Wireless Hackers 101
December 02, 2005
What they do, how they do it, and what you can do about it.
By Brian de Haaff
Attacks on wireless LANs (WLANs) and wireless-enabled laptops are a quick and easy way for hackers to steal data and enter the corporate network. IT departments must have a pre-emptive plan of action to prevent these malicious and illegal attacks, which compromise an organizations data privacy and can wreak havoc on network infrastructure.
Network security managers need to plan for, monitor, and recognize potential network breaches as well as react quickly when any breach occurs. To ensure effective, automated, wireless threat protection, companies and government organizations should implement a wireless intrusion detection and prevention (WIDP) solution that enables them to detect vulnerabilities, assess threats, prevent attacks, and ensure ongoing compliance — easily and cost effectively.
The Hacker Problem: Expect the Unexpected — When You Least Expect It
Hackers today are out for financial gain, not just to show off their technical expertise. They are stealing financial data, customer credit card numbers, and competitive information, and they are doing it wirelessly. Using a well-stocked, readily available tool chest, hackers go after the weakest link, scanning for vulnerable access points (APs) or unwittingly open laptops. With systems that can detect wireless attack signatures and the support of a vendor dedicated to WIDP, IT departments can put themselves in a position to thwart hackers before a compromising corporate break-in occurs.
Hackers have developed a wide variety of tools to find and exploit WLAN vulnerabilities, including encryption and authentication cracking tools, war driving (using scanning and probing devices to search for unprotected WLANs), and long-range antennas to pick up 802.11 signals from a distance. New hacking freeware tools are introduced on an almost weekly basis. Hackers use these tools and others to launch a wide variety of assaults, including malicious association, identity theft, man-in-the-middle attacks, and denial of service attacks.
At a minimum, enterprises must encrypt and authenticate communications on the WLAN, but that is just step one. Even with a VPN in use, WLANs are vulnerable to many advanced attacks that prey on the inherent loopholes in these security implementations. At first blush, traditional approaches for detecting network vulnerabilities and attacks seem viable for the WLAN domain. But with further examination, it becomes clear each has severe flaws that make it unsuitable for protecting the WLAN from intrusions.
Ensuring Automated Wireless Threat Protection
By deploying a dedicated wireless security system that monitors the wireless communication channels, an enterprise can more effectively respond to WLAN security issues. While off-the-shelf AP hardware is limited to scanning one region at a time, it is critical to scan the more than 220 802.11a/b/g channels in the regulatory domains of the U.S., Europe, and Asia, plus the gray channels defined in this spectrum. Gray channels, which rogue devices trying to evade detection can use, are increasingly configurable with off-the-shelf wireless equipment.
The ability to scan gray channels is particularly important to global organizations, where employees are more likely to introduce off-region rogues. If an enterprise is not currently using a dedicated wireless security solution, it will not know how effective its security architecture is until it is too late. Even organizations with "no wireless" policies still need to monitor their airwaves if they want to enforce such policies.
While detection is the first step, it is also where the first generation of solutions, including the part-time security capabilities built into traditional APs, stop. Organizations need a dedicated system to actively prevent attacks. A purpose-built WIDP system provides the critical next step needed to automate threat protection. Such systems automatically respond to wireless threats based on how policies have been set to best meet enterprise business objectives.
The most advanced dedicated solutions use a two-tiered architecture with purpose-built security sensors that continuously monitor the airwaves. Critical data from each sensor is communicated to a regional or centralized security server that aggregates and archives it, and completes detailed correlation analysis using sophisticated algorithms to quickly identify security risks and performance anomalies. If a threat is detected or a problem is discovered, an alert is sent to the security console or to an integrated third-party system. The security sensors then automatically de-authenticate the rogue device and contain it until personnel can investigate. Since only the central server in this type of split-analysis architecture needs to be updated in response to new threats, IT can respond to future threats quickly and cost effectively.
It is an unfortunate truth that calculated, targeted attacks are part of todays enterprise landscape. Inevitably, almost every enterprise or organization will be attacked at some point, and the WLAN is currently the most vulnerable area. With vigilance, a well-defined program, and the right solution, WLANs can be secured and their benefits safely and profitably attained. Continuous real-time monitoring, assessment, and prevention are essential to securing the WLAN. Enterprises and government organizations should leverage dedicated WIDP solutions to assure the protection of critical networks, data, and users.
Brian de Haaff is vice president of product management at Network Chemistry.