Tactical Advice

Perimeter Defense

Try these tips to help prevent eavesdropping and information leaks from affecting your wireless networks and devices.

by S.G. Masood posted Feb 23, 2007

This story appears in the March 2007 issue of BizTech Magazine.

It’s all too easy for malicious attackers to discover vulnerable wireless networks by “wardriving” — cruising around with a wireless notebook or handheld computer and looking for easy-to-tap wireless networks.

Wardriving details are freely available on the Internet because wardrivers often collect information on discovered open networks, combine it with location maps and then post it for public consumption. Plus, attacking a wireless network is much easier for hackers because it doesn’t require physical connectivity to the network.

If you haven’t checked your network’s perimeter, here are five items to add to your security checklist:

1 Use a virtual private network to foil eavesdropping: To stop attackers from tapping into your business’ communications and performing man-in-the-middle attacks, encrypt all traffic. Existing wireless encryption standards such as Wired Equivalency Privacy, for instance, are not sufficient because they have flaws. It’s much more reliable to use a VPN for encrypting communications. Don’t allow client systems to perform any action on the network without establishing a VPN connection first.

2 Isolate wireless access points from the internal network: It is quite common for corporate networks to have wireless access points connected to the internal wired network. It is better to create a separate network for the access points and then to isolate the network from the internal wired network using firewalls.

3 Weed out rogue access points: Access points are easy to install, and most devices with wireless access can be converted into access points. Users can install rogue access points without the network administrator’s knowledge. These nodes are obvious security risks because they may or may not be affected by measures taken by the administrator to secure the known access points.

4 Filter unauthorized Media Access Control addresses: Access points usually let an administrator limit access to devices based on MAC addresses. The administrator can specify a list of allowable devices based on their MAC addresses. The access point will then rebuff all other devices that attempt to access the network. Although not a foolproof technique, it can still keep out unsophisticated attackers.

5 Reduce the radio coverage of the wireless network: The wireless network should provide coverage only to the desired area and minimize leakage of the signal to the outside world. Configure each access point to reduce the range of its radio signal.

CEO Takeaway

Wireless devices and networks have unique security requirements quite different from their wired counterparts. Because wireless access points often connect to internal wired networks in corporate topologies, an attacker can leverage a successful attack on an access point to infiltrate the internal network and systems. To foil drive-by hackers, make sure routine audits include:

• Upgrading drivers and firmware regularly.

• Changing the default configuration of wireless devices to a more secure one, including renaming passwords and service set identifiers. (Each SSID is a unique alphanumeric name that identifies a specific wireless network.)

• Cloaking your network’s existence — muzzle its beacon signal and don’t broadcast the SSID.

• Disabling automatic Internet Protocol address assignments and using static IP addresses.

S.G. Masood is a Web security researcher for F-Secure (www.f-secure.com), a network security services provider with headquarters in Helsinki, Finland.