β Scribed by Gilbert Held
No coin nor oath required. For personal study only.
Minimizing wireless LAN exposure U nless you failed to read a trade paper or a recent copy of the New York Times or Wall Street Journal you are probably well aware of the fact that the IEEE 802.11b standard has a security problem. In actuality, this wireless LAN standard has several security-related problems. One well-publicized problem is the fact that the 64-bit encryption key is not 64 bits in length, since an initialization vector is used in conjunction with the key. This reduces the actual length of the key and makes it possible to theoretically use a brute-force method to decrypt a captured data stream in a relatively short period of time, assuming the hacker is in close proximity to the data source to first capture wireless traffic and has access to an applicable program to run on multiple platforms to decrypt the captured traffic.
In a well-publicized story on the pitfalls of wireless LAN security two persons used a van to travel from one parking lot to another to determine if they could read wireless LAN traffic. As they moved from one corporate parking lot to another in Silicon Valley they were able to easily read the traffic on many corporate networks that were broadcast via one or more access points to wireless LAN clients. In addition, they were also able to easily read transmissions to and from the wireless clients. However, instead of having to use a brute-force attack method on multiple computer platforms to decrypt encrypted traffic the two gentlemen in the van were able to read traffic in real-time. The reason for this was due to the fact that by default 802.11b wireless LAN devices do not use wireless equivalent privacy (WEP) encryption. Thus, there are two key problems associated with the security level of the IEEE 802.11b standard-its key length and its default setting of WEP being disabled. While we can consider proprietary solutions to the key length problem as we wait for the IEEE 802.1x authentication standard to be finalized and implemented, its adoption means additional effort and cost for network managers and LAN administrators. Thus, let's consider some practical things we can do that minimize the 802.11b security problem while minimizing our effort and cost.
First and foremost, if we are concerned about security it makes no sense to leave WEP disabled. Thus, the first thing to consider is enabling WEP on all client stations and access points. Secondly, the two gentlemen in the van were able to read network traffic other than that directed to wireless clients because an access point operates as a bridge, broadcasting network traffic onto the air. To minimize this operational effect of access points you can eliminate the bridge effect by connecting access points directly to router ports. While such access points will still function as a wired to wireless LAN bridge, only traffic destined to the access point for forwarding to the wireless client will be routed to the access point. If your organization does not have a sufficient number of router ports available for wiring to the access points and you are operating a switch-based LAN, another possibility is to establish virtual LANs between the access points and the servers the clients access. Doing so will provide another method to restrict the visibility of network traffic that third parties hiding in your organization's parking lot might be able to capture and decrypt.
Since every network manager and LAN administrator wants to minimize the risk of a security breach, rather than forgoing the use of wireless LANs we should implement practical methods to minimize our potential exposure. Last but not least, shouldn't the guard force or the receptionist on the ground floor become suspicious of a van that parks in the parking lot as close to the building as possible and stays there for a few hours without anyone leaving the vehicle? As my Macon TV announcer would say, 'That's my opinion -what's yours?' -Gilbert Held
π SIMILAR VOLUMES