Closing Up Wireless Security Holes
Jun 30, 2004 6:15 AM PT
Because they offer users network-access flexibility as they move from place to place, wireless LANs -- often called WLANs -- have gained significant acceptance. While the technology has proven to be a boon to maintenance technicians, salespersons and programmers, it has been a sometimes vexing security problem for IT managers.
Starting with the first version of the 802.11 standard, which was crafted in 1997, WLAN security has been decent at best and porous at worst. However, the problems associated with wireless security might soon be addressed as products supporting a new standard make their way from vendor development laboratories to the marketplace.
"WLAN security has never been as comprehensive and as easy to implement as users would like, but that could change during the year," said Abner Germanow, an industry analyst with market research firm IDC.
WLAN security limitations have centered mainly on 802.11's encryption techniques, and limitations were especially evident in early iterations of the standard. The specification's initial encryption functions, dubbed Wired Equivalent Privacy (WEP), were weak and susceptible to outside intrusion.
SSIDs and Shared Keys
When granting access, WLANs rely on Service Set Identifiers (SSIDs) to verify each network component, and individual device information can be checked in one of two ways.
The first method, open authentication, requires that a device supply a known SSID to gain network access. One problem with this technique is that an access point -- basically, the entry point and gatekeeper to the network -- constantly broadcasts its SSID, so intruders can detect its presence with network analyzers and use that information to enter the network.
The second verification technique, shared-key authentication, forces each access point to send each client a challenge test packet that it must encrypt and return to the access point in the proper format.
If the client has no encryption key or the wrong key, the authentication attempt fails and the client will not be let into the network. But WEP's shared-key authentication scheme was not strong enough -- at least when the technology was initially developed -- to keep hackers out of wireless networks.
To comply with then-current federal laws, the first release of WEP featured a 40-bit encryption technique. "Hackers could download programs via the Internet that would help them break WEP's security algorithm," said Allen Nogee, a principal analyst with market research firm In-Stat/MDR. In a best-case scenario for the hacker, the process could take about an hour.
In addition to using a weak encryption algorithm, WEP relied on static keys, a technique where the code used to encrypt transmissions remains the same for a period of time -- an hour or sometimes more. Because of that, would-be intruders had plenty of time to break the code needed to get into a network.
The limitations of the original encryption technique were significant, and because their wireless transmission ranges would often travel further than the immediate area, hackers could sit out of sight -- say, on the other side of a wall or on the sidewalk outside of a building -- and repeatedly attempt to break into a network.
Rogue Access Points
When wireless access points were first becoming widely used, the process of breaking into a network was as simple as plugging a wireless adapter card into a laptop and searching for an open link in a manner akin to locating the nearest cellular tower.
"Corporate concern about WLAN security goes beyond eavesdropping, because they understand that 'rogue access points' can disrupt enterprise wireless LANs," said Ira Brodsky, president of Datacomm Research, a market research firm that focuses on the wireless industry.
In fact, this technique, dubbed war driving, has been successful for hackers across the history of wireless networks even at present because consumers often leave their wireless networks completely unprotected, exposed and exploited.
"In England, an individual's house was raided for child pornography, but officials later discovered that it belonged to a rogue network user," IDC's Germanow told TechNewsWorld.
Plugging the Security Holes
Vendors have tried to plug these security vulnerabilities in several ways. Almost all vendors have developed proprietary extensions to the wireless protocols to layer additional security checks on their WLANs. However, this layering technique means that different vendors' authentication and encryption schemes might not interoperate well with another vendors' scheme.
In the context of corporations, employees, wireless PDAs and laptops, other issues enter the picture. As soon as companies begin to accommodate employees that have different types of wireless equipment, the security of each access points must typically revert to the lowest common denominator, which usually means WEP. While WEP has come a long way and offers higher level of encryption these days -- even up to 256-bit keys -- the technology still has some weaknesses.
Vendors have been developing new security standards to counterbalance some of the weaknesses associated with today's wireless technologies. The Wireless Protected Access (WPA) protocol is designed to solve some of the problems associated with WEP.
In addition, the new 802.11i standard -- an upcoming wireless standard that will succeed the current WiFi implementations -- will include a system for creating fresh keys at the start of each session; provide a way to check packets to make sure they are part of a current session and not repeated by hackers to fool network users; and rely on the Remote Access Dial-In Service (RADIUS) standard to manage encryption keys.
Products conforming to the new IEEE standard are just beginning to ship, so IT managers should find it easier to keep intruders from accessing their wireless networks.
"Deploying robust security has been a challenge with WLANs," concluded In-Stat/MDR's Nogee. "With the latest security functions, companies will find needed functions available out of the box, rather than be forced to add them themselves."