Save your wireless networks from hackers

Security managers need to be aware of the inherent weaknesses in wireless technology, which although similar to those in wired networking, add a few more headaches.

According to security professionals, the IEEE wireless protocol 802.11 not only shares unlicensed frequencies with other devices, including consumer-based Bluetooth devices, cordless phones, and baby monitors - which can, and do, interfere with each other - it also has weaknesses in its encryption structure.

Although wireless networks will use the so-called Wired Equivalent Privacy protocol (WEP), base stations are typically issued with either no password or the same password; so if the default password is left on, chances are it can be guessed.

If it is changed, that still means every user logging on to the base station needs to know the password, giving you more potential for leaks. The same password would need to apply to all stations in the network too, otherwise users would need to log on to every different station as they move about.

The single-password system also means that a brute-force attack on a base station may well yield you passwords for the entire network.

WEP also suffers from known problems with "keystream cipher" encryption. The RC4 encryption protocol it uses can either be captured and modified, so the data is altered, or capturing two encrypted messages would give a hacker the ability to splice the encryption key from the actual messages themselves.

Of course, an intruder could also introduce another base station to the network, even from outside the building, and capture user info and passwords.

Wireless interceptors are on the market for various vendor makes of kit, and with a little tweaking can be modified to grab data. Rather than grabbing data from the network, it is incredibly easy to bombard the wireless Lan with garbage signals, effectively denial-of-servicing it, an attack far easier to carry out wirelessly than on a wired network.

Consistently hammering a base station with access requests, whether successful or not, will eventually exhaust its power supply and knock it out of the network too.

As there is no definitive method of fully securing a base station, Kenneth De Spiegeleire, consulting manager at security group ISS, recommends keeping the two networks apart by putting a firewall between your intranet and the wireless network. Distributing personal firewalls to lock down the client machines is also recommended.

"Companies will have to invest time and money," said Spiegeleire, "access points cannot be trusted. They are external access devices, not internal, so securing the base station is crucial."

He said that regular network discoveries should be carried out to find any rogue base stations or clients, and there should be investment in more firewalls and IDS systems (intrusion detection) to either prevent rogue data getting in, or spotting it when it does.

However, as with a wired network, policies are most crucial, said Spiegeleire. He believes that policy, procedures and best practices should include wireless networking as part of an overall security management architecture to determine what is and is not allowed with wireless technology.

"The same rules apply," he said, "and when wireless standards are decided and the technology becomes commonplace, wireless hacking has the potential to go the same way as internet hacking is today."

A White Paper on wireless Lan security is available ISS here.