Going wireless is a big step, and maintaining wireless security is an ongoing process so it's little surprise that IT pros have so many questions about wireless technology.
Here are some of the most frequently asked questions on wireless security.
Q: Can WEP (Wired Equivalent Privacy protocol) be easily hacked?
A: Anyone with a laptop and a wireless network card can sniff encrypted packets as they flow across a wireless network. Depending on the content and structure of captured packets, a hacker simply needs to capture anywhere from 100 MB to 1 GB worth of packets. Such a sampling size guarantees that the hacker will have all of the information he needs to break the WEP encryption. Once the necessary volume of data has been captured, the hacker can simply run a freeware utility against the captured packets to derive the WEP key.
Can a Pringles can be used as an antenna by hackers?
Yes. Although a typical wireless NIC has a range of 100 to 300 feet, faint radio signals are transmitted far beyond the network's operational area. By investing about $10 for a few parts from and for a can of Pringles, you can easily build an antenna that can intercept a signal from as far as 16km away (assuming that there is a clear line of sight). Other industrial-strength antennas can intercept a signal from even further away.
Can a VPN ensure wireless privacy?
Setting up a VPN greatly enhances the privacy of a wireless network, especially when used in conjunction to WPA or WEP encryption. If you are considering implementing a wireless VPN though, there are a couple of issues that you need to consider. First, if the wireless signal drops for a second, users' connections will be terminated, and they will have to reestablish their VPN connections. Second, a wireless VPN offers no protection against rogue access points. Third, a wireless VPN doesn't provide wireless users the same seamless network access as wired users have since they will usually have a separate login for the VPN connection.
If WEP encryption is so insecure, then why does 802.1x rely on it?
802.1x by itself is not secure. 802.1x only becomes secure when combined with the Extensible Authentication Protocol (EAP). EAP makes it possible to securely distribute WEP keys. Rather than relying on static WEP keys, the 802.1x and EAP combination allow each session to have a unique WEP key. Additionally, WEP keys automatically expire every ten minutes. Since each session is frequently re-keyed, it makes it impossible for a hacker to collect the necessary volume of packets between key changes.
Is it true that wireless network users are themselves vulnerable to security breaches even when connected to a corporate LAN via a wireless VPN connection?
Yes, there are three primary ways at which wireless users are at risk. First, if volumes or folders on the users' machines are shared, it is possible for other users within the subnet to access the contents of those shares. Second, someone on the same subnet as the user could perform a buffer overflow attack against the user. Finally, not all traffic is routed over the VPN. Traffic related to Internet usage is routed over the Internet. This traffic is subject to capture through the usual methods.
I have never shared any files or folders on my hard disk. Is my information still vulnerable to compromise while I am using a wireless connection?
Yes. Even if you never create a share point, Windows has a few shares of its own. There is a share called Admin$ and another share for each hard drive (C$, D$, etc.). You can't disable these shares because Windows depends on them. To prevent these shares from being exploited, make sure that the system is running a personal firewall. Also change the local Administrator's username and password to further reduce the chances of these shares being exploited.
Is it safe not to tunnel traffic destined for the Internet?
When a wireless user is connected to the corporate network via a VPN link, it may seem that since traffic destined for the Internet must be first routed through the corporate network that it will pass through the VPN. However, this isn't always the case. VPN tunnels can become congested rather easily. To conserve bandwidth, some VPN implementations transmit traffic destined for the Internet over the wireless network but outside of the VPN tunnel. This means that Internet traffic is unencrypted. This shouldn't be a problem since nothing sensitive should be flowing across the Internet. However, some users use the same password for Web sites as they use for access to the corporate network. If such a site doesn't encrypt passwords, it might be possible for someone to steal a password and use it to gain access to the corporate network.
How can a wireless workstation be subject to buffer overflow attacks?
Unless a workstation is running a personal firewall, other machines on the same subnet as the workstation can communicate with the system across all TCP and UDP ports. The corporate firewall only blocks malicious traffic from the outside world; it does nothing to prevent attacks from within.
6%
1%
