Businesses using wireless local area networks (Lans) may be
unwittingly leaving themselves open to wireless-launched denial of
service attacks.
Security experts have shown that hackers armed with low-cost
equipment can reach behind company firewalls to overload servers
with floods of wireless messages. Their findings will add impetus
to calls for the Government to reform the Computer Misuse Act to
criminalise denial of service attacks.
A hacker equipped with a Linux laptop computer, a wireless Ethernet
card and free software from the Internet can bring company servers
to a halt, the security company I-Sec has proved.
The attack relies on the tendency of many businesses to connect
their wireless access points directly to their networks, outside
the protection of the company firewall. Many may not be aware that
their networks have wireless access.
Experts from the company have used Kismet, a software package
available on the Internet, to show how hackers could sit outside a
building and scan for wireless network access points. It can
identify the frequencies and ID numbers of wireless access points,
giving hackers all the information they need to get in.
Once online, I-Sec has shown how hackers are able to use other
freeware from the Internet, such as SYNK4, to launch denial of
service attacks which prevent users from logging on to their
company's servers.
Most wireless hackers invade networks just to see what is there or
to hijack bandwidth to download software, but a motivated hacker
could choose to bring a company's systems to a halt.
"There is nothing to stop someone mounting a denial of service
attack if they feel aggrieved. The threat could come from a
disgruntled ex-employee, for example," said I-Sec managing
director, Geoff Davies. Research by I-Sec in the City of London has
shown that about two- thirds of businesses do not encrypt their
wireless traffic.
Even when encryption is used, a determined hacker could use freely
available software packages, such as Airsnort, to crack the
wireless encryption protocol used in most wireless Lans by
collecting and analysing wireless traffic over the course of a
week.
In a variation on the attack, I-Sec has shown that a hacker could
simulate a company's wireless access point by placing a slightly
more powerful transmitter near the building. Staff inside would
find that their PCs would attempt to log on to the dummy access
point, preventing them connecting to the company network.
Businesses can protect themselves by following some simple steps,
including turning off transmission of access point identification
numbers and moving wireless access points away from windows and the
outside edges of buildings.
"The main thing is to use some sort of authentication system, which
would prevent someone accessing the network," said Davies.
Guest editor's comment
This seems to be another
example of IT suppliers not being honest about the functionality of
products. If wireless network sales were subject to the same laws
which control financial products there would be many mis-selling
claims against the suppliers. If the wireless networks allow such
easy access to hackers the suppliers must advise on the tools to
minimise the risk.
While it is clearly up to customers to ask the right questions that
does not remove responsibility from the supplier to be open and
honest about how best to implement IT to minimise security risks.
The supplier may not know enough about their own product to give
advice, as I have found before.
This story yet again emphasises the IT director's responsibility to
understand the limitations of any new technology before it is used
in the corporate environment.
David Rippon is chairman of the IT directors' group
Elite