Home > Articles > Cisco Network Technology > Security > Wireless Security

Wireless Security

  • Sample Chapter is provided courtesy of Cisco Press.
  • Date: Jul 16, 2004.

Chapter Description

Tom M. Thomas explains the basics of setting up security for a wireless network. He warns technicians of the various ways in which a wireless network can be breached, and provides help in protecting against those attacks.

From the Book

Network Security First-Step

Network Security First-Step

$34.95

Wireless Threats

Wireless threats come in all shapes and sizes, from someone attaching to your WAP (Wireless access point) without authorization, to grabbing packets out of the air and decoding them via a packet sniffer. Many wireless users have no idea what kinds of danger they face merely by attaching a WAP to their wired network. This section discusses the most common threats faced by adding a wireless component to your network.

The airborne nature of WLAN transmission opens your network to intruders and attacks that can come from any direction. WLAN traffic travels over radio waves that the walls of a building cannot completely constrain. Although employees might enjoy working on their laptops from a grassy spot outside the building, intruders and would-be hackers can potentially access the network from the parking lot or across the street using the Pringles can antenna, as shown in Figure 8-2.

Sniffing to Eavesdrop

Because wireless communication is broadcast over radio waves, eavesdroppers who merely listen to the wireless transmissions can easily pick up unencrypted messages. Unlike wire-based LANs, the wireless LAN user is not restricted to the physical area of a company or to a single access point—the exception being those annoying areas that are not covered by the access, and it's always the office with a user who wants attention. The range of a wireless LAN can extend far outside the physical boundaries of the office or building, thereby permitting unauthorized users access from a public location like a parking lot or adjacent office suite. An attacker targeting an unprotected WAP needs only to be in the vicinity of the target and no longer requires specialized skills to break into a network. Anytime I do a network assessment for a customer in a shared office building, I almost always find one of two things:

  • A neighboring business that has an open wireless network

  • A neighboring user that has joined my customer's wireless network

If you want to examine the traffic going out over an Ethernet connection (wired or wireless), the best tool that comes to mind is the ubiquitous packet sniffer application. Packet sniffers allow the capture of all the packets going out over a single or multiple Ethernet connections for later inspection. These sniffer applications grab the packet, analyze it, and reveal the data payload contained within. The theft of an authorized user's identity poses one the greatest threats, and Figure 8-5 shows a freeware packet sniffer known as Ethereal, which is used on an Apple PowerBook G4 Laptop over a wireless Ethernet network to capture a mail application transmitting a username and password. (Names and passwords have been changed to protect the innocent, of course.)

Figure 5Figure 8-5 Wireless Sniffer Packet Capture

The intent here is to show you how packet sniffers can be used against known behavior. In this case, when users start their computers, one of the first things they do is check e-mail. Most e-mail servers do not require any sort of encryption and, because the wireless network is not transmitting anything encrypted, the data is sent in clear text. An attacker with a packet sniffer could now steal the user identity and log in to the mail server as the unaware user anytime.

If you have read through packet captures before and are familiar with the information they contain, you should have immediately recoiled in horror at the knowledge that wireless networks are sniffers readily available and several are free. If this is the first time you have seen a packet capture, you might be in for a shock as you find out the wealth of information contained in a packet's data payload. Imagine if you were a domain administrator logging in to the domain and checking your online bank account or other information that could be critically damaging if someone hijacked it.

Denial of Service Attacks

Potential attackers who cannot gain access to your Wireless LAN can nonetheless pose security threats by jamming or flooding your wireless network with static noise that causes wireless signals to collide and produce CRC errors. These denial of service (DoS) attacks effectively shut down or severely slow down the wireless network in a similar way that DoS attacks affect wired networks. This vulnerability is apparent, and being on a wired network does not reduce your vulnerability to viruses, attacks, or in any other way increase security; in fact, it will quite likely get worse.

NOTE

Restaurants, hotels, business centers, apartment complexes, and individuals often provide wireless access with little or no protection. In these situations, it is possible to access other computers connected to a wireless LAN, thereby creating the potential for unauthorized information disclosure, resource hijacking, and the introduction of backdoors to those systems. When users take corporate laptops home and use them on wireless networks, the vulnerabilities to your network increase. I have been on network assessments reviewing wireless usage and found that many a CEO, CFO, or CTO has the IT staff set up a wireless device at home for them with the same characteristics they have at work (SSID, and so on). This makes it easy for them to work at home with no trouble; however, the corporate network is extremely vulnerable because an attacker can go after a corporate employee's home network and compromise his machine. When the employee goes to work, so does the attacker— now he is inside your corporate network. Common sense is needed her—and a commitment by everyone in the management team to secure the network. This means not mixing corporate and home security.

Perhaps a bit more common is when other wireless devices unintentionally cause a denial of service to your wireless data network—for example, that new cordless phone running on 2.4 Ghz, or placement of access points near devices that generate interference and affect their operation, such as microwaves. Not all reduction in wireless connectivity is related to attackers, so remember that wireless networks are based on radio signals, and many things (walls, weather, and wickedness) can affect them.

Rogue/Unauthorized Access Points

WAPs can be easily deployed by anyone with access to a network connection, anywhere within a corporation or business. In fact, most wireless deployments are in the home so people with laptops can use them in any room in the house. The ease with which wireless technologies can be deployed should be a concern to all network administrators.

Because a simple WLAN can easily be installed by attaching a WAP (often for less than $100) to a wired network and a $50 WLAN card to a laptop, employees are deploying unauthorized WLANs while IT departments are slow to adopt the new technology. Unauthorized WAPS are known more commonly as Rogue APs.

An executive of a large technology conglomerate was recently quoted as saying something like, "the hardest network to secure against wireless threats was one that had no wireless access at all" (or something very similar). What this executive meant was that, just because a company did not buy and install any wireless gear on their network did not mean that there wasn't any.

The concept behind wireless technology is to give people the freedom to roam around and still be connected to their network resources. The lure of this freedom is just too tempting to some folks in corporate America, so they go out and buy wireless gear on their own and hook it up to the office network. Now, you begin to see the problem.

NOTE

In August 2001, Gartner Group reported that "at least 20 percent of enterprises already have rogue WLANs attached to their corporate networks" from authorized network users. Thus, risk-adverse organizations that consciously decide to delay WLAN deployment because of the security risks need to monitor their airspace to ensure that rogue WLANs do not inadvertently open a door for intruders. Stepping into the roll of the extremely paranoid, an attacker could be part of the cleaning crew in the evening and place a rogue access point into your network very easily.

If you can imagine how difficult it is to prevent people from bringing software from home and installing it on their work machines, it is ten times more difficult to prevent power users from "self adopting" wireless gear into the office LAN.

You might ask, "What is the harm in doing this?" The harm is that by installing an unauthorized access point, you have now extended an invitation to every hacker within a 500-foot radius to prowl your company's network, files, Internet access, printers, and any other devices currently connected to the private network.

Your network administrators take great pains to protect the corporate network from attackers and other "evildoers," and now there is a completely unprotected conduit into the company's holiest of holies: your internal corporate network.

A well-documented company has several security policies in place that govern every type of behavior when a user connects to the network. Rogue access points subvert these policies and open the doors to all varieties of bad things happening to the network.

To be perfectly fair to the employees who might commit this ultimate sin, it is important that the following information be made abundantly clear:

  • Only authorized IT staff is to connect networking equipment.

  • All devices that connect to the network, especially wireless access points, must conform to established security policies.

  • Any devices that have been installed by anyone other than approved IT staff will become either the property of the company or will be rendered inert (that is, smashed into a million pieces).

  • Hackers install rogue access points on a company network with the intention of stealing secrets and damaging data; this means no holiday bonuses because this kind of damage can cause a company to go out of business.

Finding rogue access points has become a little easier than in the past through the use of freely available software; the section entitled, "NetStumbler" delves into this. This same piece of software that made life easier for hackers has now become the favored tool of network security specialists for dealing with unauthorized wireless access points.

Attackers' Rogue AP Deployment Guidelines

I was going to call these "the rules for attackers to deploy rogue access points," but applying rules to those with criminal intent seemed an oxymoron. Attackers have developed some best practices that they have shared in their community and, by now, all honest network engineers are going to make WarDriving a frequent occurrence to protect your network. Following is a brief list of what you can do to prevent attackers from "casing the joint":

  • Know what you are trying to gain before placing the access point.

  • Plan for the use of the access point; this means place so that if you have your laptop out and "working," you do not look suspicious.

  • Place the access point as discretely as possible while maximizing your ability to connect to it.

  • Disable SSID Broadcasting, thus requiring the target's IT staff to have a wireless sniffer to detect it.

  • Disable all network management features of the access point, such as SNMP, HTTP, Telnet.

  • If possible, protect the access point's MAC address from appearing in ARP tables.

The obvious disclaimer here is that these actions are not something you should ever do without—and I really stress this—written permission. Many companies view even the accidental connection to their wireless network as an attack, so it is likely that you are going to be viewed as guilty until you prove your innocence.

It is also important to note that devices designed to jam radio signals have been around since before wireless ever became a standard. Because wireless is a radio frequency, it can be easily jammed.

Incorrectly Configured Access Points

Incorrectly configured access points are an avoidable but significant hole in WLAN security. Many access points are initially configured to openly broadcast SSIDs to authorized users. Many honest network administrators have incorrectly used SSIDs as passwords to verify authorized users. However, because the SSID is being broadcasted, this a large configuration error that allows intruders to easily steal an SSID and have the AP assume they are allowed to connect.

SSIDs act as crude passwords and are often used to recognize authorized wireless devices; thus, SSIDs should follow your corporate password policy and be treated as passwords. If you do not have a password policy, refer to Chapter 2, "Security Policies and Responses," and ensure the SSID cannot identify your company or business.

Network Abuses

Authorized users can also threaten the integrity of the network with abuses that drain connection speeds, consume bandwidth, and hinder a WLAN's overall performance. A few users who clog the network by trading MP3 files can affect the productivity of everyone on the wireless network. This ultimately leads to users who are trying to be productive complaining that the network is slow or that they keep losing connection. Based on experience, these types of issues are extremely difficult to identify and narrow down, especially if businesses decided to save money by using APs designed for home use rather than those designed for corporate use. Home-use APs do not come with the tools needed to help you.

Careless and deceitful actions by both loyal and disgruntled employees also present security risks and performance issues to wireless networks with unauthorized access points, improper security measures, and network abuses. Again, this recognizes the fact that the majority of security breeches and incidents come from inside, trusted individuals.

6. Wireless Security | Next Section Previous Section

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020