5-Minute Security Advisor - Why Worry About Wireless Security?

Wireless networks are exploding in popularity. This boom is no big surprise, in light of how convenient they are to set up and use. You might think that only small companies and home users depend on wireless, but you'd be wrong—major enterprises, including Microsoft, have plumbed their corporate facilities with wireless access points (APs) so that corporate users can get seamless access to their networks from conference rooms, hallways, lunchrooms, and other formerly unwired locations. This flexibility and freedom can come at a cost: you have to buy wireless hardware, configure it properly, and set it up in physical locations that allow good signal coverage of the desired area. Apart from those mundane issues, though, wireless LANs (WLANs) have some potential security problems that you should know about.

On This Page

How WLANs Work: The Basics
Understanding the Security Threats
Protecting Yourself: Getting Started

How WLANs Work: The Basics

Several WLAN standards are in use, but the most popular by far is the IEEE 802.11b standard, which defines a set of communications protocols for wireless communications in the 2.4GHz industrial, scientific, and medical (ISM) frequency band. 802.11b networks can run at speeds up to 11Mbps; the newer, faster, and not-backwards-compatible 802.11a standard (which runs at up to 54Mbps over a 5GHz channel) is gaining some favor, too.

No matter which 802.11 variant you use, these WLANs work in the same way. There are two types of 802.11 devices: stations and access points (APs). A station is any wireless device, be it your PocketPC, your laptop, or your Xbox. An access point (AP) is like the hub or switch in a wired network: stations connect to it, each station and forming an association called a port with the AP. This arrangement is called infrastructure mode; in ad hoc mode, by contrast, stations talk directly to each other without using an AP.

In Windows XP, the beauty of this arrangement is that all of the configuration and setup is automatic. You plug in your AP in and configure it; from that point forward, wireless clients using Windows XP Home or Professional editions can automatically discover the AP and attach to it. This arrangement is terrific for ease of use, but you need to take some basic security precautions to avoid accidentally offering free wireless service to all comers.

Understanding the Security Threats

The flexibility and mobility of wireless networks are what make them so popular. However, there are some security threats that arise as a direct result of the way WLANs work. Let's start with the obvious: As satellite TV operators and cordless-phone users know, you can't restrict the radio waves you're sending out past your property line. By properly fiddling with your AP locations and the kind, number, and orientation of the antennas you use, you can partially solve this problem. However, by their nature, wireless signals propagate, and anyone who can hear the signal can potentially read, or insert, traffic on your network. So, problem #1: Unauthorized users might be able to access your network, including sending traffic (such as spam) to the Internet, without your knowledge.

Action If you have a wireless network, put a wireless card in a mobile device and take it outside. See whether you can get a usable signal from the outside of your building, or from adjacent structures or offices. What about from the street? Can "wardrivers" easily find you?

Problem #2 is related to problem #1. The 802.11 standard defines a security protocol called Wired Equivalent Privacy, or WEP. WEP is supposed to encrypt the wireless packets so that attackers can't easily read them. 802.11b WEP offers two strengths of encryption: 40-bit and 128-bit (802.11a and 802.11g add a third, 152-bit, variant). However, due to laziness on the part of some wireless hardware manufacturers, WEP isn't always on by default, and some manufacturers (notably Apple) don't fully support the more secure 128-bit version of WEP. When WEP is on, flaws in the WEP definition mean that a moderately skilled attacker can crack the encryption and read, or forge, traffic. Several freely widely available tools that sniff WLAN traffic and analyze it to recover the WEP key; because 802.11 requires manual changes to the WEP shared secret, this means that you either have to change your password frequently or live with the risk that someone will recover it.

Action If your wireless hardware supports 128-bit WEP, make sure that it's turned on. If not, investigate buying some better hardware.

Problem #3 is of primary interest primarily to companies that are using WLANs. Imagine for a second that someone adds a rogue AP to your network and leaves WEP turned off. Instantly, random passersby can get access to your network. This vulnerability alone might not be dangerous—if you've been faithfully reading the other 5-Minute Security Advisor articles, you'll probably be OK—but it's a bad precedent, because one of those passersby might be a malicious attacker with the skills to exploit an unpatched vulnerability somewhere in your network.

Protecting Yourself: Getting Started

I don't mean to paint a gloomy picture; though the three security problems described here are serious, you can do a lot to mitigate them. Windows 2000, Windows XP, and Windows Server 2003 all include WLAN security features that you can use to strengthen your wireless security, and your WLAN APs can probably be configured to be more secure than they are. Remember that one key to effective computer security is defense in depth: The more protective measures you can take, the harder it becomes for an attacker to penetrate enough of them to attack your computers. Here are a few ideas to get you started:

• Make sure that your desktop and server systems are as secure as you can make them. This protection raises the bar so that even if attackers get into your WLAN, they'll still have a hard time penetrating your computers.

• Turn on WEP at the maximum strength your AP and stations support. Make sure you have a strong WEP password, too, following the same rules for password strength that you'd use for your wired network.

• Make sure that the network name (or SSID) for your wireless network isn't easily identifiable. Don't use your business name, your own name, or (heaven forbid) your address as a SSID.

• If your AP supports SSID broadcasting, turn it off. This action essentially creates a closed network, so that new clients must enter the correct SSID before they can connect.

• If you're using Windows 2000 servers with Windows XP clients, use the IEEE 802.1X authentication protocol to secure your networks.

In future 5-Minute Security Advisor articles, I'll cover more steps that you can take to protect your WLANs by strengthening their authentication and encryption. In the meantime, the list in this article gives you a solid starting point.