Wireless Security Threats
by Mirko Zorz - Wednesday, 9 October 2002.


The security of wireless networks has been a constant topic in the news during the past few months. You've probably heard of terms like wardriving, warchalking and warspamming.

The man who spoke about wireless security here at the RSA Conference 2002 in Paris was Kenneth de Spiegeleire, European Manager of X-Force Professional Services, Internet Security Services. He began by pointing out the reasons why people want to use wireless networks:
  • Attractiveness of location independent network access
  • Lowering hardware costs
  • Configuration flexibility
Mr. de Spiegeleire noted that there have been many predictions and many problems with wireless networks. He tried to show all the positive sides of adopting wireless technology.

Can we expect future growth? Yes.

Can we expect security problems? Of course.

The main problem that wireless security faces is the fact that investors always look first at the costs and later at the security concerns. Some questions that have been raised are:
  • Does it make sense do adopt this technology?
  • What are the costs?
  • Is it easy to use?
Security comes later. Maybe a bit too late.

The author gave an overview of wireless technologies. There is an enormous amount of standards so it's hard to know them all. He noted a constant problem of compatibility and interoperability. What followed was an overview of Mobile voice and data communications.

If a company wants to adopt wireless technology, according to Mr. de Spiegeleir the main contenders are three:

PANs: mainly Bluetooth

Bluetooth was designed to connect devices in close proximity (cordless appliances rather than network devices). Bluetooth was not designed to transmit sensitive information, but rather to be used in something like a household.

LANs: mainly WiFI

The focus of WiFi is to provide all the services as on a standard network. The original focus was on support for standard applications & protocols and reliable, time-critical delivery rather than speed and security.

MANs: GPRS (to be followed by 3G)

GPRS was designed to offer anytime and place remote access to corporate and Internet resources through mobile handsets. "Traditional" best-practice security was not applied to cellular networks.

Examples of threats:
  • Jamming (Denial of Service)
  • Cracking (Deciphering and Cryptoanalysis)
  • Sniffing (Breach of confidentiality through interception)
  • Injecting (Insertion of false data)
  • Masquerading (Impersonation)
  • Rogue point or AP (Unauthorized access point insertion)
When it comes to the classification of threats, they are the same as in the wired world but the traffic but sniffing is easier

To close the presentation, we were presented with some interesting facts:
  • Typically only 40% of APs have WEP enabled (based on statistics gathered during war driving initiatives)
  • Using 21db Yagi directional antenna ranges of up to 14 km can be achieved for WLAN sniffing.
What we need to do in order to increase the security of wireless networks is stream the existing security measures and implement new measures as in wired networks.

Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Nov 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //