Warchalking and Other Wireless Worries
Wireless technologies promise increase flexibility but are the security risks worth the benefits?
Wired computer networks are costly to install and difficult to change, wireless networks on the other hand are now cheap to install and very flexible. Wireless makes it possible connect equipment in large warehouses, retail sites and manufacturing plants without the need to install cabling. It is possible to move equipment without the need for technical assistance and, in the most extreme case, a complete installation can be moved from one building to another. However this flexibility comes with a price.
Because of the nature of wireless it is possible that private signals can be picked up by people outside and that outsiders could connect into private Wireless Local Area Networks (WLANs). This has led to the emergence of ‘warchalking’ and ‘wardriving’ threats. Wardriving involves using a laptop computer with a WLAN card and wireless scanner software in a car to detect wireless networks. When they have discovered a wireless network with external connectivity some individuals will share the details using symbols chalked on pavements or walls (‘warchalking’). This has recently been the subject of some media hype so what is the real nature of this threat?
Wireless Local Area Networks provide wireless access over a range of up to several hundred feet. The prevailing specification used to implement WLANs today is the IEEE’s 802.11b and WLANs are sometimes referred to as 802.11x networks. In order to provide privacy this standard defines Wired Equivalence Privacy (WEP) encapsulation of data. However, despite having well known encryption mechanisms, namely the RC4 cipher, WEP is vulnerable to both passive and active attacks. This opens up the wireless network to malicious parties to eavesdrop and tamper with wireless transmissions.
So how far does a WLAN reach? 802.11b facilitates the wireless transmission of up to a maximum of 11 Mbps (Mega bits per second) of data at distances ranging from a few feet to several hundred feet over the standard 2.4 GHz (Giga Hertz) unlicensed band. However radio amateurs in the UK noticed that the lowest six channels of the WLAN band fall into the 2.3 – 2.45 GHz amateur radio band. So, liking a challenge, they set out to see how far they could make a WLAN reach (working DX in ham parlance). According to the article published on the Flight Refueling Amateur Radio web site (http://www.frars.org.uk) they were able to use the WLAN across 14km. This emphasizes how important it is to adjust the transmission level of your base station to be just sufficient for your needs.
Another issue with WLANs is the compromise between security and ease of use. Most suppliers want to ensure that their equipment is easy to use ‘out of the box’. To achieve this they use well-known default settings that do not fully exploit the security features available. This means that it is essential to configure a newly deployed WLAN correctly to take maximum advantage of the security features that exist.
A typical WLAN has several mobile devices, such as PDAs, mobile phones, and laptop computers that access the enterprise information through hardware called Access Points. The way in which these access points are configured is critical to security. For example you need to change the Service Set Identifier (SSID) or network name from the default to something private and you should enable WEP (described above). You should also configure to only allow equipment that you recognize access the WLAN. This means you should statically assign IP addresses to hardware/MAC addresses and only use dynamic address assignment where IP addresses are only assigned to recognized MAC addresses.
The critical WLAN security issue relates to the placement of firewalls. Firewalls are used to prevent outsiders from gaining direct access into the enterprise Local Area Network. Hence it is assumed that it is safe to connect business critical servers and applications directly to the LAN. If a WLAN is connected directly to these business critical systems then it is possible to bypass the firewall by gaining access to the WLAN. Therefore it is essential to separate out WLANs and to connect them into the enterprise via a firewall. It is also advisable to strengthen the access controls on your business critical servers to provide added protection if the firewall is breached.
The cheap and easy availability of wireless equipment poses an insidious threat by making it possible for individuals with an organization to purchase and connect the wireless access points directly onto the corporate LAN thus compromising your security. Unicenter from Computer Associates provides technology that is able to automatically discover the existence of WLAN access points and can be used to detect unauthorised additions to the corporate LAN.
Computer Associates are exhibiting at Infosecurity Europe, Europe’s largest and most important information security event. Now in its 8th year, the show features Europe’s most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April – 1st May 2003.