Whether or not your organisation has a wireless network, rogue
access points could make company systems and data vulnerable to
attack from hackers
Wireless technology is becoming ever more popular, both in the
business world and with consumers. The ease with which wireless
access points can be installed and the risk of unauthorised access
they present means users need to apply security skills to safeguard
their wireless networks.
The City of London saw a 253% increase in the number of wireless
networks deployed in the 12 months from February 2002 to February
2003, according to a survey by RSA Security.
Tim Pickard, vice-president of marketing EMEA at RSA Security, said
this equated to a 300% rise in the number of access points across
the City. RSA's most recent survey, in Frankfurt in May 2004,
showed that despite security concerns, wireless networks are
proliferating.
Karl Feilder, president and chief executive of Red-M, a provider of
wireless intrusion and detection products, said that between 80%
and 90% of laptops that ship with the Centrino chip have wireless
capability.
The gadgets are out there
Add to that the fact that most senior managers, middle managers
and sales people have their own mobile devices such as personal
digital assistants with wireless capabilities, and it is easy to
see that wireless is being widely used - if not in approved
business systems, then on a personal basis.
Many users connect their own wireless devices to company systems,
and this can cause a logistical headache for IT departments trying
to control the use of these items and maintain security in the
corporate infrastructure.
There are two issues facing IT departments attempting to deal with
the control, implementation and restriction of wireless
technologies. If you choose to implement this technology and deploy
a wireless network within the company, how do you implement it
effectively and maintain company security?
And, if you choose not to deploy this technology, how do you
ensure that users are not compromising the security of the network
by using it anyway?
Unwanted visitors
For companies looking to implement wireless technology on their
networks, one of the greatest concerns is preventing the network
from being visible outside of the business premises. Stories of
wireless networks that have been compromised by unwanted visitors
sitting in car parks have made some people wary of this
technology.
Although some physical solutions to radio frequency (RF) leakage -
radio waves escaping the building - have been developed, such as
glass that prevents leakage through windows,
Michael Coci, director of product marketing and support at wireless
Lan maker Trapeze Networks, said, "You do not have to go down the
path of expensive physical barriers to stop this. By using
directional antennae on external walls and directing the RF signal
inwards and reducing the range of access points, you can minimise
leakage."
Products from companies such as Trapeze and Airespace allow you to
plan and manage the location of access points. By importing drawing
files of floor plans into planning programs it is possible to take
account of external walls and windows when planning where access
points should be placed.
Access points typically serve between 10 and 15 users and can be
configured and placed to make them more efficient according to the
number of users they serve and the bandwidth required. The key to
implementing a wireless network effectively is planning and
management.
Why do you want wireless?
Joel Young, vice-president of engineering at network developer
Digi International, said IT managers should be clear about what
they want from wireless integration in the network at the planning
stages as this will determine how the network should be
structured.
"Before anything else, do a site survey of where you think you want
to have wireless and fixed devices, as some can afford to have a
lower signal," he said.
Unlike a wired network, which is static and contained, in the
wireless environment different users may be doing different things
at different times of the day.
Martin Cook, solutions consultant in Cisco's business
development team, said, "The wireless network is dynamic. There are
RF changes as the number of people in a room changes, and as
furniture, such as a filing cabinet, is moved. Management is a big
issue at the minute. Wireless networks are easy to deploy, but the
total cost of ownership is reduced by effective management
tools."
The same products can also be used to track unauthorised or rogue
access points, such as those created when users bring in personal
wireless devices and connect them to the network. Access points can
be configured to scan neighbouring access points and monitor
bandwidth, as well as any rogue access points that appear.
Rogue access points that occur through unauthorised use of wireless
devices can be just as much of a threat as someone sitting outside
the company building and sneaking on to the corporate wireless
network.
Security policies
If security policies are not in place to control both the access
to the network and the access points around the building, this is a
potential security risk - and this can apply even to those networks
that are not wireless.
Ian Hughes, manager of IP and mobility security at BT, said, "The
decision to have a mobile network has been taken out of people's
hands. The reality is you have probably got a wireless network even
if you do not want one."
Feilder agreed. "Every organisation we have visited to talk about
wireless security has had wireless in their building whether they
wanted it or not," he said. "One company knew it had two rogue
access points, but we found 32 hooked up to the main production
network."
Companies should also be aware that if there is the possibility of
access to a network, they could be opening themselves up to legal
risk through not complying with data protection legislation by not
securing data effectively.
For those looking to stop wireless access points appearing without
permission, either from internal users or external hackers, the
first challenge is to identify these devices when they
appear.
One way of locating rogue devices is to patrol with portable
scanners to locate where wireless signals are coming from, but this
relies on the devices being active at the time.
Leakage is inevitable
The reality is that if there are wireless devices being used in
the company, there will be some RF leakage. Minimising that comes
down to ensuring that proper security policies are in place.
Steve Merrills, technical director at software maker Arc, advised
continuous channel scan- ning for rogue access points and to see if
anyone is trying to connect to the network.
Arc distributes and uses Network Instruments access points and runs
Cisco Wireless Observer for Cisco cards in its own wireless network
to provide IT, administration and sales staff with connection to
the network. With standard Wep (Wired Equivalent Privacy)
encryption running on the systems, Merrills said scanning was
essential for peace of mind.
"The alarm facilities will let us know straight away if anyone
tries to connect," he said.
After installing the wireless network in its own building, Arc
became aware that a neighbouring company had chosen to base its
wireless network on the same radio frequency.
"Because we were monitoring the frequencies, we were able to tell
them about it and pick up any channel clashes. We have even been
able to tell other companies in the building that unauthorised
people were getting on to their networks," Merrills said.
Although some of these networks may happily provide access to the
internet for visitors some, undoubtedly unknowingly, allow
unauthorised access to company networks. The RSA Security survey
found that 34% of networks were not using Wep security.
Pickard said, "Although the use of Wep was significantly higher in
this survey compared with previous years, 27% of networks had no
encryption at all."
Security protocols
Many in the industry believe Wep is not adequate for companies
in which preventing network intrusion from unwanted access is
critical.
Magnus Nystrom, technical director at RSA Security, said this has
been one of the major barriers to wireless network
deployment.
"Wep provides an assurance roughly at the same level of traditional
Lans, but it had some weakness in how it is authenticated," he
said. Hence the intermediate solution of WPA (Wi-Fi Protect
Access), introduced two years ago. "WPA security is not as
desirable as you would like in some environments, but I would not
be concerned about deploying it," Nystrom said.
WPA2 and 802.11 security standards were announced last year,
providing a tighter level of security for those environments that
need it. Experts agree that these new levels of security mean that
wireless networks can be more secure than traditional Lans.
However, there is a basic danger for companies deploying wireless
technology that is being overlooked - the proliferation of hardware
running on default settings. The RSA Security survey found that 25%
of networks had kept the default settings on the hardware after
installation, thus allowing easy access.
Pickard said, "An unauthorised user can effectively go in and kick
all the users off the network and have a lot of bandwidth.
"A security policy needs to cover wireless in every form -
smartphones and other devices - through 3G and other protocols.
Security policies sometimes fall behind in the technology they
cover. They should be covering new technology as it emerges."
Where at the outset of wireless technology companies relied on
physical barriers to stop RF bleed outside the building, now
network experts are advising that, with the availability of 802.11
security protocols, network administrators and IT managers should
be able to maintain network integrity without expensive physical
barriers.
One thing is clear, wireless technology is going to continue
expanding. Companies must understand the necessity for a security
policy that encompasses wireless devices, even if a wireless
network is not deployed within the organisation.