Browse archive

Latest news

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

F-Secure advances fight against exploits

Free anti-spam software for the Mac

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Hacking charge stations for electric cars

Avoid Wireless LAN Security Pitfalls

by Dave Juitt - CTO, Bluesocket Inc. - Friday, 17 January 2003.

Wireless Local Area Networks (WLANs) are taking off. Enterprises are turning to WLANs in droves because they offer mobility and huge cost advantages. In fact, studies show that wireless workers are more productive, less pressured and save businesses money. Gartner, Inc., for instance, finds WLANs to be cheaper to install than wired LANs, especially for small organizations. And once they're in, wireless LANs are less expensive to operate and maintain.

But wireless LANs are not everywhere they could be. Enterprises have heard the horror stories of competitors and crackers sitting in a parking lot and accessing the corporate network. Unfortunately most of these stories are true. Gartner predicts that by the end of this year, a third of all enterprises will suffer a serious security exposure due to a wireless LAN.

The reason? The main protector of wireless LANs, the Wired Equivalent Privacy (WEP) standard, remains full of holes. Research from Cahners' In-Stat and META Group suggest the lack of security is the biggest deterrent to widespread adoption of WLANs.

But the more IT professionals learn about WLAN technology, and its newer

security options, the better moving to wireless sounds.

Why isn't every LAN a WLAN?

Wireless will probably never completely replace wired local area connections. Wires have an slight advantage in security and today maintain a dramatic edge in speed.

WLANs, while far slower than their wired counterparts, are multiplying in performance. And more importantly, some very smart and dedicated developers are whittling away at the security problems.

WLAN security is generally breached the same way as any other system - a hacker or two discovers a weakness and devise a mode of attack that is then shared and used by the hacker community at large. Script kiddies, or crackers without a lot of technical background, can implement these attacks too easily and wreak havoc on your network. It's essentially: point, click and break in!

But not all attacks are aimed at compromising corporate security. Some are built to demonstrate and ultimately lead to a fix. While problems with WEP have been known for years, the dam really burst in July of 2001 when noted cryptographers Fluher, Mantin and Shamir unveiled the Rapid Passive Attack. The Rapid Passive Attack demonstrated that it is relatively easy and fast to break WEP encryption.

A month later, a team from AT&T Labs successfully implemented the attack and concluded that WEP is "totally insecure." That same month, the AirSnort program was released, letting anyone penetrate WEP weaknesses in virtually any unwired network. Now there are a host of tools for script kiddies, including WEPCrack, and Dnsniff.