802.11x
For most businesses, installing a wireless local area network (WLAN) is about like trying to answer the “have you stopped beating your wife?” question. You’re wrong whatever you do. The freedom and convenience offered by wireless make it a technology everyone wants. But, it’s this very freedom that make it vulnerable to attack from the outside.
Today, wireless networking means using a version of the 802.11 standard as defined by the Institute of Electrical and Electronics Engineers (IEEE). Within this standard are a number of versions ranging from “a” to “i,” frequencies from 2.4-Ghz to 5-Ghz and per-channel transmission rates from 11-Mbps to 54-Mbps.
The speed, freedom and easy set-up of 802.11 have even police and fire departments across the country taking a serious look at using the technology. But is 802.11 secure enough for such sensitive agencies or even for the average company?
It’s a question worth asking since attacks on public and private networks are at an all-time high. Worldwide, the number of reported network vulnerabilities were up nearly 125 percent from the year 2000 to the year 2001. The actual number of new remote access Trojan horses released through the Internet have grown from 12 a day in 1999 to more than 135 a day. Web defacements have jumped more than 30 fold in the same two-and-a-half-year period — from 15 a day to more than 470 a day.
Heavy cost
The cost of these malicious attacks is also astonishing. For example, it took only four days for the Melissa virus (released in 1998) to generate more than $400 million in losses for corporations and individuals. In the following year, the LoveLetter virus caused between $8 billion and $15 billion in damages and lost productivity in just five hours.
According to experts, such attacks will not only continue, but will certainly worsen. Paraphrasing an old proverb, Gene Hodges, president of Network Associates, noted, “for the next five years, it’s fair to say that there is nothing sure but death, taxes and escalating [security] attack rates.”
Generally, wireless is seen as the most insecure type of data network. Most believe that wired Ethernet networks are reasonably secure, those based on fiber optics are very secure and all types of wireless networks are about as secure as the revolving door at Macy’s department store during a sale.
Breaking into wireless networks has become so easy that it’s evolved into a game. “Warchalking,” “war driving,” and, even, “war flying” are all being used to detect open wireless networks. What’s more alarming is that those who detect them, make a point of telling others.
War driving is the practice of driving a car in business areas and using a laptop equipped with an 802.11b network interface card (NIC) to detect wireless access points. It doesn’t take long to find open networks.
“I would say that 90 percent of all rogue installations — which means they are not sponsored by an IT department — are vulnerable,” said Dan McDonald, vice president of Nokia. “You can grab access points by just driving by with a wireless scanner. I was able to connect to about a hundred different networks in the train station in Tokyo by just having a computer with 802.11b enabled.”
Taking this game to new heights, a group from the Bay Area Wireless Users Group, reportedly, flew over San Diego in a small plane and, in a short time, picked up more than 400 access points.
After identifying “free” access points, warchalkers write symbols on nearby walls that tell anyone who wants to know the Service Set Identifier (SSID) — essentially, the password, WLAN version, and the bandwidth.
Securing the system
Whether an 802.11 wireless system can be secured is a matter of heated debate.
“There are technologies that make WLANs secure and prevent unauthorized access and eavesdropping,” said McDonald. “One example is virtual private networking (VPN) technology, which gives you strong authentication and encryption.”
Wired Equivalent Privacy (WEP) is one tool that has been hailed as the “big gun” in securing 802.11x wireless networks.
But, Bruce Schneier, founder and CEO of Counterpane Internet Security and a recognized expert in the field, says: “It ain’t so.”
In his words, “WEP is not only insecure, it is robustly insecure. The people who designed the protocol did a horrible job of securing it. It [wireless] has great performance, works well, and I can use my computer in the lobby of a hotel, but it’s not secure.”
As usual, the real answer to the question about the effectiveness of WEP and the overall security of 802.11x, lies somewhere in the middle. Wireless is not perfect, but, if it is implemented and monitored correctly, it can be adequate in most cases. Sure, it can be hacked, but it will take someone a bit more determined and knowledgeable than the average warchalker or a fun-loving geek out for a weekend lark to impress his friends to break-in.
Other things that can be done to help secure a wireless network include disabling SSID broadcasting, changing the access point’s default settings, adding an additional firewall between the access point and the network, and using a directional antenna.
In some cases the answer to security may be as simple as enforcing in-house policy, noted John Weinschenk, vice president of Enterprise Service Group for Verisign, Inc.
“One of the biggest risks with wireless is that companies usually deny that its being adopted within their own walls. People are bringing their own wireless LANs to work and plugging them into the conference room Ethernet jacks, even though the company tells them not to do it.”
New weapons in security war
The newest hope for security rests with Wi-Fi Protected Access (WPA). Look for this new IEEE standard to begin showing up in Wi-Fi-certified products in the first quarter of 2003.
WPA enables 802.11i-based Temporal Key Integrity Protocol (TKIP) encryption, which overcomes the problem of a static key used in WEP.
It also adds 802.11x/Extensible Authentication Protocol (EAP) that can prevent the so-called man-in-the-middle attacks. In those types of attacks, an intruder masquerades as a host and attempts to capture passwords.
Supporters claim the encryption and authentication levels that it provides should be acceptable for most enterprises.
Because securing wireless networks is so important, work on new security precautions has spawned an industry of its own.
For example, Symbol Technologies, Inc. has joined with Intersil Corp., Intermec Technologies Corp., Microsoft Corp. and Cisco Systems Inc., to form a consortium to develop Simple Secure Network (SSN). SSN periodically changes the encryption key.
Additionally, the 802.11i protocol, which the IEEE has been working on for more than a year, promises to plug the security holes of WEP by adding several encryption and authentication methods.
Changing times
In the end, nothing is truly secure. No matter what precautions you take, there will always be someone who can hack into your system, wired or wireless, if they really want to do it.
But, there are degrees of safety and, for now, wireless systems based on 802.11x protocols are more vulnerable than a wired system.
Police and fire departments in metropolitan are, generally, not using wireless for data transmission.
Although the main reason is the concern for security, another reason is that it is simply not fast enough.
The current speed of 11-Mbps, and even the 54-Mbps promised by 802.11i, cannot deliver the performance needed to handle the volume of information that must be transmitted on a regular basis.
But, as Bob Dylan told us, “the times they are a changin’.” Security is getting better by the day and speeds are increasing.
Because of the freedom it offers, there is little doubt that wireless is the wave of the future and one day will be the most widely used method of data transmission.
But until that day about all we can do is to be constantly on the alert.
“Usability and features always fight against security, and security loses,” warned Schneier. “There will be vulnerabilities, but you should try to be secure anyway. Detection and response is the answer — doing things so even if your front line breaks, you can be secure.”
The ABCs of 802.11
802.11a
As with 802.11b, this standard is commonly known as Wi-Fi. This is a physical layer standard for WLANs operating in the 5-GHz radio band with eight available radio channels specified. The maximum link rate is 54-Mbps per channel, but expect the actual data throughput to be about half of this speed.
Also the data rate decreases as the distance between the user and the radio access point increases. It is not backward-compatible with 802.11b, so the old network must be replaced with 802.11a equipment. Available now.
802.11b
Also known as Wi-Fi, this is the most popular standard for wireless networking. This physical layer standard for WLANs operates in the 2.4-GHz radio band and specifies three available radio channels. The maximum link rate is 11-Mbps per channel, but it is shared by all users of the same radio channel, including cordless phones, micro-wave ovens and many Bluetooth products, so expect throughput of about half the speed. As with 802.11a, the data rate decreases as the distance between the user and the radio access point increases. Available now.
802.11d
This is supplementary to the Media Access Control (MAC) layer in 802.11 and is being promoted to encourage the worldwide use of 802.11 WLANs. Since the 802.11 standards cannot legally operate in some countries, 802.11d adds features and restrictions to allow WLANs to operate within the rules of these countries.
When: Work is ongoing, but see 802.11h for a timeline on 5-GHz WLANs in Europe.
802.11e
This protocol is supplementary to the MAC layer to provide QOS support for data, voice and video applications for 802.11a, 802.11b and 802.11g. Available sometime in 2003.
802.11f
Described as a “recommended practice” document, it is designed to achieve radio access point interoperability within a multi-vendor WLAN network. It defines the registration of access points within a network and the interchange of information between access points when a user is handed over from one access point to another. Available early 2003.
802.11g
This is a physical layer standard for WLANs operating in the 2.4-GHz and 5-GHz radio band. It specifies three available radio channels and a maximum link rate of 54-Mbps per channel. The 802.11g standard uses orthogonal frequency-division multiplexing (OFDM) modulation but, for backward compatibility with 11b, it also supports complementary code keying (CCK) modulation and, as an option for faster link rates, allows packet binary convolutional coding (PBCC) modulation. Available now.
802.11h
This version of 802.11 is supplementary to the MAC layer and offered to comply with European regulations for 5-GHz WLANs. These regulations call for products to have transmission power control (TPC), which limits power to the minimum needed, and dynamic frequency selection (DFS) which selects the radio channel at the access point to minimize interference with other systems. Available in the first half of 2003.
802.11i
The main feature of 802.11i is improved security. It provides an alternative to Wired Equivalent Privacy (WEP) with new encryption methods and authentication procedures which include firmware up-grades using the Temporal Key Integrity Protocol (TKIP), ilicon with Advanced Encryption Standard (AES, an iterated block cipher) and TKIP backwards compatibility. Available now.
