attacker with wide latitude to
disrupt transmissions with spoofed frames.
Security Risks in Wi-Fi
Some of the major security risks attached with the use of wireless Wi-Fi are
as follows:
- Insertion Attack: The insertion attacks are caused when
unauthorized devices, without going through a security check and review, are
placed on the wireless network. There are two prominent types in which these
can occur:
- Plug-in unauthorized clients
- Plug-in unauthorized renegade base station
-
| The Warchalkers |
| Unfortunately, a majority of access points are put in service with only minimal modifications to their default configuration, which, needless to say, is totally susceptible to external attack. It could be considered equivalent to publishing e-mail addresses on the Net with blank passwords. |
| So here enter the fearless Warchalkers who boldly go where no one has gone before. Warchalking is the process of looking for wireless computer networks and making chalk marks to indicate their locations so that others can more easily find them. Whether unauthorized use is a problem depends on the objectives of the service. For corporate users extending wired networks, access to these networks must be as tightly controlled as for the existing wired network whereas for private users it is more of a nuisance in most cases. |
|
Interception and Monitoring Attacks: We know that the interceptions
and monitoring traffic attacks are very
- popular on broadcast wired networks like Ethernet. Almost similar
principles apply to wireless networks. It can be done in a number of ways,
some of which are:
- Wireless sniffer/wireless hijacker
- Base Station Clone (Evil Twin) intercept traffic
- AP and Client Misconfiguration: As default, all the base stations
analyzed out of the factory are configured in the
- least secure mode possible and the addition of the proper security
configuration is left up as the duty of the administrator.
- Attacks against WEP: 802.11b uses standard encryption called Wired
Equivalent Privacy (WEP). It is at best a weak protocol and only stops
casual sniffers. Unfortunately tools are readily available to crack the WEP
keys. IEEE 802.1X standard allows network access to be authenticated and
keys to be distributed, and thus allows access to APs to be authenticated
and WEP keys to be distributed and updated.
- Client Side Security Risks: The clients connecting to the base
station store sensitive information for authenticating and communicating to
the base station. If the client is not properly configured, access to this
information is available. An attacker with proper equipment and tools can
easily flood the 2.4 GHz frequency, so that the signal to noise drops so low
that the wireless network ceases to function. This can be a risk with even
non-malicious intent as more technologies use the same frequencies and cause
blocking. Cordless phones, baby monitors, and other devices like Bluetooth
that operate on the 2.4 GHz frequency can disrupt a wireless network.
-
Client to Client Attacks: Two wireless clients can
directly talk to each other, bypassing the base station. Because of this,
each client must protect itself from other clients. A wireless client can
flood another wireless client with bogus packets, creating a denial of
service attack.
An attacker, and sometimes, employees, can ‘unintentionally’
configure their clients to duplicate the IP or MAC address of another legitimate
client, thus causing disruption to the network.
Wireless Security Policy
WPC at DoT has taken the first step in helping the growth of Wi-Fi in India by
delicensing Bluetooth (802.15)
and wireless LAN (802.11b) in the 2.4 GHz spectrum, though it is still allowed
for indoor use only. The onus now lies on standard makers to develop encryption
standards that bring wireless security close to the levels of wireline security.
This will mean that at least the underlying protocols are
secure and only application level issues remain at par with wireline systems. The wireless policy may want to define the standard security
settings for any 802.11 base-station being deployed. It should cover security
issues like the SSID, WEP keys and encryption.
Cost would be another major issue to reckon with. Although
network equipment prices have been crashing, ‘hot zones’ and mobile
equipment like laptops and PDAs remain a rarity in India.
The 802.11 standard provides link-layer level mobility. Thus,
a WLAN user can move transparently within an IP subnet with little effect on his
applications or connection. But once the cozy confines of a single network
segment are left, 802.11 provides no mechanism to connect to new hosts. That is
the realm of HiperLan2 working at 5 GHz, but that’s a different story
altogether.
A hard learnt lesson in security is that it’s easier to
steal a mobile device than to hack a network. As Wi-Fi access devices become
smaller and therefore easier to steal, the highest risk to these networks is
that someone will simply steal an access device (no technical expertise or
special tools required). Physical security has thus become the issue of the day.
Latest Developments
Microsoft and Apple are building in 802.1X security standards into their
access points. This provides a higher level of security than the typical WEP
security. The 802.1x standard has a key management protocol built into its
specification, which provides keys automatically. Keys can also be changed
rapidly at set intervals.
Sumant Bose, Rajat Karol, Vikas Goel, Vikas Dubey and Hemant
Purohit
Page(s) 1
Print
Comment
Email
Digg
Del.icio.us
Reddit
