Biz & IT —

Wireless Security Blackpaper

The ins and outs of wireless network security.

Introduction

In 1999 the IEEE completed and approved the standard known as 802.11b, and WLANs were born. Finally, computer networks could achieve connectivity with a useable amount of bandwidth without being networked via a wall socket. Suddenly connecting multiple computers in a house to share an Internet connection or play LAN games no longer required expensive or ugly cabling. Business users could get up out of their chairs and sit in the sunshine while they worked. New generations of handheld devices allowed users access to stored data as they walked down the hall to a meeting. The dawn of networking elegance was upon us. Users could set their laptops down anywhere and instantly be granted access to all networking resources. This was, and is, the vision of wireless networks, and what they are capable of delivering.

Fast forward to today. While wireless networks have seen widespread adoption in the home user markets, widely reported and easily exploited holes in the standard security system have stunted wireless' deployment rate in enterprise environments. While many people don't know exactly what the weaknesses are, most have accepted the prevailing wisdom that wireless networks are inherently insecure and nothing can be done about it. Can wireless networks be deployed securely today? What exactly are the security holes in the current standard, and how do they work? Where is wireless security headed in the future? This article attempts to shed light on these questions and others about wireless networking security in an enterprise environment.

A few technical details

WLAN networks exist in either infrastructure or ad hoc mode. Ad hoc networks have multiple wireless clients talking to each other as peers to share data among themselves without the aid of a central Access Point. An infrastructure WLAN consists of several clients talking to a central device called an Access Point (AP), which is usually connected to a wired network like the Internet or a corporate or home LAN. Because the most common implementation requiring security is infrastructure mode, most security measures center around this design, so securing an infrastructure mode wireless network will be the focus of this article. 802.11b specifies that radios talk on the unlicensed 2.4GHz band on one of 15 specific channels (in the US, we are limited to using only the first 11 of those 15 channels). Wireless network cards automatically search through these channels to find WLANs, so there is no need to configure client stations to specific channels. Once the NIC finds the correct channel, it begins talking to the Access Point. As long as all of the security settings on the client and AP match, communications across the AP can begin and the user can participate as part of the network.

Bandwidth on an 802.11b network is limited to 11Mb per access point. This 11Mb is divided among all users on that access point. If ten people access the same AP, communication to the wired world will be limited to approximately the equivalent of a decent DSL line. Because the 802.11b standard does not contain any specifications for load balancing across multiple access points, devices that strictly adhere to the standard have no answer if you find your network becoming over populated. The only way to manage this is to add another AP in the same area, but with a different network name and radio channel, effectively having more than one separate network (up to a maximum of three), in the exact same area. Some wireless vendors have proprietary solutions for load balancing, but discussing these initiatives falls outside the scope of this article. Interested readers should look into individual companies' propaganda documentation before they deploy their wireless network if they feel they will need these services.

Basic security: 802.11b's nod towards private communications and its weaknesses

From its inception the 802.11b standard was not meant to contain a comprehensive set of enterprise level security tools. Still, there are some basic security measures included in the standard which can be employed to help make a network more secure. With each security feature, the potential for making the network either more secure or more open to attack exists.

Service Set Identifier

The Service Set Identifier (SSID) is meant to differentiate networks from one another. Initially, AP's come set to a default depending on the manufacturer. For example, all Linksys AP's are set to the network name of 'linksys', while Cisco AP's are initially set to 'tsunami'. Because these default SSID's are so well known, not changing it makes your network much easier to detect. Another common mistake regarding the SSID is setting it to something meaningful such as the AP's location or department, or setting them to something easily guessable. The SSID should be created with the same rules as any strong password (long, non-meaningful strings of characters including letters, numbers and symbols).

By default the Access Point broadcasts the SSID every few seconds in what are known as 'Beacon Frames'. While this makes it easy for authorized users to find the correct network, it also makes it easy for unauthorized users to find the network name. This feature is what allows most wireless network detection software to find networks without having the SSID upfront.

SSID settings on your network should be considered the first level security, and should be treated as such. In its standards-adherent state, SSID may not offer any protection to who gains access to your network, but configuring your SSID to something not easily guessable can make it harder for intruders to know what exactly they are looking at.

Channel Ars Technica