WLan weakness exposed

Tens of thousands of UK businesses need to reconsider their use of wireless networking technology or risk exposing commercially...

Tens of thousands of UK businesses need to reconsider their use of wireless networking technology or risk exposing commercially sensitive data to hackers, analysts have warned.

Wireless Lan (WLan) equipment is inherently insecure because of a flaw in the encryption cipher standard, wireless security consultant Skygate Technology said.

The flaw means that hackers using 802.11b equipment can penetrate not only wireless networks but also parts of the fixed network holding confidential corporate data.

Graham Titterington of analyst firm Ovum said, "Businesses with wireless networks which are connected to sensitive parts of their fixed networks should seriously reconsider their use of wireless technology. It is a big potential problem."

According to figures from analyst firm IDC, between 34,000 and 38,000 UK businesses use wireless Lans.

Late last year RSA Security used a laptop to penetrate WLans in the City of London, finding that 67% of companies were not encrypting wireless traffic.

Although most US government departments have barred WLans because of their security flaws UK businesses continue to use the technology.

According to Pete Chown of Skygate Technology, 128-bit RC4 cipher in the wireless equivalent privacy (Wep) protocol devised by the Institute of Electrical and Electronic Engineers contains elements which are predictable, making them easier to hack. However most users do not even turnWep on when they install the WLan, Chown said.

To work around the deeper problem of the flaw in RC4 Skygate recommends using IPsec virtual private network security technology.

IPsec creates secure "tunnels" for connections between devices on otherwise accessible networks.

It is not customarily used for internal network connections but Chown recommended it as a workaround for the WLan problem, despite its cost.

Titterington said, "Ideally we need new standards and protocols, but in the meantime users need to encrypt over the top of wireless equivalent privacy or implement an access control block between the WLan and the rest of the network with a login used to get beyond the wireless portion. This can have cost and performance overheads."

Hackers' way in
Using a laptop with a wireless card within range of a corporate WLan a potential intruder first needs to determine the session ID of a particular network, known as the SSID, which should be unique to each WLan but is often not configured. Next the intruder needs to know the encryption keys in wireless equivalent privacy. Software includes AiroPeek which is aimed at network managers and AirSnort and NetStumbler which are freely downloadable.

Read more on Wireless networking