Securing the Wireless Network

Many companies have implemented 802.11, Bluetooth, and other wireless networks with little thought to security. As it turns out, though, the built-in security features are unreliable at best.
Wireless networks are becoming de rigeur, something you must have if you want to keep up with the Joneses. You can now surf the Web and pick up email while sitting in an airplane lounge, have your laptop in a conference room with no unsightly cables, or read email while in bed. The cost of these networks has plummeted. Base stations like the Apple AirPort can be had for $300, and the cards are around $100.

However, like all network technologies, they both solve problems (like where to run cable) and create a lot of new ones (like how to communicate securely). Unfortunately, most sites seem to have implemented 802.11 wireless networks without much thought for security.

A Wild Wireless World

The first problem is controlling access to your network. With Ethernet and related (cable-based) technologies, your site was usually physically secure, helping to prevent people from plugging their laptops, etc. into your network. Thus, even if someone managed to plug into your network, they had to manually discover who else was attached. While this wasn't impossible, its difficulty improved the chances of you noticing an attacker (since they couldn't use completely passive techniques).

With a wireless network, unless your building is externally shielded or has a large open area around it, an attacker will be able to gain "physical" access to the network just by bringing his laptop into proximity with your network (up to several hundred feet). An attacker can as well use entirely passive methods to monitor network traffic. All they need, again, is a laptop with a wireless card and slightly modified software to grab all the wireless data — instead of ignoring any traffic not destined to their computer.

Another largely unremarked problem is that of wandering wireless users. They are likely to leave their wireless card in and operating, meaning an attacker can set up a rogue wireless network to which the users attach themselves. If the users then send any unencrypted data, or have open file shares, for example, they potentially open themselves up for an attack.

Attackers can also set themselves up as servers on other legitimate networks, and by running a rogue DHCP server redirect all traffic through their machine or commit other attacks. Users will open themselves up to monitoring of how much data they transfer, what kinds of data, when they transfer it, and so on. If your network is not properly secured, people will use it as a free ISP and likely commit illegal acts to gain access to the Internet.

"But WEP Will Encrypt Everything"

This is going to be the biggest mistake made with wireless networking. Once it is up and running, people will be quite pleased with themselves and not likely to spend real time or effort securing it. Since this form of networking is new and not very well understood — not that much of networking is well understood — administrators are likely to think, "well, it has 128-bit WEP encryption, so we're secure." Unfortunately, it is very easy to set up a network, wireless or otherwise, so that everything works as it should, data moves happily between systems, and the whole thing is insecure.

You can configure a wireless network to broadcast its name, or not. It's probably wise not to broadcast, so that people are less likely to accidentally discover it. You can configure most wireless access points to allow only certain MAC addresses (the way Ethernet 802.11 uses MAC addresses). As with Ethernet, MAC addresses can be spoofed, but restricting them will keep out casual explorers. Sadly, WEP is rather weak. And while it is not yet possible to download a software package that will let you break into wireless networks at will, it is only a matter of time before something like this is released. And of course, such tools exist in private hands already.

So How Do I Secure It?

I'm glad you asked. It's quite obvious at this point that traditional methods are out. Controlling physical access to the wireless network is inadequate unless you shield your building or have a large (empty) buffer zone surrounding it. Depending on WEP to authenticate users and control access is probably a lost cause in the long term. While it will keep out casual attackers, anyone that actively targets you will probably get their hands on the tools needed to break WEP.

At this point we are stuck with an Ethernet network that essentially uses hubs to move traffic around. While hub-based networks are exceedingly prone to security problems, they can be secured.

The best solution is probably to require the use of IPSec for all hosts on the wireless network. While this will incur a performance penalty, it will solve problems of impersonating users, monitoring user data, and so on. Various IPSec implementations support the use of certificates and other forms of strong authentication. Windows 2000 sports a combination of (integrated) Kerberos, IPSec and Microsoft authentication methods along with policy support (i.e., traffic to foo must be encrypted, but not to bar). With almost universal support for IPSec, and the generally low speeds of 802.11 (maximum 11 megabits, probably shared with others), this plan shouldn't be too difficult to implement or sell to management.

Beyond this, you should place a firewall between the wireless network and the rest of your network. Unless a user authenticates properly, they should be contained to the wireless network, where they can do less damage. A system similar to this is used by the University of Alberta for its public Ethernet networks, as described in a paper by Bob Beck. Essentially, users authenticate to a server via Kerberos — which is resistant to passive monitoring and active attacks — after which the firewall allows connections from that IP address for a while (closing it down after a period of inactivity). However, this still allows the attacker access to others on the wireless network, so end security on user machines is still important.

Wireless networks are inevitable. 802.11, Bluetooth, and others are coming. They all in general have poor security models and flawed implementations. Relying on their built-in security is not a good long-term choice. Relying on wireless features such as frequency hopping and spread spectrum radio is also not ideal, as the same consumer equipment can usually be used to monitor it.

Sad to say, you will likely need to "roll your own" security solution. But even if this goes as planned, an attacker will still be able to attack your wireless users. Any user with a wireless machine should probably be forced to meet a baseline set of security requirements: having a firewall installed, disabling services, and so on. Hopefully the next major wireless network protocol will be done correctly.

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.