Many companies have deferred wireless LAN rollout due to fears about wireless intrusion and wardrivers. In this column, I'll put wardriving threats into context and explain how existing security measures can be used to avoid intrusion and deploy safer WLANs today.
To be sure, results from the second Worldwide Wardrive are disconcerting. Volunteers roamed the streets in November, charting unprotected WLANs. Of the nearly 25,000 access points (APs) identified worldwide, less than 7,000 used Wired Equivalent Privacy (WEP). Over 7,800 of those without WEP were also using default network names, known as Service Set Identifiers (SSIDs).
Wardriving for public good
Fortunately, these volunteers were not trying to penetrate WLANs. Rather, drive organizers wanted to heighten awareness, encouraging vulnerable WLAN owners to secure them.
For example, owners fail to change SSIDs, because they do not realize that using the default invites intruders. Changing this network name is simple and strongly recommended for all WLANs.
WEP is admittedly more confusing. Newbies may not know what keys are, and each product requires a slightly different incantation. If you don't know how to configure WEP, start with the FAQs posted on the Wardrive Web site. Companies often upgrade to stronger privacy measures, but WEP is a useful first step for most privately-operated WLANs.
Why stats are misleading
It is important to put wardriving results like these into perspective.
Raw numbers may include WLANs that are intentionally open for public Internet access. For example, during a recent limo ride to the San Francisco airport, I spotted 45 APs, 62% without WEP. However, 17 were clearly identified as public hotspots (WayPort, etc). Discounting these, my no-WEP ratio drops to 39%.
Some WLANs use encryption, authentication and access control at a higher layer. If we assume that half of these open APs were
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
using VPN tunneling, my unprotected AP ratio falls under 20%. This leaves room for improvement, but it is far less alarming.
Although not statistically significant, this example illustrates a broader principle: Only a subset of the networks discovered by wardrivers can be readily penetrated by intruders.
Don't be paralyzed by FUD
Stories about wardriving and WEP cracking have helped to create an atmosphere of fear, uncertainty and doubt (FUD). But don't let FUD stop you from taking advantage of wireless LANs to reduce cabling costs, speed network expansion and increase productivity. Instead, use cautionary tales to understand risks and take proactive steps to secure your WLAN.
Network operators disable WEP for many reasons. Some believe that WEP isn't worth using since it can be cracked. Others find configuring shared WEP keys inconvenient -- for example, in public hotspots. Some find updating keys in a large, distributed network too difficult. Others require privacy for individual users -- something WEP was never designed to provide.
Enhanced security
Fortunately, upgrades are becoming available to address these concerns.
Incremental refinement
802.1X and EAP methods will continue to evolve. Man-in-the-middle vulnerabilities in PEAP must still be resolved, and new EAP methods have been proposed -- for example, to let dual-mode smart phones authenticate themselves to wireless LANs. Since change is expected, companies launching new WLANs may want to start small and expand over time. Operate in mixed mode for a while, using 802.1X authentication only where you really need it, reducing your cost to deploy upgrades.
Final standards for Enhanced WLAN Security (known as 802.11i) will include a new privacy protocol, based on the Advanced Encryption Standard, to be implemented by next-generation hardware. This is no reason to delay installation of WPA firmware upgrades as soon as they become available. You don't have to enable WPA features immediately -- you can phase them in over time.
Link-layer security is only one piece of the WLAN security puzzle. Innovations are also happening elsewhere, for example: hotspot APs that block inter-station traffic, gateways that facilitate secure roaming by floating VPN endpoints, directional antennas that reduce signal leakage and intrusion-detection systems that automatically react to wireless attacks.
The bottom line
You don't need to know about all of these to begin secure WLAN deployment, but anyone planning a large WLAN should invest in training to learn about available measures and how to design security into your network from the start. If you adopt available WLAN security measures, wardrivers will probably still be able to discover your APs. But there is plenty you can do today to prevent the vast majority of would-be intruders from actually penetrating your WLAN.
