Wireless Lans expose firms to denial attacks

Businesses using wireless local area networks (Lans) may be unwittingly leaving themselves open to wireless-launched denial of...

Businesses using wireless local area networks (Lans) may be unwittingly leaving themselves open to wireless-launched denial of service attacks.

Security experts have shown that hackers armed with low-cost equipment can reach behind company firewalls to overload servers with floods of wireless messages. Their findings will add impetus to calls for the Government to reform the Computer Misuse Act to criminalise denial of service attacks.
A hacker equipped with a Linux laptop computer, a wireless Ethernet card and free software from the Internet can bring company servers to a halt, the security company I-Sec has proved.
The attack relies on the tendency of many businesses to connect their wireless access points directly to their networks, outside the protection of the company firewall. Many may not be aware that their networks have wireless access.
Experts from the company have used Kismet, a software package available on the Internet, to show how hackers could sit outside a building and scan for wireless network access points. It can identify the frequencies and ID numbers of wireless access points, giving hackers all the information they need to get in.
Once online, I-Sec has shown how hackers are able to use other freeware from the Internet, such as SYNK4, to launch denial of service attacks which prevent users from logging on to their company's servers.
Most wireless hackers invade networks just to see what is there or to hijack bandwidth to download software, but a motivated hacker could choose to bring a company's systems to a halt.
"There is nothing to stop someone mounting a denial of service attack if they feel aggrieved. The threat could come from a disgruntled ex-employee, for example," said I-Sec managing director, Geoff Davies. Research by I-Sec in the City of London has shown that about two- thirds of businesses do not encrypt their wireless traffic.
Even when encryption is used, a determined hacker could use freely available software packages, such as Airsnort, to crack the wireless encryption protocol used in most wireless Lans by collecting and analysing wireless traffic over the course of a week.
In a variation on the attack, I-Sec has shown that a hacker could simulate a company's wireless access point by placing a slightly more powerful transmitter near the building. Staff inside would find that their PCs would attempt to log on to the dummy access point, preventing them connecting to the company network.
Businesses can protect themselves by following some simple steps, including turning off transmission of access point identification numbers and moving wireless access points away from windows and the outside edges of buildings.
"The main thing is to use some sort of authentication system, which would prevent someone accessing the network," said Davies.
Guest editor's comment
This seems to be another example of IT suppliers not being honest about the functionality of products. If wireless network sales were subject to the same laws which control financial products there would be many mis-selling claims against the suppliers. If the wireless networks allow such easy access to hackers the suppliers must advise on the tools to minimise the risk.
While it is clearly up to customers to ask the right questions that does not remove responsibility from the supplier to be open and honest about how best to implement IT to minimise security risks. The supplier may not know enough about their own product to give advice, as I have found before.
This story yet again emphasises the IT director's responsibility to understand the limitations of any new technology before it is used in the corporate environment.
David Rippon is chairman of the IT directors' group Elite

Read more on Wireless networking