Vulnerabilities

All the vulnerabilities that exist in a conventional wired LAN apply to wireless technologies (Karygiannis & Owens, 2002). Managers must prepare to remedy the WLAN vulnerabilities ” weaknesses in the configuration, implementation, design or management of a network or system ” with greater vigilance . Wireless networks present unique challenges when trying to mitigate threats ” anything that can disrupt the proper functioning of a network or system. The wireless devices bring to the table more problems because of their mobile nature. They move from network to network, gaining connection to the Internet and returning to the corporate WLAN with the possibility of carrying all sorts of malicious code. In a sense, mobile users should be thought of as a malicious code carrier and immediately quarantined in the demilitarized zone until they receive proper scanning to remove all know malware (malicious software). Users can inadvertently carry malware and infect the corporate LAN if they have not taken the proper precautions .

Figure 5: 802.11b Wireless Security

The NIST Special Publication 800-48 identifies some of the most prevalent threats and vulnerabilities to wireless devices. They are organized to illustrate which information assurance principle is violated when not properly mitigated.

Confidentiality violations occur if:

• Sensitive information that is not encrypted (or is encrypted with weak cryptographic techniques) and that is transmitted between two wireless devices may be intercepted and disclosed.

• Malicious entities violate the privacy of legitimate users and gain the ability to track their actual movements.

• Handheld devices, which are easily stolen, reveal sensitive information.

Integrity compromises occur if:

• Malicious entities gain unauthorized access to an organization s computer network through wireless connections, bypassing any firewall protections .

• Malicious entities steal the identity of legitimate users and masquerade on internal or external corporate networks.

• Sensitive data are corrupted during improper synchronization.

• Data are extracted without detection from improperly configured devices.

• Viruses or other malicious code corrupt data on a wireless device and are introduced to a wired network connection.

Availability is reduced if:

• Denials of service (DoS) attacks are directed at wireless connections or devices.

• Malicious entities, through wireless connections, connect to other organizations for the purposes of launching attacks and concealing their activity.

• Interlopers, from insider or out, are able to gain connectivity to network management controls and thereby disable or disrupt operations (NIST Special Publication 800-48).

As WLANs become widespread, the need of business for a more robust security solution is required. Recent demonstrations of the vulnerability of Wired Equivalent Privacy (WEP) encryption make it clear that WEP protection alone is inadequate. The security features in WEP do not offer a high level of assurance. Fluhrer, Mantin and Shamir (2001) describe a passive cipher-text only attack on the RC4 stream cipher used in WEP. The authors stated, Note that we have not attempted to attack an actual WEP connection, and hence do not claim that WEP is actually vulnerable to this attack. Later, Stubblefield, Ioannidis and Rubin (2001) successfully implemented an attack, proving the complete vulnerability of WEP.

There is no need to fret about the design flaws identified in WEP. As a security service, WEP does what it was designed to do. As the name states, you get a level of privacy and security equivalent to that of wired LAN users. There were no guarantees and at the time the standard was published there may not have been anyone demanding guaranteed security features. For the WLAN, IEEE defined WEP to perform the following three functions:

• Authentication: A primary goal of WEP was to provide a security service to verify the identity of communicating client stations . This provides access control to the network by denying access to client stations that cannot authenticate properly. This service addresses the question, Are only authorized persons allowed to gain access to my network?

• Confidentiality: Confidentiality, or privacy, was a second goal of WEP. It was developed to provide privacy achieved by a wired network . The intent was to prevent information compromise from casual eavesdropping (passive attack). This service, in general, addresses the question, Are only authorized persons allowed to view my data?

• Integrity: Another goal of WEP was a security service developed to ensure that messages are not modified in transit between the wireless clients and the access point in an active attack. This service addresses the question, Is the data coming into or exiting the network trustworthy ” has it been tampered with? (Karygiannis & Owens, 2002).

Most of the complaints with WLAN security can be attributed to flaws in the design of the technology or specification. Weaknesses in the design are difficult to fix once the product is purchased. All technologies are susceptible to have a design flaw. To overcome the design weakness, WLAN managers should take extra care to properly configure, implement and managed the network. It is impossible to completely identify all possible vulnerabilities when a product is purchased and before it is added to the network. However, once purchased there is unlimited time to ˜tweak the configuration or implementation with strong management practices. The next section discusses the different types of countermeasures available to mitigate some of the known vulnerabilities.

The best countermeasures involve management, implementation and configuration (MIC) activities to mitigate vulnerabilities in the WLAN. Management countermeasures should be applied based on a well-crafted security policy. The policy should be based on management s vision and give a framework for managing the WLAN. Managers then execute the vision by the way they implement controls and configure settings on the network.