Office Memo 5
Office Memo 5
26 February 2003
Warchalking and other wireless worries
Wired computer networks are costly to install and difficult to change. Wireless networks, on the other hand, are now cheap to install and very adaptable. Wireless makes it possible to connect equipment in large warehouses, retail sites and manufacturing plants without the need to install cabling. You can move equipment without the need for technical help and even move a complete installation from one building to another.
This adaptability comes at a price. Because of the nature of wireless, people outside can pick up private signals and can even connect into private Wireless Local Area Networks (WLANs). This has led to the emergence of the twin threats of 'wardriving' and 'warchalking'. Wardriving is scanning wireless network signals from a moving vehicle while passing the building or site from which they are being transmitted. It needs only a laptop computer fitted with an antenna, a WLAN card and some wireless scanner software. Some people, if they have discovered a wireless network with external connectivity, will share the details using symbols chalked on pavements or walls ('warchalking'). This has recently been the subject of some media hype, so it is worth looking at the real nature of the threat.
Wireless LANs provide wireless access over a range of up to several hundred feet. The prevailing specification used for them is the 802.11b standard from the American body, the Institute of Electrical and Electronics Engineers (IEEE). WLANs are thus sometimes referred to as 802.11x networks. To give privacy, the standard defines the Wired Equivalence Privacy (WEP) encapsulation of data. Despite including well-known encryption mechanisms, such as the RC4 cipher, WEP is vulnerable to both passive and active attacks. This opens up the wireless network to malicious parties to eavesdrop and tamper with wireless transmissions.
So how far does a WLAN reach? 802.11b allows wireless transmission of up to 11 Megabits per second (Mbps) of data at distances from a few feet to several hundred feet. It does so over the standard 2.4 GigaHertz (GHz) unlicensed band.
Radio amateurs in Britain noticed that the lowest six channels of the WLAN band fall into the 2.3-2.45 GHz amateur radio band. So, liking a challenge, they set out to see how far they could make a WLAN reach ('working DX', in ham jargon). According to an article published on the Flight Refuelling Amateur Radio Web site (http://www.frars.org.uk), they were able to use the WLAN across 14 kilometres. This shows the importance of adjusting the transmission level of your base station to be just enough for your needs.
The compromise between security and ease of use of WLANs is a constant question. Most suppliers want to ensure that their equipment will work 'out of the box'. To achieve this, they use well-known default settings that do not fully exploit the security features available. To take maximum advantage of the security features that exist calls for some work when installing a new WLAN.
A typical network has several mobile devices, such as PDAs, mobile phones and laptop computers. These connect to central information stores through hardware called access points. Setting these up correctly is critical to security. For example, you need to change the Service Set Identifier (SSID) or network name from the default to something private. You should enable WEP (described above), giving access only to equipment that you recognize. This means you should statically assign IP addresses to hardware or Media Access Control (MAC) addresses. You should use dynamic address assignment only where IP addresses are assigned only to recognized MAC addresses.
The overriding WLAN security issue is where to place firewalls. These prevent outsiders from gaining direct access to the enterprise networks. If a WLAN is connected directly to these business critical systems then it is possible to bypass the firewall by gaining access to the WLAN. You must separate any WLANs and connect them into the enterprise via a firewall. It is also advisable to strengthen the access controls on your business critical servers to provide added protection if the firewall is breached.
The cheap and easy availability of wireless equipment poses an insidious threat. It makes it possible for individuals within an organization to buy and connect wireless access points direct to the corporate LAN, compromising security. The Unicenter software package from Computer Associates can automatically discover the existence of WLAN access points. It can therefore be used to detect unauthorised additions to the corporate LAN.
***
This article was contributed by Mike Small, vice president of eTrust Solutions for Computer Associates (see http://www.ca.com). Our thanks go to him. To contact Mike, telephone 01753 241920 or email michael.small@ca.com.
Computer Associates are exhibiting at Infosecurity Europe, billed as Europe's largest and most important information security event. Now in its 8th year, the show features a free education programme and over 200 exhibitors. It takes place at the Grand Hall at Olympia, London, from 29 April - 1 May 2003. For more details of the show, go to http://www.infosec.co.uk.
|
About Office Memos
An Office Memo is an extended comment on what is happening in the world of the electronic business and elsewhere. Some memos will have appeared in Office Jotter; others are simply referred to in it.
You are free to disagree with, amplify or even agree with anything that appears in Office Jotter or an Office Memo. Of course, the rest of us will never know this unless you write in with your views, so please comment*.
Content from Office Jotter or Office Memo may be circulated freely, so long as you remember to credit its source.
Thanks,
Roger Whitehead
Publisher and editor
*No more than 1,000 words at a time, please. I edit material for publication but as lightly as possible.
Copyright Roger Whitehead, 2003. I hereby assert and give notice of my right under section 77 of the Copyright, Designs and Patents Act 1998 to be identified as the author of these publications.
|