CHICAGO -- Whether wireless local area networks are being used in a home office or by corporations, they are plagued by security holes that can be exploited by determined crackers.
Vulnerable wireless local area networks are so prevalent that Jeffrey Posluns, a security consultant and presenter at last week's Networking Decisions conference, said that during a cab ride from O'Hare International Airport to downtown Chicago, he was able to detect 28 wireless LANs he could have logged on to.
During his presentation at the conference, Posluns outlined the steps necessary to begin securing a wireless network -- from the most basic actions a home user can take to the most advanced steps that a business might want to consider. To drive home the vulnerabilities of a wireless system, he also discussed how each measure could be thwarted.
The fundamental problem with a wireless network is that it broadcasts its signal to the world. Once someone accesses the wireless LAN, its presence can be detected by someone else.
There are multiple levels of security available for wireless networks. All provide some level of protection, but most can eventually be overcome by a determined cracker. Posluns, who works for the Montreal-based consultancy SecuritySage, outlined some easy steps that companies can take to guard against intruders on their networks.
- Name your network. Many users, he said, leave their networks set to the default name, "D-Link." Crackers search for networks that use this default name, making it much easier for someone to find your network. Changing the default name makes it that much harder to detect.
- Wireless encryption protocol (WEP) provides an additional layer of protection, but it can be cracked with tools readily available on the Internet. It takes anywhere from four to 18 hours for a cracker to break the encryption and return with the key. Then the cracker will have full open access to the network.
- Extensible authentication protocol (EAP) changes the WEP key at regular time intervals so that even if someone is able to break the code and determine the key, it will be changed by the time they try to use it. A cracker who is able to intercept an encrypted signal for the length of time it takes to crack the code could break though this system by recording and decoding each key as it is used. Someone using the network would have to be connected and using the network for the full amount of time it takes to break the code.
- Some systems use the unique media access control (MAC) address to determine whether someone can have access to the network. These systems, Posluns said, are easily thwarted by programs that allow users to sniff out a MAC address and then use the MAC address for their own device.
- The newest security standards for wireless LANs were ratified in April. Known as 802.1x, Posluns said these standards are likely to increase the security of wireless LANs. They move security to the open systems interconnection (OSI) layer 2 and can add features like dynamic generation of a second MAC address, which can thwart those that are trying to spoof MAC addresses.
Posluns said that nothing is foolproof, but that taking even the most basic security steps will start to raise the bar of entry to your wireless networks, and that is a start for keeping out intruders.
Security has been a barrier for many companies when it comes to wireless. That's the case for Juan Carlos Zelaya, IT manager for Empresa Nacional de Energia Electricia, Honduras' national energy company in San Pedro. Interviewed at the conference, Sula said the customer information that his company uses is far too critical to expose to the security threat that wireless poses. For the time being, the 802.11b wireless standard is not a consideration, even with those approaches that Posluns outlined.
Brad Bacci, a network architect with New York City-based consultancy Deloitte Touche Tohmatsu, another conference attendee, had similar concerns about wireless security. It's something that he said has stopped Deloitte from aggressively pursuing wireless systems for its own use. And he said it remains a big concern for his clients as well.
But Bacci said he is hopeful that the upcoming 802.1x standard will provide enhanced security that will make wireless LANs more viable.