https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

content


Wi-Fi remains a work in progress

Wi-Fi remains a work in progress

While Microsoft has caught considerable grief over Windows network security holes, it is not alone in what seems to be an industry-wide practice of leaving
  • Written by Urgent Communications Administrator
  • 1st January 2004

While Microsoft has caught considerable grief over Windows network security holes, it is not alone in what seems to be an industry-wide practice of leaving security features turned-off by default. Wi-Fi vendors also ship their equipment with simple default settings and without activating security enhancements, which could be especially problematic for enterprises and public-safety organizations.

The Black Hat Federal Briefings held in Washington, D.C., in September 2003, focused on the security weaknesses of 2.4 GHz networks. It’s a fairly simple matter for hackers to crack the wired equivalent privacy (WEP) security protocol, spoof Internet protocol addresses and forge media access control (MAC) addresses, according to Don Bailey, principal of security consultancy The Shmoo Group, who spoke at the conference. Additionally, 2.4 GHz networks legally can be jammed.

“Wi-Fi is the Wild West of networking … maybe there will be a vendor fix, but don’t count on it,” Bailey said.

Using off-the-shelf equipment and a program they wrote called Airsnarf, Bailey and colleague Bruce Potter quickly illustrated how a more powerful unauthorized rogue Wi-Fi access point (AP) could overwhelm a public wireless hot spot.

Once machines establish a connection — or “associate” — to the rogue AP, a laptop computer configured as a web server and capable of replicating popular web pages could be utilized to capture user IDs and passwords without the end user’s knowledge. A rogue AP could then be used to unleash a denial-of-service (DoS) attack on a public hot spot or corporate network, pilfer user credentials or execute an AP cloning scenario for long-term unauthorized access to a network. “Someone could pay a janitor $25 bucks to plug an AP [into a corporate network],” Bailey said. “Or a user could plug in an unauthorized AP for his convenience.”

A roaming Wi-Fi network connection typically is associated between a user’s computer and the most powerful signal source. Most off-the-shelf Wi-Fi gear emits 25 megawatts of power, but some vendors manufacture laptop cards that put out as much as 200 megawatts, Bailey said. Combined with an omni-directional antenna, a rogue AP can emit 6 watts of transmission power, which is no match for a 25-megawatt transmitter. But add an amplifier to the basic setup and the equation shifts in favor of the attacker. “A ham radio operator can legally broadcast up to 1500 watts of power — what do you think a bad guy will do?” Bailey said.

Even if a rogue AP setup broadcasting illegally outside a building were to be detected — which generally is difficult to do — the perpetrator likely would be long gone before the FCC could show up with direction-finding equipment, Bailey said.

Remarkably, a licensed amateur radio operator can legally interfere with 2.4 GHz equipment, as long as he or she complies with Part 97 of the Federal Communication Commission’s rules. Wireless hot spots operate equipment under Part 15 and therefore must accept interference from any licensed or unlicensed source. Consequently, should a disgruntled ham operator become annoyed with a local Wi-Fi cybercafe — or any 2.4 GHz operator for that matter — he or she could conduct a denial-of-service attack without fear of FCC repercussion.

“We need something like ZoneAlarm for Wi-Fi,” said Bailey, who criticized vendors for failing to supply basic advisory tools. Taking matters into their own hands, Potter and other Shmoo Group members have put together HotSpotDK, a background application that monitors and logs changes to an established Wi-Fi connection.

The application checks for and notes changes in the service set identifier (SSID) and MAC address of the associated AP, the default route or router MAC, and signal strength. Written for the Apple Macintosh OS X operating system, future versions will incorporate an authorized list of MAC addresses and a sensitivity slider for signal power changes, and will enable the monitoring of link status changes.

Potter believes the real fix for Wi-Fi security is 802.1x, a link layer authentication standard. Extended from the original point-to-point protocol (PPP) dial-up authentication specification, an extended authentication protocol (EAP) was designed to work with wired or wireless networks using a centralized server to provide authentication.

Multiple types of authentication can be supported within the 802.1x framework, ranging from token cards to public key authentication. The 802.1x standard is natively implemented in Windows XP and hardware vendors such as U.S. Robotics are lining up behind it.

Bailey is more skeptical. “The devil is really in the implementation details,” he said, pointing out that weaknesses in vendor implementations will be ferreted out by someone. “You should turn on whatever security features you have available,” Potter said, “Any hacker simply looking for low-hanging fruit to exploit will move on to the next site.”

Both consultants also were quick to point out that regardless of the amount of Wi-Fi security infrastructure, the end-user often is the weakest link, because they can be fooled or coerced into giving up user IDs, passwords and WEP keys. “You name it,” Potter said.

Consequently, organizations need to create and, more importantly, enforce security policies. Organizations particularly vulnerable to attack, or those that would find a lengthy network outage severely damaging — such as a public-safety organization — may need additional security layers, including intelligent smart cards or other devices that provide hardware authentication.

Start-up Koolspan demonstrated a hardware-authentication system at the Enterprise & Public Wireless LAN conference in October 2003. Each end-user receives a token, a USB-based device and some on-board software. To initiate a secure session, the token is inserted into the USB port, which causes the device to execute a smart card-based query of the server. The server also issues a challenge to the token. If both queries are authenticated, an AES-encrypted session begins.

The hardware is expected to cost $1595 when the device starts shipping. Koolspan, based in Bethesda, Md., expected to roll out its first product by the end of 2003.

In contrast to The Shmoo Group’s stark picture, U.S. Robotics is offering a more optimistic view of Wi-Fi security. The company recently conducted a series of evangelistic events around the globe to educate resellers on Wi-Fi technology and security solutions in conjunction with 802.11g, especially into the corporate space. “Resellers are saying that wireless is not secure and that it doesn’t perform well, and that is just not true anymore,” said Peter Blampied, a U.S. Robotics official based in Europe.

U.S. Robotics addresses the issue of security in its “802.11g Wireless Turbo White Paper,” discussing security technologies incorporated into its latest hardware and how they should be used.

Features include 256-bit WEP encryption, disable broadcast SSID, MAC address authentication, 802.1x authentication, and Wi-Fi protected access (WPA). Upon successful authentication, the temporal key integrity protocol (TKIP) alters the static 40-bit WEP security key into multiple dynamic 128-bit security keys, making WEP a much more secure protocol.

on the web:

For more information on the technology and business developments that are shaping the land mobile radio and private wireless markets, check out our Web site:
WWW.IWCE-MRT.COM.COM

Tags: Local Area content Wireless Networks

Most Recent


  • Restrictions on Chinese imports hurting equipment vendors working in India
    Vendors have requested a relaxation on imports from China so that domestic telecom operators can roll out upgraded networks faster. With 5G deployment around the corner, telecom equipment vendors are finding themselves in a catch-22 situation. Since the Indo-Sino clash on the Galwan border in 2020, cross-border trade with China has been severely restricted. Multinational […]
  • Panasonic Connect launches Toughbook 40 rugged laptop
    Panasonic Connect this week announced the launch of the Toughbook 40, the highest-performing device in the family of fully rugged laptops, featuring LTE-Advanced and CBRS connectivity, and a lighter total weight, despite  boasting a 14-inch touchscreen display that is larger than the previous model in the Toughbook portfolio. In addition to all of its improved […]
  • T-Mobile's CEO explains the company's new private 5G strategy
    T-Mobile on Monday took the wraps off its new private wireless networking offerings, and the company’s CEO spoke about it at length during an investor event. “CIOs everywhere are interested in this topic right now,” T-Mobile’s Mike Sievert said Monday at the J.P. Morgan Global Technology, Media and Communications Conference. “And they’re interested in it for a reason. […]
  • Hytera, Motorola Solutions refile appeal, cross-appeal in civil case
    As expected, Hytera Communications again has appealed a $543.7 million judgment against it to the 7th Circuit Court of Appeals, while Motorola Solutions this week filed for second time a cross appeal in the case that was initiated more than four years ago. There was little surprise in the filings, because both Hytera and Motorola […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • The battle over connected cars drags on
  • UK officials revamp ESN plans again, target Airwave-to-LTE transition for end of 2026
  • PSCR: Dereck Orr highlights features of June 21-24 virtual event
  • FirstNet buildout on pace for March 2023 completion, AT&T official says

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Artificial intelligence used to detect guns at schools dlvr.it/SR8wBY

27th May 2022
UrgentComm

Restrictions on Chinese imports hurting equipment vendors working in India dlvr.it/SR8sj7

27th May 2022
UrgentComm

Infrastructure improvements in cities often feature clean energy or connected technologies dlvr.it/SR8n7G

27th May 2022
UrgentComm

Panasonic Connect launches Toughbook 40 rugged laptop dlvr.it/SR5vl2

26th May 2022
UrgentComm

Newscan: ‘Predator’ spyware let government hackers break into Chrome and Android, Google says dlvr.it/SR2lBG

25th May 2022
UrgentComm

Malicious Python Repository Package drops Cobalt Strike on Windows, macOS & Linux systems dlvr.it/SR0Qb2

24th May 2022
UrgentComm

T-Mobile’s CEO explains the company’s new private 5G strategy dlvr.it/SQyzhc

24th May 2022
UrgentComm

Hytera, Motorola Solutions refile appeal, cross-appeal in civil case dlvr.it/SQxNX1

24th May 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • Microwave/RF
  • T&D World
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X