Wired Equivalent Privacy (WEP) is a mechanism that encrypts WLAN traffic to prevent unauthorised users from reading data captured in transit. WEP can be cracked, but it requires a more knowledgeable and determined individual than your average war driver to crack it. Most WEP-cracking tools, like Airsnort, run on Linux and require the user to gather approximately 4,000 packets with weak keys (keys being the secret keys used to generate the ciphertext) from packets of network traffic, which is usually enough of a deterrent to select another target (of which there are many). Change AP's default settings
Default AP configurations -- Service Set ID (SSID), SNMP Community String, Administrative Password -- are widely known by war drivers, and it's relatively easy for a knowledgeable war driver to connect to the network and commandeer control of an AP with default passwords. (Sadly, default passwords aren't uncommon.) Restrict access to key systems/data
Block WLAN access to the intranet server and other key data. Disable SSID broadcasting
To prevent the AP from broadcasting the network name and associating with nodes that aren't configured with the WLAN's unique SSID, disable SSID broadcasting. While this will protect the network from rogue users, it will make WLAN deployment a more hands-on experience because WLAN clients will require that the network name be manually configured. Additional recommendations
Several additional recommendations, which were not possible to implement for our client, include: Use MAC address filtering at the AP
Many APs can be set to use MAC address filtering to restrict AP usage to specific machines. Implement out-of-band user authentication
Should the security policy demand a stronger authentication scheme, two-factor authentication can be employed using a separate authentication server on a wired segment adjacent to the AP. This measure ensures that only authorised users are granted access to both wired and wireless resources. Disable AP Dynamic Host Configuration Protocol (DHCP)
By default, most APs are set as DHCP servers and will automatically grant a WLAN IP address to any machine that requests one. This makes it very easy for war drivers to gather information and connect to your network. Disabling AP DHCP prevents this action. Utilise IPSec or VPN
In cases where confidential data must traverse a WLAN, the data can be protected by VPN or IPSec-based encryption to provide the level of confidentiality required. Don't shoot the messenger
The WLAN was only one element of the security vulnerabilities that resulted in the theft of NCTPTI's key customer contact lists. Poor security practices and an improperly hardened IIS server were equally at fault. Additional recommendations were made regarding network architecture, system hardening policies and procedures, and authentication and access control to provide the level of security required for key corporate data. Within 10 days of the penetration testing that revealed the WLAN vulnerabilities, the client had fully addressed the vulnerability and met the business requirements that dictated WLAN usage while maintaining an appropriate and reasonable level of security. Final thoughts
Essential to the successful deployment of a WLAN is the proper consideration by senior management of the business requirements and risks associated with their usage. Only after senior management has fully identified the requirements and acceptable levels of risk can an IT organisation deploy a WLAN appropriately. Due to the sheer number of targets available to the casual war driver, even the most basic WLAN precautions are generally sufficient to dissuade a potential hacker. Organisations that believe they could potentially be the targets of a more sophisticated attack (e.g., industrial espionage) should fully consider the risks associated with a WLAN before deployment. Remember, because WLANs are inherently insecure, you must consider a number of important factors before their deployment:
- Why are we deploying a WLAN?
- Who will be allowed to use the WLAN?
- Where will we allow the WLAN to be deployed?
- Where are we going to position the access points in our infrastructure?
- What data will not be accessible via the WLAN?
- What additional technologies can we use to further secure the WLAN?
- How can we harden the WLAN to make it as difficult as possible to compromise?
Have your say instantly in the Tech Update forum.
Find out what's where in the new Tech Update with our Guided Tour.
Let the editors know what you think in the Mailroom.
