Wireless Security Threats
The security of wireless networks has been a constant topic in the news during the past few months. You’ve probably heard of terms like wardriving, warchalking and warspamming.
The man who spoke about wireless security here at the RSA Conference 2002 in Paris was Kenneth de Spiegeleire, European Manager of X-Force Professional Services, Internet Security Services. He began by pointing out the reasons why people want to use wireless networks:
- Attractiveness of location independent network access
- Lowering hardware costs
- Configuration flexibility
Mr. de Spiegeleire noted that there have been many predictions and many problems with wireless networks. He tried to show all the positive sides of adopting wireless technology.
Can we expect future growth? Yes.
Can we expect security problems? Of course.
The main problem that wireless security faces is the fact that investors always look first at the costs and later at the security concerns. Some questions that have been raised are:
- Does it make sense do adopt this technology?
- What are the costs?
- Is it easy to use?
Security comes later. Maybe a bit too late.
The author gave an overview of wireless technologies. There is an enormous amount of standards so it’s hard to know them all. He noted a constant problem of compatibility and interoperability. What followed was an overview of Mobile voice and data communications.
If a company wants to adopt wireless technology, according to Mr. de Spiegeleir the main contenders are three:
PANs: mainly Bluetooth
Bluetooth was designed to connect devices in close proximity (cordless appliances rather than network devices). Bluetooth was not designed to transmit sensitive information, but rather to be used in something like a household.
LANs: mainly WiFI
The focus of WiFi is to provide all the services as on a standard network. The original focus was on support for standard applications & protocols and reliable, time-critical delivery rather than speed and security.
MANs: GPRS (to be followed by 3G)
GPRS was designed to offer anytime and place remote access to corporate and Internet resources through mobile handsets. “Traditional” best-practice security was not applied to cellular networks.
Examples of threats:
- Jamming (Denial of Service)
- Cracking (Deciphering and Cryptoanalysis)
- Sniffing (Breach of confidentiality through interception)
- Injecting (Insertion of false data)
- Masquerading (Impersonation)
- Rogue point or AP (Unauthorized access point insertion)
When it comes to the classification of threats, they are the same as in the wired world but the traffic but sniffing is easier
To close the presentation, we were presented with some interesting facts:
- Typically only 40% of APs have WEP enabled (based on statistics gathered during war driving initiatives)
- Using 21db Yagi directional antenna ranges of up to 14 km can be achieved for WLAN sniffing.
What we need to do in order to increase the security of wireless networks is stream the existing security measures and implement new measures as in wired networks.
For all your wireless security information needs, visit the Wireless outside articles section of HNS. If you’re interested in software titles, here are some of the most popular:
- Wellenreiter
- SLAN
- PrismStumbler
- Kismet
- Fake AP
- APTools
- AirSnort