How to: Prevent Parking Lot Attacks
August 14, 2008
One approach to reducing the risk of "parking lot" attacks on your WLAN is to reduce exposure by using shielding products, such as specialized paint, to attenuate RF signals.
The application of shielding in the form of specialized wall paint substantially attenuates RF signals, which improves wireless security and performance.
Basic shielding concepts
An RF shield highly attenuates RF signals going out of and coming into the building, resulting in significant improvements to security and performance. Serious wireless product developers have been shielding rooms for years to provide a quiet chamber (Faraday cage) for testing wireless products in the absence of external RF signals. The implementation of a Faraday cage requires specialized construction of the walls of a room, which makes the approach not feasible for general operation of wireless LANs. Its rarely cost-effective, obviously, to rebuild the walls to enclose the entire building in a Faraday cage.
The use of special RF shielding paint and window film is a good alternative for protecting larger rooms and even buildings. There are several varieties of paint and window film available, with attenuation ranging from 40dB to 80dB for the frequencies that wireless LANs use. You simply paint the walls and apply film to the windows, and the additional attenuation does a good job of shielding the building.
Advantages of shielding
An additional 80dB of attenuation substantially reduces the possibility that someone outside the shielded area can connect to or even detect the wireless network located inside the facility. For example, a wireless LAN may exist inside your building with an access point near an exterior wall. In this situation (with no RF shielding applied), the signal levels propagating just outside the building near the access point will likely be around -50dBm, which is plenty high enough for a client device located outside the building to detect and connect to the wireless network. As with most indoor wireless LANs, this poses a security risk because an unauthorized person sitting in the parking lot can easily see the network. This opens the door to various security attacks.
Now if you apply 80dB wall paint in this scenario, the signals measured from the same outside location will drop to approximately -130dBm, which is well below the receive sensitivity of an 802.11/Wi-Fi client device radio. The outcome is that the client device outside the facility will not be able to detect or connect to the network. Thus, the application of shielding gives your building skin that offers a layer of security on top of existing security mechanisms, such as encryption and authentication.
A similar improvement occurs regarding the reduction in RF interference. Imagine, for instance, that a neighbor has a wireless LAN. The signal level of the neighboring wireless LAN measured inside your facility may be as high as -40dBm (assuming their access point is really close). With 80dB wall paint applied, the signal levels from the neighboring wireless LAN will drop to approximately -120dBm which is also below the receive sensitivity of 802.11/Wi-Fi client devices. Consequently, the shielding eliminates typical RF interference originating from outside the building, which allows your wireless LAN to operate at higher performance levels. In addition, the attenuation of external signals helps preclude the origination of denial-of-service (DoS) attacks from outside the building.
If youre thinking about shielding a room or building for improving wireless LAN security and performance, consider the following tips:
- Define security requirements. The application of RF shielding paint can be fairly costly, so seriously think about why you need it. Determine the level of risk if someone from outside the building is able to detect and possibly connect to your wireless LAN. Certainly encryption and authentication go a long way in providing sound security, but youd be surprised by how well seasoned hackers can outsmart even the better security mechanisms. You should perform a security assessment with emphasis on penetration testing to determine whether a security risk from outside the building exists.
- Determine impacts of RF interference. If your wireless LAN must provide optimum performance, then the reduction of external RF interference through shielding may be valuable. Assess existing RF interference through the use of a spectrum analyzer, and identify the magnitude of signals originating from outside the facility. It gets a bit tricky to predict the real impacts of this interference on performance, so youll probably need to do some capacity testing using the actual network with and without the anticipated levels of external interference. Keep in mind that youll likely not benefit from reducing external interference if there are substantial sources of RF interference originating from inside the building (unless you isolate the interference by shielding interior walls). If you cant bear a DoS attack on the wireless LAN, then shielding may be a good solution regardless of the existing interference.
- Consider the cost of applying the shielding. A gallon of RF shielding paint can cost $450 per gallon, which is about 20 times the cost of standard wall paint. Based on security requirements and the impacts of existing RF interference, you must determine if the cost of re-painting the perimeter of the building (or room for smaller applications) is worthwhile. As with standard paints, a gallon of RF shielding paint will cover about 600 square feet. Multiple coats may be necessary, however, to achieve maximum attenuation.
- Apply the shielding. You can easily apply shielding paint and window film. Paint application is completed with standard rollers and brushes, and clean up is often done with just water. Window film is generally a peel-and-stick application. Be certain to follow the manufacturers instructions to ensure proper use.
After implementing the shielding, perform testing inside and outside of the building to confirm signal attenuation results. This may also be a good time to re-run penetration tests to ensure that your facility is bullet proof.
For more on "parking lot" attacks, read "RF Barrier Helps Deter Eavesdroppers," "Arrests Made in Massive Wireless Credit Card Heist," and "Arrested Criminal Hackers Used Wi-Fi."
For more tutorials by Jim Geier, read "Deploying Voice over WLANs," "Troubleshooting 802.1x Missing Supplicant Problems (Part I)," "Deploying Public WLANs."
Jim Geier provides independent consulting services and training to companies developing and deploying wireless networks for enterprises and municipalities. He is the author of a dozen books on wireless topics.