Wireless attacks at Corporations Small Companies and Home Users

by Hazrul Aaron.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on network security  

You are here: Categories » Electronics and communication » Network security

There is a general misconception that only large enterprises are at risk from cracking, wireless cracking included. This is a myth, but it is very prevalent. Large corporations are where the money and sensitive data are. However, every experienced attacker first looks after his or her own safety in regards to future legal responsibility, so he or she would start by looking for an easy target for anonymous access. At the same time, an inexperienced cracker goes for anything "crackable" without considering whose network it is and what its purpose is.

Large businesses usually have (or should have) trained security personnel, and a well-written and followed corporate security policy, as well as specific security equipment. This obviously increases the chances of discovering who the attackers are. In smaller companies and home networks many wireless attacks happen undetected and unmentioned until it is too late. Reinforcing the myth, however, the media pays attention to break-ins into major companies, thus creating an impression that smaller networks are of little interest for the underground.

Large corporations might have massive wireless networks with high output power to bridge distant buildings and provide wireless point-to-point links between company offices in the same city. Such links are easy to discover and tap into at a significant distance from the transceiver. Corporate point-to-multipoint networks might also have an impressive coverage zone with a huge number of roaming hosts. Thus, it can be difficult to discover an illicitly connected host in the "large crowd" or even an additional access point among multiple access points on the network. Besides, massive enterprises are at a higher risk from users installing unsolicited wireless equipment (both 802.11 and 802.15) and are more susceptible to social engineering attacks. These factors counterbalance the larger amount of resources that sizable companies can put into their wireless network security.

An issue we have discovered when auditing the security of various 802.11 networks is the use of legacy non-IP protocols over wireless. Although corporate networks generally tend to stay current, many organizational networks (government organizations included) do not appear to upgrade often and still run DECnet and Banyan Vines (not to mention IPX and AppleTalk) over 802.11 links. These protocols came into existence when networks were smaller, friendlier, and less exposed to the general public. At that time, security issues weren't very high on the network applications and protocols developers' lists, and known cases of cracking were sporadic. As the significance of TCP/IP grew together with the expansion of the Internet, security protocols running over IP (IPSec, Secure Sockets Layer (SSL), etc.) were developed, driven by the security demands of a large public network and the increasing importance of e-commerce around the world. At the same time, little attention was paid to non-TCP/IP protocol security, and there is nothing close to IPSec for DECnet, Banyan Vines, AppleTalk, and IPX (at least to our knowledge). Although the attacker's sniffer might not be able to decode these protocols well (although tcpdump and Ethereal understand DECnet and Banyan Vines fine), information transmitted in plaintext is still readable by anyone. Thus, while running legacy protocols over 802.11, the main (and, perhaps the only) line of defense is 802.11 (second layer) security features. Until the final 802.11i draft is available, universally accepted, and used, such networks cannot be considered secure. Of course, there are proprietary solutions to WEP insecurities as well as the WPA TKIP/802.1x . However, compatibility and interoperability issues can be a serious obstacle to deploying these solutions on large wireless networks that run legacy protocols (and probably using legacy wireless hardware). It is likely that such networks running DECnet or Banyan Vines will end up relying on static 128-bit (or 64-bit) WEP keys for security (the alternative is to drop that VAX and begin a new life). At the same time, the protocols in question are very chatty and constantly generate wireless traffic, even when no user activity on the network takes place. Chatty network protocols (including IPX and AppleTalk) are WEP crackers' best friends.

Turning from large businesses and organizations to smaller enterprises and even home user networks, a common error is to consider them to be off the crackers "hit list" because they are "not interesting" and have "low value" for an attacker. At many business meetings we were told that "your services are not needed for our small company because the company does not handle any sensitive data or perform financial transactions online." Later on the very same people were inquiring about incident response and recovery services. The reasons wireless crackers would attack small business and home networks were already listed and are quite clear to anyone in the IT security field: anonymous access, low probability of getting caught, free bandwidth, and the ease of breaking in. Specific issues pertaining to wireless security in the small enterprise 802.11 LANs include the following:

  • The prevalence of a sole overloaded system administrator unfamiliar with wireless networking or the frequent absence of any qualified system administrator.

  • The use of low-end, cheap wireless equipment with limited security features (unless you deal with Open Source, you get what you pay for).

  • The absence of a centralized authentication server.

  • The absence of wireless IDS and centralized logging system.

  • The absence of a wireless security policy.

  • Insufficient funds to hire a decent wireless security auditor or consultant.

Although many would not expect the widespread use of wireless networks in the small business sector, this assumption is wrong. Frequently, WLAN deployment is a crucial money saver for a limited-size enterprise. Although wireless client cards and access points still cost more than Ethernet network interface cards and switches, the costs of cabling are often prohibitive for a small business. Whereas large enterprises usually have their buildings designed and built with Cat 5 or even fiber cables installed, smaller businesses often use older buildings not suitable for extensive network cabling. We have found that in central London many small and medium companies must resort to 802.11 because their offices are based in designated conservation buildings. Thus, the need to use wireless networks combined with a lack of resources for hardening these networks creates a great opportunity for wireless crackers that attack small enterprise WLANs.

It is interesting to mention that when it comes to the use of basic wireless security countermeasures such as WEP, we saw that home networks tend to use WEP more frequently than many WLANs at small businesses and even larger enterprises. The rationale is probably the involved users' interest and attention to their own network and data protection as compared to the "we do not have a problem" approach to WLANs at the workplace exhibited by many corporate business users and, unfortunately, some system administrators and network managers. On the other hand, the majority of the "default SSID + no WEP combination" WLANs are also home user networks.

Share
Leave a comment or ask a question
Total comments: 0

Network security Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Home broadband is an easy way to communicate - With the arrival of home broadband, Internet access has become really easy. The telephone line was not tied up any more and most importantly it is possible to experience high speed access to t (more...)
What is Network Monitor for - Network equipment failures can cause grave consequences, such as material and data looses, bad relations with your customers, etc. System administrators should monitor their networks constantly, de (more...)
Why is SharePoint a Strong Fit for Intranets - SharePoint is an excellent fit for Intranets as it meets: • Business Needs Across Various Departments Foro Collaboration, Content authoringo Document Management, Forms crea (more...)
Why to Deploy a VPN - The motivation behind building VPNs is spread along different sectors of human nature, be it cost reduction or privacy of the communication. The common part lies in virtualization of communicat (more...)
Suspicious Events on WLAN - Once a sufficient number of network behavior statistics are gathered, a proper wireless IDS can start looking for the suspicious events indicating the possibility of malicious attack. These eve (more...)
Reasons why Wirelwss Networks are hacked - In the "good old days," Internet access was a privilege of the few and many used to try getting access by all means possible. A common way to achieve unauthorized access was wardialing, or call (more...)
Wireless Crackers: Who Are They - Knowing what kind of individual might launch an attack against your wireless network is just as important as being aware of his or her motivations. From the motivations already outlined, it is (more...)
Wireless Security Policy - The first thing to start from when deploying and securing a corporate wireless network is a design of a proper wireless security policy. The best source of information on writing a detailed a (more...)
The Usefulness of WEP Closed ESSIDs MAC Filtering and SSH Port Forwarding - This brings us to the topic of enabling WEP, closed ESSIDs, and MAC filtering as protective measures. Such defenses are "bypassable", you know how to do it. However, there are still sound reaso (more...)
Layer 1 Wireless Security Basics - Let's build on the more technical aspects of the discussed policy considerations. We'll start from physical layer security. The physical layer security of wireless networks encompasses avoiding (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.