RF Barrier Helps Deter Eavesdroppers
July 28, 2008
Meru Networks' new RF Barrier generates white noise to stem outdoor Wi-Fi transmission bleed-through.
Today, Meru Networks announced RF Barrier, the next salvo in the industry's on-going battle against piggybackers and hackers who access networks from parking lots or other areas within range of a corporate WLANs signal. Unlike counter-measures that use encryption to scramble sensitive data, RF Barrier fights fire with fire by transmitting over Wi-Fi signals that would otherwise propagate farther than intended.
"Wireless security has largely been about applying wired techniques [like encryption and IPS]," said Joe Epstein, Meru's senior director of technology. "But most really damaging attacks have taken advantage of wireless signal bleed into areas like parking lots. Those [passive eavesdropping attacks] are the worst because they cannot be detected electronically. This is where RF Barrier comes in, to stop signals from reaching perimeter attackers."
Cranking up the volume
To insulate a building with RF Barrier, Meru mounts one specialized 802.11a/b/g access point on each exterior walltypically, one AP per 100 linear feet. Each AP is equipped with special firmware and two antennas. An interior omni antenna listens passively for inside WLAN transmissions, while an exterior directional antenna transmits innocuous 802.11 frames simultaneously over each transmission.
"A parking lot attacker will pick up both signals," said Epstein. "But the exterior antenna will be much closer and its transmissions will be much stronger. If [attackers] see inside transmissions at all, it will only be for short periods, and signal will be very degraded. This approach is highly effective against eavesdropping attacks mounted from outside."
Meru recommends that customers walk around outside after installation, carrying any Wi-Fi capable laptop or phone. If RF Barrier is working properly, those outside Wi-Fi clients will not receive enough beaconed information to even list the WLAN as an available network.
However, RF Barrier transmits selectively, only when required to block a transmission. "Transmitting all the time would be harmful," emphasized Epstein. "Continuous transmission or RF jamming would have a major impact on neighboring networks. That would just not be acceptable in most business environments."
Reducing the impact
Of course, RF Barrier is not the only way to mitigate passive Wi-Fi eavesdropping. High-security facilities that do not ban Wi-Fi altogether sometimes employ specialized building materials like RF-shielded paint, wallpaper, or windows.
"RF paint is incredibly expensive and not terribly effective," said Epstein. "As soon as someone opens a door, you have signal leakage. And working in a building without any windows is not that comfortable. It might be fine for NSA, but it just won't work for most banks or retail stores."
Instead, many businesses use less exotic steps like directional antennas that focus more signal inside than out and reduced transmit power. While such measures can cut signal bleed, they rarely prevent it altogether. In particular, turning APs down can reduce performance for inside "corner cases" while doing little to stop serious attackers with high-gain directional antennas.
Assembling the pieces
As a WLAN vendor, Meru also provides conventional security measures like FIPS-certified AES encryption and AirFirewall intrusion prevention.
"Those strategies make a lot of sense, but they are implemented and used by humans, and they can still have vulnerabilities," said Epstein. "For example, retailers have issues with older devices that only support WEP or shared keys. Even devices that support EAP-TLS still send certificates in the clear, potentially leaking a lot of information. Encryption alone just can't stop attackers from seeing SSIDs the way that RF Barrier can."
Epstein believes that RF Barrier will be especially attractive to businesses with distributed offices that operate without on-site IT staff, such as retail stores and bank branches. In such cases, RF Barrier provides added insurance against mistakes or leaks that might otherwise go unnoticed.
For example, produce wholesaler Anthony Marano Company installed RF Barrier to protect its Wi-Fi voice network. Located right next to I-55 in Chicago, the company was especially concerned about signal bleed from its warehouse onto the adjacent highway.
"Our Nokia Wi-Fi smart phones handle sensitive voice calls as well as confidential e-mails," said Chris Nowak, CTO. "RF Barrier lets us decide exactly where we want to draw the border around the coverage area, and we know the information stops right here...RF Barrier dramatically reduces the risk of parking lot-type security attacksand that means we won't have to make excuses to management later."
Meru customers can purchase RF Barrier kits in September 2008. Starter kits ($3,595) will contain four APs, antennas, cables, and software licenses. Buildings with lengthy walls that need additional APs can purchase them for $995 each. Because RF Barrier uses 802.11a/b/g APs, it cannot block 802.11n data transmissions, but it does block 802.11n beacons. Meru expects to offer 802.11n-based RF Barrier kits in the future.
- For more on parking lot-based intrusion, read "WLAN Security Blamed for TJX Payment Card Breach," "Arrested Criminal Hackers used Wi-Fi," and "Understanding Basic WLAN Security Issues."
- For more on corporate security, read "Retailers Still Need to Shore Up WLAN Defenses," "Improving WLAN Security," and "Review: ZyWALL-2WG Mobile Internet Security Appliance."
- For more on Meru, read "Meru readies 11n for Enterprise," "New VoWi-Fi Certification Program Ensures Interoperability and Performance," and "Big WLAN on Campus."
- For more by Lisa Phifer, read "Hotspot Safety for Business Users," "WLAN Security Service Aims to Boost PCI Compliance," and "Spotting Wireless Intruders: IBM."
To learn about wardriving, which is sometimes associated with parking lot piggybackers and hackers, read "Wardrivers: Pioneers or Pirates?".
Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. With over 25 years of experience in the NetSec industry, she has been involved in wireless product and service design, implementation, and testing since 1997.