Several years ago proponents of 802.11b wireless networks maintained that their products were secure, because the Wired Equivalent Privacy (WEP) security mechanism would keep intruders from intercepting and decoding wireless communications. In addition to eavesdropping on your wireless network, WEP was supposed to keep intruders from joining your wireless network. However, because WEP uses only a shared 40-bit encryption key, it is very easy to break. It is important to point out that the Wireless Ethernet Compatibility Alliance (WECA), now called the Wi-Fi Alliance, has stated that WEP was never meant to be a single solution for securing a wireless network. Instead, other technologies, such as VPNs (see Chapter 50, "Virtual Private Networks [VPNs] and Tunneling"), as well as other mechanisms (such as secure authentication) typically found on a wired network, were meant to fill this gap. WEPBecause the first version of WEP uses a simple 40-bit encryption key, and the same key is used on both the Access Point (AP) and the wireless client, it is a simple matter to break this security. For example, there are several utilities on the Internet you can use to determine whether WEP is protecting your network adequately.
You can visit the following Web sites to gain access to software that can be used by both you and hackers, to determine whether your network is secure:
At this time it is not illegal to use devices to listen to wireless network transmissions. It would be great if such laws were enacted worldwide. Yet, because these tools are available to everyone, you should probably use them to see whether your network is as secure as you think it is . This is not meant to encourage hackers to use these tools; the tools previously listed are meant for you to use them so that at least both sides can have access to the same intrusion applications. This goes along with the benefits touted by the open-source community. While the source code and applications are available to everyone (a glass house, so to speak), they enable hackers to search for vulnerabilities, and they also enable users to create solutions to prevent these attacks. This is an argument that is often used to compare proprietary operating systems and applications and open-source ones. I guess it all depends on your perspective. If you want to use proprietary applications, you will have to depend on your vendor to fix security problems. If you use open-source applications, there are many programmers worldwide who can develop a solution. Whom do you trust? This is a difficult decision to make. But, at the very least, you should have access to the same programs that hackers use to determine whether your network is vulnerable, whether or not you use other open-source applications. And if you search the Internet, you will find many other programs used by hackers in addition to those listed previously. A good search, on a regular basis, is recommended by this author. Second-Generation WEP: Using a 128-Bit KeyEven a newer version of WEP that uses a 128-bit key is easily detected and broken. Because of this, it is recommended that you separate a wireless network from the wired network using a firewall (see Chapter 49, "Firewalls"). At least this will assist in keeping intruders from accessing the entire corporate network, though the wireless portion is still vulnerable. And you should incorporate techniques such as VPNs, as suggested by the Wi-Fi Alliance, to further enhance security on the wireless portions of the network. Many consumers who purchase inexpensive devices for home networks may think that the SSID (service set identifier) that you enter when installing the network card and Access Point provide security for the wireless network, but this is not the case. Instead, the SSID is simply used to separate wireless networks. The SSID is easily discovered , especially if you do not choose to use additional security mechanisms. The SSID is not a security mechanism! It is simply a method used to associate wireless devices with an AP. Without using some form of encryption, the SSID is easily discovered by broadcast messages from the AP. When discovered by an eavesdropper, all that is necessary for the intruder is to reset his wireless adapter to use the same SSID, and then join your network. A good Web site to visit if you are interested in the latest developments in wireless security is www.netstumbler.com. Here you'll find various articles about wireless security, as well as downloads that can help you enhance your current wireless device and check out security lapses.
Yet, as criticism of WEP continued to grow, and made some potential customers think twice about using 802.11b Wi-Fi technology, work has been done to create newer wireless security standards.
Wired Protected Access (WPA) and 802.11iIn response to the vulnerability and criticism of WEP, the Wi-Fi Alliance has created the Wired Protected Access (WPA) standard, which should be considered as an interim protocol until something better comes along. WPA will most likely be a thing of the past when the IEEE finishes work on 802.11i, which is a security protocol intended to provide a better solution to security for wireless networks. One of the main complaints about WEP, besides its limited-length keys, is the fact that the same key is used by both sides of the transmission. And the key does not change during a session. That is why it is easy to examine network traffic on a wireless network and eventually crack the encryption key. The 802.11i standard is still under development, but it is mentioned in this chapter because vendors are beginning to adopt the features that have already been published in draft form. As the old Roman saying goes, caveat emptor ”let the buyer beware. If you purchase hardware based on draft standards, don't expect it to necessarily work when the final standard is published. WPA solves two problems associated with the earlier WEP security mechanisms. First, it uses encrypted techniques for authentication, which should assist in preventing unauthorized clients from becoming part of the wireless network. Second, it uses a constantly changing key instead of the single shared key used for encryption by WEP. By changing in the encryption key at frequent intervals, WPA can be much more difficult to crack. Yet this all remains to be seen after the IEEE has finished work on the 802.11i standard. The constant changing of encryption keys is known as the Temporal Key Integrity Protocol (TKIP). This key-changing method will make it very difficult for intruders to decipher keys used by your wireless network, especially when compared to the static keys known by both sides of the communications link used by the simple WEP standards. WPA also includes an integrity check that is basically a check sum based on the network packet that can detect whether a packet is originating from a valid network user or an intruder who is attempting to crack the key used by your network. Thus, if an unauthorized user uses the standard techniques to attempt to determine a fixed key, you can detect these intrusion attempts, and then deal with them. How Well Do You Know Your Users?One of the main concerns of network administrators in the 1980s was that any person in the company network could easily install a modem in her computer and connect to computers outside the network. For digital telephone systems, this was not a problem. But for small businesses using an analogue telephone system, this could present a major security headache . The equivalent today is known as rogue Access Points, and these are difficult to detect with modern network analysis tools. Because APs are so inexpensive, what can you do to stop a user, or a department in your company, from installing an AP and enabling wireless access? In large corporate environments where it can be a complicated process, what is to stop a user from simply connecting an AP to her own network connection, and thus enabling a larger number of computers to connect to the network? Because APs generally use DHCP to assign addresses to clients, and use the single valid address on your network to exchange data for these clients, just how secure is your network? This is yet another reason to use wireless detection programs on a regular basis, even if you do not authorize wireless networking, to determine whether some user has enabled this access on your wired network. In Chapter 46, "Basic Security Measures Every Network Administrator Needs to Know," the importance of establishing corporate security policies and procedures was discussed. If you ensure that each and every employee, contractor, and vendor signs off on these policies (which should include wireless access), then you will at least have grounds to dismiss those who violate the procedures, and possibly to pursue legal action. There's not a lot you can do about rogue users, and this problem is more common than many administrators think. If a user is stymied by corporate procedures and paperwork, it is not a difficult thing to justify implementing a solution on his own. Again, because these types of security breaches can easily occur, especially in a large network, you should use wireless sniffing programs to determine whether users are bypassing your policies and procedures that are employed in your network. Although you may indeed use wireless networking at certain junctions in your network, you should regularly test to see whether unauthorized wireless networks are being created by users. When you consider the low cost of an AP today, it is very feasible to install a wireless network anywhere in your large network. And many of the users who have been caught using this method say that the reason they did so is that it would take too long to get permission from the network administrator, or whatever body you use to authorize such connections. I guess the best thing to say about this topic is "trust no one." |