Wireless networking is fast becoming a service expected by

most enterprises. Being able to undock a laptop, walk around the office (for

meetings, impromptu brainstorms, etc.) and still have instant access to files

and data sources is seen as vital. For an IT department, the implementation of

wireless networking is relatively simple and inexpensive. The transfer speed

offered by wireless hardware is constantly increasing, making it a viable alternative

to wired LAN in some situations such as small offices with solid floors and

ceilings.

This all sound great, but there has to be a catch doesn’t
there? Well yes, the catch is security.

We go to great lengths to protect our wired networks from the

outside world. What would you think if you started working for a company and

found that they had no firewall protecting their internet facing services? Well,

the same should apply to wireless services as these face the outside world and

are more vulnerable than you may think. A report put together by RSA Security in 2004 gives some horrific figures on the use of unencrypted wireless networks;

this was as high as 72% in Milan! A newer report

shows that the situation is still not under control–26% of access points in London were found to have

the factory default settings. I decided to take my own survey and drove around

a local town for 20 minutes. I picked up 372 individual access points! A

massive 39% of these were open, 47% WEP encrypted, and 14% WPA protected. Most

of these were obviously home broadband networks, however a notable number were

clearly advertising their location, including some businesses.

There are, of course, simple measures which can be taken to

protect your network. 128-bit WEP encryption is available on almost all wifi

equipment. This is as simple as generating a suitable encryption key (there are

many utilities on the internet like this one)

and then entering it in your AP’s web interface. This will be enough to stop

the guy in a coffee shop next-door from connecting to the Internet via your

network (rather than paying for the local hotspot access–who doesn’t like a

free lunch?). That’s all very well but will it protect your network from more

shady characters? No is the simple answer; WEP encryption is easily crackable for

those in the know. Hackers will be less interested in simply gaining free Internet

access; they could have much more sinister intentions. First, don’t advertise

your network to the world. Hide your network SSID (some hardware offers this

feature), and failing that you should at least use a random SSID rather than

‘MyCompany.’ I know that sounds silly, but you would be amazed how often this

is the case.

If possible, use WPA encryption. While this is still not

impregnable, it is a vast improvement over WEP, and most new equipment will

allow the use of WPA. Another precaution you can take is to separate your

wireless and wired networks on to different subnets, placing a firewall between

them (much as you would with your Internet connection).

One thing which all network administrators should do on a

regular basis is check the strength of their own networks. Scan your firewall

and systems for the latest vulnerabilities or exploits, because you can be sure

that someone else is doing this for you! The same applies for your wireless

network–do you know how easy or difficult someone would find it to penetrate? A

set of tools I have found very useful are those put together by the security group

remote-exploit.org.

You can boot from the Auditor LiveCD without the need for installation. You

don’t need a dedicated notebook–just pick one with compatible hardware, pop in

the CD, and you’re off (I use my IBM ThinkPad). It seems this set of tools is

so complete that even the FBI uses it!

Explaining the theory behind testing WEP encryption is

beyond the scope of this blog; however, here are several references which will

explain things. Note that most of them refer to the Auditor LiveCD previously

mentioned:

If you don’t already follow security-related press and learn

about so called ‘underground’ techniques being used by hackers today, I can

only urge you to do so. The only way to keep your networks secure is to fully

understand the threats being faced and techniques used.