Wireless Device Control

Major data thefts have been initiated by attackers who have gained wireless access to organizations from nearby parking lots, bypassing organizations’ security perimeters by connecting wirelessly to access points inside the organization.  Wireless clients accompanying travelling officials are infected on a regular basis through remote exploitation during air travel or in cyber cafés.  Such exploited systems are then used as back doors when they are reconnected to the network of a target organization.  The discovery of unauthorized wireless access points on their networks, planted and sometimes hidden for unrestricted access to an internal network is also a problem and is.  Because they do not require direct physical connections, wireless devices are a convenient vector for attackers to maintain long-term access into a target environment.

Wireless technology has complicated our security operations by introducing a mobile threat that sometimes goes beyond our control.  In order for us to ensure security is maintained, we must identify and assess all assets, which we control in an effort to reduce risk to operations. 

To compromise a network through a wireless device requires:

· A relative close proximity to the network being attacked

· Determination of the Service Set Identifier (SSID) (not always required)

· The channel being used (identifies the frequency used)

· The type of encryption (if any) used:

            WEP (Wired Equivalent Privacy)

            WPA (WiFi Protected Access)

            WPA2 (government grade security implementation)

Other implementations

Improperly configured devices always offer easy avenues for exploitation and compromise.  Attacking a system that has been left in a default configuration, generally means it is in an adhoc (peer to peer) open mode or one that does not require authentication to join.  These types of networks create a great risk to anyone who uses them since every bit of data transmitted over them is subject to compromise, not just the network.  Regular scanning and monitoring of wireless networks is necessary since some devices, if power surges or loss occurs, lose their configurations and will default to an open state and therefore a threat.

Attacking authenticated systems is a challenge but with weak implementations of encryption technologies will afford easier avenues in.  Cracking encryption usage requires the monitoring, collecting, and cracking effort of a large amount of packets.  Lack of packets being transmitted does not mean cracking cannot be attempted, it just requires the use of tools designed to request traffic, such as a broadcast, authentication request, or similar activity.  These types of attacks cause the Access Points (APs) to respond in kind with requested information.

Attacks on wireless networks require a near proximity if desiring two way access to networks, but if all that is desired is the ability to monitor and steal data, then these types of attacks can be conducted up to seven miles, yes miles, away.  Generally a monitoring effort need only have line-of-sight with the targeted site.

Keep track of the version of firmware, your access logs, encryption algorithm, and method of key rotation to prevent being targeted.

Also limit the distance of your signals and how far they broadcast, not only by reducing the strength through the configuration software, but by physical location of the devices, shielding of office windows with inexpensive film, and landscaping.

MAC (Media Access Control) address management and filtering can offer security to your wireless networks.  Limiting address assignment to specific MAC addresses can offer the flexibility to incorporate this type of security filtering technique.  DO NOT rely solely on this method, as MAC addresses can be compromised over the airwaves, and hackers know this.  They will incorporate MAC spoofing and ARP (Address Resolution Protocol) poisoning to overcome these restrictions.  So incorporate a good secure “blend” of techniques to afford appropriate protection.   802.11w is looking to improve this and the committee estimates to finish the standard by Jan 2010.

Consistent monitoring and auditing of assigned IP addresses and MAC address access is the only way to determine if someone has infiltrated your wireless network.  Discovering a compromise should prompt for immediate key rotation, and potentially new key generation followed by a physical distribution method and reassessment of your network.  Utilizing appliances such as AirDefense (one such product is by Motorola®) and the BVS Yellowjacket wireless network analyzer allow us to detect and identify wireless devices to search for rogue devices, and to deny unauthorized wireless devices’ connectivity to our wireless networks.

And just for your information I can crack WPA2 just as fast as I can crack WEP. You’re not safe so please consider all the above points to help you find the best way to secure your Wireless Access. Or just get rid of it completely.

One Reply to “Wireless Device Control”

  1. Good article man. Its funny timing because I just finished a really great wireless class.
    Just wondering how can you crack WPA2? Probably WPA2 personal by gaining someones password. But I dont see how you could crack AES encryption algorithm.

Leave a Reply

Your email address will not be published. Required fields are marked *