Wireless Local Area Network (WLAN) security is one of the most important aspects of any WLAN design. The same security exposures exist on WLANs as for hard-wired Ethernet LANs. However, WLANs are actually exposed to many, additional vulnerabilities, in addition to those expected with wired Ethernet LANs. For example, someone could park outside a building and pick up the WLAN signals from inside the building, reading, and perhaps copying and stealing, the data. This type of hacking is often called a form of the Man-in-the-Middle attack.
As you have learned in your CCNA studies, a WLAN links two or more devices using some wireless distribution method (typically, spread-spectrum or OFDM modulated radio waves) and usually provides a connection through an access point (AP) that is directly connected to a hard-wired Ethernet network. This gives users the mobility to move around within a local coverage area and still be connected to the network.
Many businesses are now implementing WLAN segments on their internal LANs because they are easy to set up and there are no additional wires to run. WLANs enable users with laptops and other mobile devices to roam the enterprise and not have to physically plug in wherever they go. Too often, Business Decision Makers (BDMs) think that because the setup of a wireless network is essentially plug-and- play, that everything is functioning properly and securely. However, WLANs are a virtual playground for hackers. WLAN technology is still relatively new, and most network designers and administrators are not sufficiently proficient with security protocols and procedures.
Hackers have found wireless networks relatively easy to break into and can even use wireless technology to leap-frog into wired networks.As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources. However, there are a great number of security risks associated with the current wireless protocols and encryption methods. Hacking methods have become much more sophisticated and innovative with wireless. Hacking has also become much easier and more accessible with easy-to-use Windows or Linux-based tools being made available on the Web at no charge.
Any wireless access point that is attached to a hard-wired Ethernet network segment is essentially bridging the internal network directly to the surrounding area, in many cases without firewall protection. Without proper security measures for authentication, any laptop with a wireless card can access the network and listen to all network traffic.
From a network design and management aspect, it is important to understand the potential for rogue WAPs in an enterprise. WAPs can be purchased at many stores such as Wal-mart or Kmart and hooked up by even a non-technical person. In many cases, the network administrators are not made aware of these unauthorized installations which, unfortunately, are logically located inside the corporate firewall and Demilitarized Zone (DMZ).
Some WLAN security vulnerabilities give hackers an opportunity to cause harm by stealing information, accessing hosts in the wired part of the network, or preventing service through a denial-of-service (DoS) attack. Other vulnerabilities may be caused by a well-meaning but uninformed employee who installs an AP without the IT department’s approval, with no security.
Several of the most common types of WLAN security issues a CCNA must be familiar with are:
- War Drivers: The attacker often wants to gain Internet free of charge. So, this type of hacker drives around, attempting to locate APs that have no or weak security. The success of this type of attack can be enhanced if the attacker uses easily downloaded software tools and, in many cases, high-gain directional antennas, which are also easily purchased and installed.
- Hackers: The motivation for hackers is to either find information or, perhaps deny services to network owners. In addition, an attacker’s end goal may be to compromise the hosts, such as servers, inside the wired network. Then, the attacker uses the wireless network as a way to access the Enterprise network, without having to go through Internet connections that have firewalls and Intrusion Detection Systems (IDS). They often do this to continue to improve on their hacking skills, or simply for their own personal enjoyment.
- Employees: Employees, at all levels of the organization chart, can unwittingly help hackers gain access to the Enterprise network in several ways. An employee could go to an office supply store and buy an AP for less than $100, install it in their office using the default settings of “no security,” and create their own small WLAN, erroneously think they have a “private” WLAN. However, this WLAN would enable a hacker to gain access to the rest of the Enterprise from their car in the parking lot. This would also be a good example of how a “man-in-the-middle” attack could occur.
- Rogue AP: Here, an attacker captures packets in the existing WLAN, finding the Service Set Identifier (SSID) and cracking security keys, if they are used. Then, the attacker can set up their own AP, using the same settings, and get the enterprise’s clients to use it. In turn, this can cause the associated users to enter their usernames and passwords, enabling the next phase of the attacker’s plan.
In my next post, I will discuss the WLAN standards most commonly used to implement the authentication and encryption segments of a security policy.
Author: David Stahl