The security of wireless networks has been a constant topic in the news during the past few months. You've probably heard of terms like wardriving, warchalking and warspamming.
The man who spoke about wireless security here at the RSA Conference 2002 in Paris was Kenneth de Spiegeleire, European Manager of X-Force Professional Services, Internet Security Services. He began by pointing out the reasons why people want to use wireless networks:
- Attractiveness of location independent network access
- Lowering hardware costs
- Configuration flexibility
Can we expect future growth? Yes.
Can we expect security problems? Of course.
The main problem that wireless security faces is the fact that investors always look first at the costs and later at the security concerns. Some questions that have been raised are:
- Does it make sense do adopt this technology?
- What are the costs?
- Is it easy to use?
The author gave an overview of wireless technologies. There is an enormous amount of standards so it's hard to know them all. He noted a constant problem of compatibility and interoperability. What followed was an overview of Mobile voice and data communications.
If a company wants to adopt wireless technology, according to Mr. de Spiegeleir the main contenders are three:
PANs: mainly Bluetooth
Bluetooth was designed to connect devices in close proximity (cordless appliances rather than network devices). Bluetooth was not designed to transmit sensitive information, but rather to be used in something like a household.
LANs: mainly WiFI
The focus of WiFi is to provide all the services as on a standard network. The original focus was on support for standard applications & protocols and reliable, time-critical delivery rather than speed and security.
MANs: GPRS (to be followed by 3G)
GPRS was designed to offer anytime and place remote access to corporate and Internet resources through mobile handsets. "Traditional" best-practice security was not applied to cellular networks.
Examples of threats:
- Jamming (Denial of Service)
- Cracking (Deciphering and Cryptoanalysis)
- Sniffing (Breach of confidentiality through interception)
- Injecting (Insertion of false data)
- Masquerading (Impersonation)
- Rogue point or AP (Unauthorized access point insertion)
To close the presentation, we were presented with some interesting facts:
- Typically only 40% of APs have WEP enabled (based on statistics gathered during war driving initiatives)
- Using 21db Yagi directional antenna ranges of up to 14 km can be achieved for WLAN sniffing.