Wireless Security Attacks and Defenses

An anonymous reader writes "IT-Observer is running a comprehensive overview of wireless attacks and defenses. From the article: 'Wireless technology can provide numerous benefits in the business world. By deploying wireless networks, customers, partners, and employees are given the freedom of mobility from within and from outside of the organization. This can help businesses to increase productivity and effectiveness, lower costs and increase scalability, improve relationships with business partners, and attract new customers.'"

Wireless wants to be free.

[Anonymous Coward]

I see that keeping leeching wardrivers out isn't covered.

The scenario TFA begins with

[Anonymous Coward]

...IMO indicates a major problem behind the thinking of many corporate IT departments. Anyone who grants access a machine access to sensititive or confidential data simply because it is on the network is a moron.

Know what confidential data you can access by simply connecting a computer to the network at my school and most universities, for that matter? Almost nothing! All confidential data should be protected with end-to-end encryption, then the worst that can happen if a third party gets a machine on the internal network is that they can use excessive amounts of bandwidth. Denial-of-service attacks are much easier to recover from than (possible) leaks of confidential data.

Want to truly secure your wireless network?

[mmell]

Make sure your home/office/whatever is built like a Fermi chamber.

Even if somebody somehow makes wireless networking as secure as good ol' fashioned copper, it still can't be made perfectly secure! The ONLY way to ensure absolute security is to pull the power cord(s) out. Oh, and smash the hard disks with an ax.

That said, I wonder how long it'll be before construction companies start offering to make buildings RF-impervious? Y'know, I might actually pay to have something like that done; it would go a long way to enhancing wireless security at my house.

Re:Want to truly secure your wireless network?

[qwijibo]

Making buildings impervious to RF seems like it solves the opposite of the actual problem. If construction companies put conduits in house that made it easier to route network cables to all of the rooms, there would be no need use wireless. The only reason I use wireless at home is that I don't want to try to come up with some horrible kludge to get wires everywhere.

Useless

[Zephyros]

I don't trust any article about wireless security that says WEP has any use at all - "Not only is WEP a good way to ward off many would-be attackers, it is strengthened when used with other security techniques." Same for MAC filtering: "[although] this can be bypassed by knowledgeable hackers, it is still a valid method for keeping many intruders at bay." They'll keep your neighbors from hogging all of your bandwidth, but they won't keep out anybody who wants to get at your data.

Not even a mention of WPA2, certificates (hardware/software), or any other actual security measures in there. Some decent stuff about PEBRAC errors in the beginning, and other changes that should be obvious to any netadmin with two brain cells to rub together, but TFA is really not even worth the time it takes to read.

Re:Duh!

[Silver Sloth]

Which is a very good reason for not implementing it. I would strongly advise any business not to install IT which they don't understand how to implement and secure it properly because they would be, unwittingly, leaving the door open.

Here in the rarified atmosphere of /. we may laugh at the lamers and their pathetic inability to utilise IT. Out there in the real world people are simply getting on with it. Maybe they have better things to spend their time and money on than installing all the latest geek toys.

As a frinstance, my brother is a very successful salesman. He doesn't even own a laptop and can see no reason to do so. He's too busy earning a great deal more money than I do to bother about it.

Re:The article is 100% wrongheaded

[Anonymous Coward]

Yeah, 'cause setting up a VPN or ssh tunnels is something EVERYONE can do.

Oh wait, they can't... following the techniques outlined in the article won't stop someone who is determined to get somewhere, just like locking your door won't keep someone who really wants to get into your house out, but as a general deterrant works pretty well.

If you're that bloody paranoid about someone scooping your shemale porn downloads, just stay on the wire.

Re:I suggest shortening the phrase

[gEvil (beta)]

Yes, but how exactly will your proposal increase shareholder value?

Re:Duh!

[ePhil_One]

Its more that they don't understand how to implement and secure it properly, and don't want to spend the time or money to do so.

No, its because they understand that it cannot be secured properly. If you think it can, either you don't understand the risks or you have a different definition of acceptable risk than they do. Assuming your clients are stupid because they don't agree with you isn't the key to a successful career

Or maybe they know how to implement it, and aren't willing to spend the resources (time & money) to manage it. Have you tried bringing a estimate of how much more productive you can be if you can work wirelessly from the meeting instead of paying attention to the meeting?

Not so comprehensive

[HackNack]

This article may be helpful to some newbies, but I'm looking for something extra here. Where's the 802.11X and 802.11i/WPA2 information?

I see WEP mentioned and then WEP2. I think that by WEP2 the author means TKIP. Of corse there is no explanation of what either does and why WEP2/TKIP is better than WEP.

Why bother learning about MitM attacks? Rogue access points? ISD??? You're using WEP for God's sake!!!

This is is basically something I'd expect to see on Digg. Any self-respecting /. visitor already knows everything mentioned in the article.

Re:Duh!

[harrkev]

Besides, cat 5 cable is insanely cheap.

Nope.

OK. The cable itself is cheap. Putting it where it needs to be is expensive. At my company, we hire outside contractors to run all of our cable. It seems like I am always spools of cable lying around, and guys with their feet on a ladder and their heads in the ceiling. Since an outside company is doing this, it turns a $10/hour worker into a $30/hour or more expence to my company.

But still, the wireless is usually used for the manager laptops. They have to have to be able to check Lookout ^h^h^h^h^h^h^h Outlook in meeting.

Faraday cages, wireless networks, and cell phones

[martyb]

You realize you've gauranteed a cell phone won't work in your house if you do that, right? As a prospective home-buyer, that is an immediate no-sale point.

It is possible to construct a Faraday Cage [wikipedia.org] to block wireless network signals without blocking cell phone communications... Wireless networking uses 2.4 GHz signals. Cell phones use entirely different frequencies.

Try it yourself! Place your cell phone in a microwave, close the door (but don't turn it on, of course), and call your cell phone. If your phone rings, then the cell phone signal made it past the microwave's faraday cage. And microwave and wireless networking signals are almost the same -- my network throughput dies whenever I use my microwave.

NOTE: Different cell phone frequencies exist, so YMMV. I can't try this myself (no land-line) but according to what I learned in physics class (LONG ago), I'm pretty confident it should work just fine. Anyone want to give this experiment a try and post how it worked for you?

Hardly comprehensive...barely even useful

[sarkeizen]

I maintain a wireless network of over 40 AP's for a college campus. This article spends much time on nothing.

a) 'default' SSIDS are irrelevant. It doesn't make the networks easier to find. It's not like when I ask windows to "View Wireless Networks" it only shows me the ones called "linksys". Perhaps at one time seeing a router called 'linksys' might have made me think that the user is less likely to be running encryption but under XP it tells me right away which ones are encrypted and which aren't.

b) Warchalking - old hat. Perhaps before it was feasable to simply leave my PDA running as I walk around and report all the AP's it sees this might have been useful.

c) WEP - You've got to be joking. The article mentions the 'newer 128-bit specification' doesn't mention DWEP using 802.1x or WPA. Either make it much harder to crack.

d) IDS - Possibly useful but really only once someone is accessing your system via your wireless.

e) MACs - The article seems to vassilate here, on one hand saying that MAC isn't meant for access control and on the other saying that you should use them for ACLs. MAC authentication is useless, it's trival to find a useful MAC address on any network that's used regularly.

f) DHCP - Stupid. Disabling it stops very little for very long. The vast majority of WLANs are using one of the three non-routable IP ranges. It wouldn't take me long to find one that's accessable. It also introduces a serious pain for the maintainers for the network.

What it should mention are the following:

a) Authentication - 802.1x preferably. I personally don't like web portals as it makes it easier to fool users with "evil twin" attacks.

b) WPA2, using WEP or idealy AES.

c) For corporate WLANs use a system that can use your own wireless networks to detect rogue AP's. I'm using Nortel (now cisco) 2270 (with 2230 aps) and I have SNMP traps which warn me when someone in the WLAN starts up an AP.

d) VLANS - keep the WLAN traffic restricted to particular ports, destinations.

e) Have a written policy for your users. Make them understand that adding their own wireless equipment is forbidden.

f) Using some kind of authentication on your ethernet jacks helps - it's hard to find an AP that will do 802.1x on the WAN side. Even so, it would be tied to a particular user. Using the information from (c) you can just disable their account.

f) Invest in a solution that keeps users OS and Virus software up-to-date.

Re:Do they really know what they're talking about

[schon]

any security at all, even if very easily circumvented, is better than no security

However, *bad* security (such as your ROT-13 example) is worse than no security at all, because it leads you to believe you're actually doing something, when in fact you're not.

If you implement something that doesn't actually do anything, you've wasted time. If it doesn't do anything, why did you implement it?

Because you've convinced yourself that it does do something, and the fact that it doesn't means that you've lulled yourself into a false sense of security.

Re:Duh!

[misleb]

Network cabling really needs to be planned and implemented as if it were power or phones. When you move into an office, you spend a little extra money to have all offices wired with 2 or more CAT5 connections right next to the phone jack and you never have to worry about it again. PUt a hub under the conference table if you need network access at meetings. Wireless is convenient and all, but hardly essential for a business which thinks ahead to have proper wiring done in the first place. Heck, where I used to work, they even put CAT5 in the bathrooms!

-matthew