Small changes can thwart WLAN hackers

Stopping wireless intruders isn't hard, but one expert says most companies neglect the simple tasks that can keep wireless LANs secure.

CAMBRIDGE, Mass. -- With common sense and a basic understanding of how wireless security works, an enterprise can

keep its wireless LAN protected from intruders using the security standards and practices available today.

During "Wireless Hacking Exposed," a session hosted by the Rolling Meadows, Ill.-based Information Systems Audit and Control Association (ISACA), Steve Rampado, a senior manager of enterprise risk services for Deloitte and Touche LLP, said a wireless network can become far more secure simply by implementing a few minor changes when establishing the network.

Make it simple

Top wireless worries

Below are Steve Rampado's top eight wireless security concerns:

1 -- Access point mapping ("war driving"): Is driving around to see how many networks you can pick up, then cataloging them on the Web.

2 -- Service set identifier broadcasting ("war chalking"): Involves marking sidewalks with chalk in places where free wireless access can be found.

3 -- SSID naming conventions: Use a non-default SSID, ensuring it is in line with the way employee passwords are generated.
 
4 -- Security architecture: Put the DMZ outside the firewall and treat it as an untrusted device.

5 -- Radio frequency management: Poor RF management will lead to unnecessary transmission of RF signal to unwanted area. Adjust the amplitude (enterprise level access) and observe it with free software like NetStumbler.

6 -- Default settings: Most access points come with security settings disabled; always change IP addresses, passwords, SSIDs and DHCP settings immediately.

7 -- Encryption: Most APs are implemented without some form of encryption. Don't make that mistake.

8 -- Authentication: 802.11b does not contain adequate authentication mechanisms.

 At first glance, many of the security precautions -- like changing default passwords and IP addresses -- appear to be something that an IT department would implement automatically. However, Rampado said 30% to 40% of ISACA clients do not change the configuration of their service set identifier (SSID), which is in essence the name of the network.

The SSID is actively broadcast by the network's access point, and is the first part of the discovery process for a hacker attempting to find unsecured wireless networks.

"Disable [SSID], there is no valid reason for broadcasting it … by preventing that discovery, you lessen your chances of becoming a target of opportunity," he said.

As an example of how the underground community has set about identifying open networks, Rampado brought up the act of "war chalking," or marking, the sidewalk outside of a building that's home to an exposed wireless network access point so that others can tap in.

Money for nothing

In one other instance of gross wireless negligence, Rampado said 80% of his clients have installed out-of-the-box wireless routers on their internal networks. He said that essentially bypasses all the time and money many companies spend on firewalls and intrusion prevention systems.

"What you now have is a direct path right into the internal network," Rampado said. "In some cases, they still had the [Dynamic Host Control Protocol] server -- which hands out IP addresses on the internal network-- enabled so you're giving the hacker his own IP address."

The solution, he said, is to put the device outside of the firewall and treat it as an untrusted device, as you would a Web server.

Making the LEAP

Other small but important tips for securing a wireless network included radio frequency management. Poor RF management, Rampado said, will lead to unnecessary transmission to unwanted areas.

For instance, Rampado said he was able to access the wireless network of a Fortune 500 client from a park bench that was two miles away from the company's building.

A final security feature that is integral to a secure wireless network is encryption. Rampado said that even weaker encryption like Wired Equivalent Privacy (WEP), which has only one Web key, is better than nothing, and offers a first line of defense for the network.

For more robust, enterprise-caliber security, Cisco's Lightweight Extensible Authentication Protocol (LEAP) offers encryption with minimal performance hits.

Rebecca Chien, a senior auditing specialist with the Prudential Financial Group, said her company has not yet adopted wireless technology, but there was interest among those in higher management.

Chien said, at present, there were far too many security concerns with wireless technology, especially with sensitive financial transactions.

FOR MORE INFORMATION:

Get Lisa Phifer's advice on configuring SSIDs.

Download our white paper on wireless hacking.

Dig deeper on Hackers and Threats to your Mobile Enterprise

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchConsumerization

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close