Tech

Guides

Business Applications ▪ Database Management ▪ Disaster Recovery ▪ Enterprise Servers & Storage ▪ IT Security ▪ Java ▪ Microsoft Office Suite ▪ Network Admin ▪ Open Source ▪ SMB ▪ SOA ▪ Tech Management ▪ Software/Web Development ▪ Windows Server ▪ Wireless Tech

Network Admin TechGuides

Wireless security guide

By Brien M. Posey MCSE, Special to ZDNet Asia
Monday, June 14, 2004 02:18 PM

Going wireless is a big step, and maintaining wireless security is an ongoing process. So it's little surprise that IT pros have so many questions about wireless technology. We've gathered some of those most frequently asked and invited our wireless expert, Brien Posey, to answer them.

The FAQ list will be constantly evolving, so you're invited to send us other questions you may have. Just mail them to us or post them in the discussion area at the end of this FAQ.

Questions

Is it true that WEP can be easily hacked?
Anyone with a laptop and a wireless network card can sniff encrypted packets as they flow across a wireless network. Depending on the content and structure of captured packets, a hacker simply needs to capture anywhere from 100 MB to 1 GB worth of packets. Such a sampling size guarantees that the hacker will have all of the information he needs to break the WEP encryption. Once the necessary volume of data has been captured, the hacker can simply run a freeware utility against the captured packets to derive the WEP key.
Can a Pringles can be used as an antenna by hackers?
Yes. Although a typical wireless NIC has a range of 100 to 300 feet, faint radio signals are transmitted far beyond the network’s operational area. By investing about ten dollars for a few parts from Radio Shack and for a can of Pringles, you can easily build an antenna that can intercept a signal from as far as 10 miles away (assuming that there is a clear line of sight). Other industrial-strength antennas can intercept a signal from even further away.
Can a VPN ensure wireless privacy?
Setting up a VPN greatly enhances the privacy of a wireless network, especially when used in conjunction to WPA or WEP encryption. If you are considering implementing a wireless VPN though, there are a couple of issues that you need to consider. First, if the wireless signal drops for a second, users' connections will be terminated, and they will have to reestablish their VPN connections. Second, a wireless VPN offers no protection against rogue access points. Third, a wireless VPN doesn’t provide wireless users the same seamless network access as wired users have since they will usually have a separate login for the VPN connection.
If WEP encryption is so insecure, then why does 802.1x rely on it?
802.1x by itself is not secure. 802.1x only becomes secure when combined with the Extensible Authentication Protocol (EAP). EAP makes it possible to securely distribute WEP keys. Rather than relying on static WEP keys, the 802.1x and EAP combination allow each session to have a unique WEP key. Additionally, WEP keys automatically expire every ten minutes. Since each session is frequently rekeyed, it makes it impossible for a hacker to collect the necessary volume of packets between key changes..
Is it true that wireless network users are themselves vulnerable to security breaches even when connected to a corporate LAN via a wireless VPN connection?
Yes, there are three primary ways at which wireless users are at risk. First, if volumes or folders on the users' machines are shared, it is possible for other users within the subnet to access the contents of those shares. Second, someone on the same subnet as the user could perform a buffer overflow attack against the user. Finally, not all traffic is routed over the VPN. Traffic related to Internet usage is routed over the Internet. This traffic is subject to capture through the usual methods.
If I have never shared any files or folders on my hard disk, is my information still vulnerable to compromise while I am using a wireless connection?
Yes. Even if you never create a share point, Windows has a few shares of its own. There is a share called Admin$ and another share for each hard drive (C$, D$, etc.). You can’t disable these shares because Windows depends on them. To prevent these shares from being exploited, make sure that the system is running a personal firewall. Also change the local Administrator’s username and password to further reduce the chances of these shares being exploited.
Is it safe not to tunnel traffic that is ultimately destined for the Internet?
When a wireless user is connected to the corporate network via a VPN link, it may seem that since traffic destined for the Internet must be first routed through the corporate network that it will pass through the VPN. However, this isn’t always the case. VPN tunnels can become congested rather easily. To conserve bandwidth, some VPN implementations transmit traffic destined for the Internet over the wireless network but outside of the VPN tunnel. This means that Internet traffic is unencrypted. This shouldn’t be a problem since nothing sensitive should be flowing across the Internet. However, some users use the same password for Web sites as they use for access to the corporate network. If such a site doesn’t encrypt passwords, it might be possible for someone to steal a password and use it to gain access to the corporate network.
How can a wireless workstation be subject to buffer overflow attacks?
Unless a workstation is running a personal firewall, other machines on the same subnet as the workstation can communicate with the system across all TCP and UDP ports. The corporate firewall only blocks malicious traffic from the outside world; it does nothing to prevent attacks from within
How does public key security work?
The basic idea behind public key security is that every user has two mathematical encryption keys, a public key and a private key. A user’s public key is accessible to anyone, but the private key is accessible only to the user. When someone needs to encrypt traffic before sending it to a specific user, the encryption process begins by downloading the user’s public key. The public key is used to encrypt the packets, but is useless for decrypting it. The packets can only be decrypted by the corresponding private key, which is only held by the recipient.
Is SSID broadcasting a security threat?
Have you ever tried to connect to your wireless network only to have a neighbor’s network show up on the list of available wireless networks? The reason your neighbor’s network displayed as an available choice is because SSID broadcasting was enabled. SSID broadcasting causes the wireless access point to tell all available clients the name of the network. If SSID broadcasting is disabled, hackers can still hack the network, but they will have to figure out what the SSID is rather than having it handed to them.

Want more wireless security tips? Here are more questions answered:

Does MAC filtering work as a security measure?
Is DHCP a security threat?
Is signal jamming a security issue?
Can adjusting signal strength help secure a wireless network?
If I have implemented all of the standard security mechanisms, can I guarantee network security?
Should I use SNMP to manage my wireless network?
I can’t adjust the power level on my access point, and the antenna is not removable. Is there any way to help to prevent the signal from leaving the building?
How can I audit a wireless network?
How can I detect rogue access points on my wireless network?