Wireless Security
This chapter is from the book
This chapter is from the book
This chapter is from the book
What You Will Learn
By the end of this chapter, you should know and be able to explain the following:
The essentials of wireless LANs, including their benefits and risks
The major threats to a wireless network
The breadth and scope of possible attacks and exploits that are available to attackers
Being able to answer these key questions will allow you to understand the overall characteristics and importance of network security. By the time you finish this book, you will have a solid appreciation for network security, its issues, how it works, and why it is important.
Wireless Security
In the end, we will remember not the words of our enemies, but the silence of our friends.—Martin Luther King Jr. (1929-1968)
When was the last time you went on vacation to get away from it all? Perhaps to some remote beach or maybe a getaway to the country? Imagine that you walk out the patio door of your hotel room (an ocean view, of course) and admire the beauty of the sun setting on the ocean. The air is cool, so you decide to sit on the porch in your favorite lounge chair; the sea-gulls are playing, the waves are breaking in a rhythmic beat, and beep-beep-beep—your pager begins to go off!
Who could possibly be paging you while you are trying to relax and unplug? What emergency could be so grave that it would require you to be interrupted on this fantasy vacation?
According to the message on the display, there seems to be a problem with the company firewall/VPN/Exchange server/<insert emergency here>. It looks pretty serious, so you conclude that you need to log into your office network and take a look.
It is a good thing that you chose a hotel with high-speed Internet access, and that you brought your wireless access point. The access point is plugged into the high-speed LAN port via wireless so you can still enjoy the beautiful view. You cannot really avoid turning on the laptop that you were not planning to turn on while you were on vacation; you are needed for an emergency.
So, here you are on the patio booting up your laptop. You see the "blinky-blinky" of the wireless NIC's status lights. All systems are go!
You fire up Telnet and proceed to log in to the router/firewall and start snooping around to see what the problem could be. This should not take too long, you say to yourself. There is still plenty of time to enjoy the rest of the evening and perhaps have a nice dinner. An hour goes by and you have solved the problem. You are quite taken with yourself for being ingenious enough to diagnose and resolve the situation within a few tick-tocks.
Screeeech?stop the movie for a second. Unknowingly, the "vacationing uber tech" just caused his company to lose millions of dollars. How, you might ask, did this guy in the movie cause millions of dollars to be lost just by logging in to his company's router/firewall to fix a problem?
It was not the act of telnetting to the router/firewall that caused the problem; it was the fact that he used a wireless connection. You see, the company that uber tech worked for (yes, past tense cause he no longer works for them as a result) is a multinational corporation that was about to announce the creation of a new widget that was capable of converting discarded pizza boxes into SDRAM memory chips; a competitor of this revolutionary company not only wanted to stop this announcement—but they also wanted a copy of the plans for this widget so they could bring it to market first.
It seems that a hacker employed by the competitor was paid to follow vacationing uber tech and, at a convenient moment, break into his hotel room and download the contents of his laptop to a portable storage device, in hopes that the hacker could find some proprietary information about the widget. Upon seeing uber tech boot up his laptop, complete with wireless NIC, the hacker realized that he had struck gold and decided to do some long distance sniffing and hacking, courtesy of uber tech's unsecured wireless connection. Long-distance sniffing and hacking—sounds like a script from "Mission Impossible," doesn't it? Too far fetched to really happen? The truth is that this type of scenario occurs on a daily basis. Bad guys with wireless-enabled laptops steal information right out of the air with little effort. They use tools that are readily available on the Internet and can cause many problems for companies that do not take the time to understand the threats an unsecured wireless connection poses to their corporate network.
This chapter covers several topics related to wireless networking security and helps you identify, understand, and prevent the types of intrusions to which wireless connections are vulnerable from the outside. This chapter focuses on the commercial wireless products that are available and not the home version from Cisco subsidiaries such as Linksys. It is important to understand the differences; in this article describing the Cisco Linksys acquisition, there is a clear, related message:
Take, for example, Cisco's Aironet wireless products. The Aironet products are the result of Cisco's significant investment in industry-leading WLAN and networking technology. Cisco Aironet solutions offer premium value in security, range, management, performance, features, and total cost of ownership as part of a complete, complex network. Linksys' products, on the other-hand, are developed using off-the-shelf silicon and software and focus on ease-of-use, price, and features that are important to consumers. As you can see by this example, the products are geared towards a different market with different needs.