, TechNews.com 2002-11-07
A wireless network is like hundreds of network cables floating in search of a rogue computer.
WEP represents the encryption of communications data sent over radio waves, specifically using an 802.11b system. But WEP, offered with varying amounts of encryption, is vulnerable because a smart attacker can obtain data pertinent to circumventing the coding by capturing sufficient frames of data.
WEP begins doing its job when a wireless computer sends a request to an access point for a secure session. The access point generates an encrypted response, or shell, that is sent back to the computer. The computer then creates a special code, or shared key, for the computer and the access point. The access point decrypts the shell and allows the computer entry to a network if the shared key matches.
The problem with this technology is that capturing these frames reveals three pieces of data: the cipher text, plain text and the nature of the electronic "handshake." With these items, an unauthorized user can communicate with the access point in WEP without having to know the shared key, bypassing security.
Despite the problems, it's not necessary to abandon WEP. A typical user -- even most attackers -- won't succeed in scaling this security hurdle. But there's a lot you can do to boost the security of a wireless network.
The first thing is to secure your access point. Make sure your "service set identifier" is closed and can't be detected by unauthorized wireless clients. The SSID is the wireless network name that an access point automatically sends out so that random clients can pick up the availability of wireless network service.
Whether your access point is prevented from submitting the SSID automatically depends upon the manufacturer and model of your access point. Some do, some don't and some can be set not to.
Likewise, make sure you configure your access points not to accept data from wireless computers set with the default "any SSID." This setting is a feature inherent in most 802.11b clients so that they can detect any access point broadcasting its SSID. When choosing an access point, make sure you choose one that has a user name and password feature and that requires a person to log in to the network via a hard-wired local area network rather than via a wireless LAN to connect to the access point's configuration software.
Some companies produce more-secure wireless access points than others. The market basically breaks into two categories: access points for small offices and devices for large ones. A small office would be one with 50 users or fewer. A large one would have 50 or more.
Both categories offer WEP encryption and Media Access Control addressing capabilities. MAC addresses are the hardware numbers that uniquely identify each node of a network on an 802.11b platform. A MAC address adds one more layer of security but is inherently as flawed as WEP because the addresses can be easily "sniffed" with snooping software.
The WEP and MAC vulnerabilities are what distinguish small-office access points from their company-wide counterparts. The larger access points generally come with added security and management features.
Plus, some devices can generate a new and different shared key for every session. This makes it difficult for an attacker to make use of a key found with a sniffing application because each key has a short life span.
The high-end access points also can join Remote Authentication Dial-In User Service. RADIUS can authenticate wireless clients to a network if it uses Category 5 cabling. RADIUS servers, like the access points that can join them, are expensive and difficult to set up and use.
But it's the layers of security that will keep your wireless network services safe from penetration and tampering. No system is hack-proof. The goal of any good approach to security is to make a breach so time-consuming and difficult that it's not worthwhile for the would-be hacker to attempt it.
To respond, e-mail editor (at) gcn (dot) como [email concealed]r visit the Government Computer News Web site at www.gcn.com.
