Unauthorized users may be lurking on your wireless local area network (WLAN), according to researchers at the University of California, Berkeley. The problem is caused by a number of key flaws in the Wired Equivalent Privacy (WEP) protocol, an algorithm that is supposed to protect wireless communication from eavesdropping and unauthorized access.
David Wagner, an assistant professor of computer science and a member of the WEP research team, said IT managers need to be concerned with a whole gamut of potential security problems posed by WLANs. Eavesdropping, tampering with transmitted messages, defeating access control measures, and denials of service are all potential threats.
Despite these security threats, wireless systems are becoming a hot commodity among businesses. Gartner released a study earlier this year forecasting that more than half of the Fortune 1000 companies will have deployed WLANs within two years.
With that in mind, here are methods you can use to secure WLANs in the face of these dangerous WEP vulnerabilities.
An easy hack
A wireless network uses radio waves to transmit data to everyone within range. So special precautions need to be taken to ensure that those signals cannot be intercepted. Wagner says his research shows that potential flaws in WEP seriously undermine the security of wireless LANs because hackers can easily break into wireless systems by using off-the-shelf equipment and positioning themselves within transmitting range of a WLAN. As a result, the WLAN is susceptible to a number of different types of attacks, including:
- Passive attacks to decrypt traffic based on statistical analysis.
- Active attacks to inject new traffic from unauthorized mobile stations based on known plain text.
- Active attacks to decrypt traffic based on tricking the access point.
- Dictionary-building attacks that, after an analysis of a day's worth of traffic, allow real-time automated decryption of all traffic.
WEP relies on a secret key that is shared between a mobile station and an access point. The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit. However, using the tactics mentioned above, it’s easy to get around WEP. Wagner recommends that anyone using an 802.11b wireless network not rely solely on WEP for security. Instead, you should use other security measures to enhance WEP and WLAN security.
First step: Use WEP as the foundation
Despite the fact that he found major flaws in WEP, Wagner said it is very important that you use its encryption system as a foundation for good security.
“Surprisingly, a large proportion [of companies] deploy wireless networks without any encryption. So that is the first serious mistake that you can make,” Wagner said.
“If you don’t have WEP enabled—if you don’t have [any] encryption enabled—[you are susceptible to] very serious attacks that require almost no sophistication. So the very first thing that you’d better do if you have a wireless network is…use encryption.”
Second step: Isolate the WLAN and enhance encryption
After enabling WEP, you should also consider other security measures in order to compensate for its vulnerabilities. Wagner suggested a couple of steps to work around the potential problems of WEP.
“[First,] place your wireless network outside of the firewall. Treat it just like you would the rest of the Internet," Wagner said. “ …recognize that it can’t be trusted and anything could happen on it, so you [should] firewall it off from all of your sensitive corporate secrets.”
Next, he said to use a virtual private network (VPN) for all traffic on the WLAN. The VPN will do its own end-to-end encryption on top of WEP. You can use such popular VPN protocols as PPTP and IPSec to accomplish this. Then, set up a VPN server/router that connects the WLAN segment to your LAN segment.
A cheaper, but less safe, alternative
Wagner admitted that the above solution might be too costly for some businesses, so he offered another suggestion that provides a limited defensive strategy.
First, it is important to understand that in WEP, there is a signal encryption key that’s configured identically for everyone who is supposed to have access to the wireless network. Usually, this key is set up once when the password is handed out and often stays the same for months or years. That said, Wagner suggested that the wireless system employ extensions to WEP that perform dynamic key changes and modify the wireless encryption key once every 10 minutes.
“The problem is that once someone can break it, they've got everything,” Wagner said.
“So [by] changing the key once every 10 minutes, you can ensure that if they use this attack against you, they only get something that’s…10 minutes worth of data. And second of all, changing the key frequently makes it hard to mount [WEP] attacks.”
IT managers should be concerned
William Arbaugh, assistant professor of computer science at the University of Maryland, has also discovered flaws in WEP. He confirmed that WLANs are at great risk if they aren’t protected by additional security mechanisms.
“IT managers should be worried about unauthorized users accessing the corporate LAN via wireless access points,” Arbaugh said.
The research by Wagner and Arbaugh identified the risk posed by WLANs. Both researchers said is it wise to use WEP as a foundation but warned against relying on it as your sole method of security. Fortify it by placing your wireless network outside of your firewall and using a VPN for all traffic and to connect the WLAN to your LAN. If that solution is beyond the scope of your budget, consider teaming up the WEP and dynamic key changes to protect your system.
Brian R. Hook is a freelance journalist, covering business and politics, based in St. Louis. E-mail Hook at firstname.lastname@example.org.
Have a question or a comment?
We look forward to getting your input and hearing your experiences regarding this topic. Post a comment or a question about this article.