Introduction
This document explains topics relating to wireless networks. The main topics discussed include, what type of vulnerabilities exist today in 802.11 networks and ways that you can help prevent these vulnerabilities from happening. Wireless networks have not been around for many years. Federal Express has been using a type of wireless networks, common to the 802.11 networks used today, but the general public has recently just started to use wireless networking technology. Because of weak security that exists in wireless networks, companies such as Best Buy have decided to postpone the roll-out of wireless technology. The United States Government has done likewise and is suspending the use of wireless until a more universal, secure solution is available.
Background
What is Wireless?
Wireless LANs or Wi-Fi is a technology used to connect computers and devices together. Wireless LANs give persons more mobility and flexibility by allowing workers to stay connected to the Internet and to the network as they roam from one coverage area to another. This increases efficiency by allowing data to be entered and accessed on site.
Besides being very simple to install, WLANs are easy to understand and use. With few exceptions, everything to do with wired LANs applies to wireless LANs. They function like, and are commonly connected to, wired Ethernet networks.
The Wireless Ethernet Compatibility Alliance [WECA] is the industry organization that certifies 802.11 products that are deemed to meet a base standard of interoperability. The first family of products to be certified by WECA is that based on the 802.11b standard. This set of products is what we will be studying. Also more standards exist such as 802.11a and 802.11g.
The original 802.11 standard was published in 1999 and provides for data rates at up to 2 Mbps at 2.4 GHz, using either FHSS or DSSS. Since that time many task groups have been formed to create supplements and enhancements to the original 802.11 standard.
The 802.11b TG created a supplement to the original 802.11 standard, called 802.11b, which has become the industry standard for WLANs. It uses DSSS and provides data rates up to 11 Mbps at 2.4 Ghz. 802.11b will eventually be replaced by standards which have better QoS features, and better security.
Network Topology
There are two main topologies in wireless networks which can be configured:
Peer-to-peer (ad hoc mode) – This configuration is identical to its wired counterpart, except without the wires. Two or more devices can talk to each other without an AP.
Client/Server (infrastructure networking) – This configuration is identical to its wired counterpart, except without the wires. This is the most common wireless network used today, and what most of the concepts in this paper apply to.
Benefits of Wireless LANs
* WLANs can be used to replace wired LANs, or as an extension of a wired infrastructure. It costs far less to deploy a wireless LAN than to deploy a wired one. A major cost of installing and modifying a wired network is the expense to run network and power cables, all in accordance with local building codes. Example of additional applications where the decision to deploy WLANs include:
* Additions or moves of computers.
* Installation of temporary networks
* Installation of hard-to-wire locations
Wireless LANs give you more mobility and flexibility by allowing you to stay connected to the Internet and to the network as you roam.
Cons of Wireless LANs
Wireless LANs are a relatively new technology which has only been around since 1999. With any new technology, standards are always improving, but in the beginning are unreliable and insecure. Wired networks send traffic over a dedicated line that is physically private; WLANs send their traffic over shared space, airwaves. This introduces interference from other traffic and the need for additional security. Besides interference from other wireless LAN devices, the 2.4 GHz is also used by cordless phones and microwaves.
Security Issues of WLANs
* War-driving
War-driving is a process in which an individual uses a wireless device such as a laptop or PDA to drive around looking for wireless networks. Some people do this as a hobby and map out different wireless networks which they find. Other people, who can be considered hackers, will look for wireless networks and then break into the networks. If a wireless is not secure, it can be fairly easy to break into the network and obtain confidential information. Even with security, hackers can break the security and hack. One of the most prevalent tools used on PDAs and Microsoft windows devices is, Network Stumbler, which can be downloaded at http://www.netstumbler.com. Equipped with the software and device, a person can map out wireless access points if a GPS unit is attached. Adding an antenna to the wireless card increases the capabilities of Wi-Fi. More information can be found at: http://www.wardriving.info and http://www.wardriving.com to name a few.
* War-chalking
War-chalking is a method of marking wireless networks by using chalk most commonly. War-driving is usually the method used to search for networks, and then the person will mark the network with chalk that gives information about the network. Some of the information would include, what the network name is, whether the network has security, and possibly the contact information of who owns the network. If your wireless network is War-chalked and you don't realize it, your network can be used and/or broken into faster, because of information shown about your network.
Eavesdropping & Espionage
Because wireless communication is broadcast over radio waves, eavesdroppers who just listen over the airwaves can easily pick up unencrypted messages. These intruders put businesses at risk of exposing sensitive information to corporate espionage. Wireless LAN Security – What Hackers Know That You Don't www.airdefense.net Copyright 2002
Internal Vulnerabilities
Within an organization network security can be compromised by ways such as, Rouge WLANs (or Rouge Aps), Insecure Network Configuration, and Accidental Associations to name a few.
Rouge Access Points – An employee of an organization might hook up an access point without the permission or even knowledge of IT. This is simple to do, all a person has to do is plug an Access point or wireless router into an existing live LAN jack and they are on the network. One statistic in 2001 by Gartner said that, “at least 20 percent of enterprises already have rouge access points.” Another type of attack would be if, someone from outside the organization, enters into the workplace and adds an Access Point by means of Social Engineering.
Insecure Network Configurations- Many companies think that if they are using a firewall or a technology such as VPN, they are automatically secure. This is not necessarily true because all security holes, big and small, can be exploited. Also if devices and technologies, such as VPNs, firewalls or routers, are mis-configured, the network can be compromised.
Accidental Associations – This can happen if a wireless network is setup using the same SSID as your network and within range of your wireless device. You may accidentally associate with their network without your knowledge. Connecting to another wireless LAN can divulge passwords or sensitive document to anyone on the neighboring network. Wireless LAN Security – What Hackers Know That You Don't www.airdefense.net Copyright 2002
Social Engineering – Social Engineering is one of the most effective and scariest types of attacks that can be done. This type of attack really scares me and can be done for many other purposes besides compromising security in wireless networks. A scenario: Someone dressed up as a support person from Cisco enters the workplace. The secretary sees his fake credentials and lets him get pass the front desk. The impersonator walks from cubicle to cubicle, collecting user names and passwords as he/she goes. After finding a hidden corner, which seems to be lightly traveled, he plugs an insecure Access Point into the network. At the same time he configures the Access Point to not broadcast its SSID and modifies a few other settings to make it hard for the IT department to find this Rouge Access Point. He then leaves without ever being questioned by anyone because it looks like he just fits in. Now, all he has to do is be within 300 feet from the access point, (more if he added an antenna), and now has access to all kinds of secure documents and data. This can be a devastating blow to any corporation and could eventually lead to bankruptcy if the secrets of the company were revealed to competitors.
Bruce Schneier came to my classroom and said the following about Social Engineering, “Someone is just trying to do their job, and be nice. Someone takes advantage of that by targeting this human nature. Social Engineering is unsolvable.”
Securing Wireless Networks
According to Bruce Schneier and others such as Kevin Mitnick, you can never have a totally secure computing environment. What is often suggested is to try and control the damage which can be done if security is breached. One can try many different tools on the market which can help prevent security breaches.
WEP – WEP supports both 64 and 128-bit keys. Both are vulnerable, however, because the initialization vector is only 24-bits long in each case. Its RC4 algorithm, which is used securely in other implementations, such as SSL, is quite vulnerable in WEP. Http://www.infosecuritymag.com/2002/jan/cover.shtml Wireless Insecurities By Dale Gardner. Different tools exist to break WEP keys, including AirSnort, which can be found at www.airsnort.net. Although this method is not a secure solution, it can be used to help slowdown an attacker if other means are not possible financially or otherwise.
VPN and IPSec- IPSec VPNs let companies connect remote offices or wireless connections using the public Internet rather than expensive leased lines or a managed data service. Encryption and authentication systems protect the data as it crosses the public network, so companies don't have to sacrifice data privacy and integrity for lower costs. A lot of VPN's exist on the market today. An important note about VPNs is, interoperability does not really exist, and whatever you use for your server has to be the same brand as your clients most of the time. Some VPNs include:
* Borderware
* BroadConnex Networks
* CheckPoint
* Cisco
* Computer Associates
DMZ – Adding this to your network enables you to put your wireless network on an untrusted segment of your network.
Firewalls – Firewalls are all over the place. Firewalls range from hardware to software versions. By adding a firewall between the wireless network and wired network helps prevent hackers from accessing your wired network. This paper doesn't go into specifics about different firewalls and how to set them up, but there are many. Some of the firewalls include:
* ZoneAlarm (an inexpensive based software firewall) Zonelabs.com
* Symantec has many different firewalls depending what you require.
PKI - Public-key infrastructure (PKI) is the combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on the Internet. What is PKI? http://verisign.netscape.com/security/pki/understanding.html
Site Surveys – Site Surveys involve using a software package and a wireless device to probe your network for Access Points and security risks.
Proactive Approaches
Since wireless technology is insecure, companies or anyone can take a proactive approach to try and identify hackers trying to gain access via wireless networks.
Honeypots – are fake networks setup to try and lure in hackers. This enables administrators to find out more about what type of techniques hackers are using to gain access. One product is Mantrap created by Symantec.
“ManTrap has the unique ability to detect both host- and network-based attacks, providing hybrid detection in a single solution. No matter how an internal or external attacker tries to compromise the system, Symantec ManTrap's decoy sensors will deliver holistic detection and response and provide detailed information through its system of data collection modules.”
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157
Intrusion Detection – Intrusion Detection is software that monitors traffic on the network. It sounds out a warning if a hacker it trying to access the network. One such free product is Snort.
“Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads the packets off of the network and displays them for you in a continuous stream on the console. Packet logger mode logs the packets to the disk. Network intrusion detection mode is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon what it sees.” http://www.snort.org/docs/writing_rules/chap1.html#tth_chAp1
Network Monitoring- Network Monitoring would be products such as snort that monitor the flow of traffic over the network.
Quick tips and tricks
* When setting up wireless networks and access points there are a few quick steps that can be taken to immediately secure the network, even though it does not make it secure. Some of these ways include:
* Change your default SSID: each router or access point comes with a default SSID. By changing this it can take longer for an attacker to know what type of device he is trying to hack.
* Change the default password – generic default passwords are assigned to access points and routers. Sometimes the password is admin. By changing this password, the attacker cannot modify settings on your router as easily.
* Disable broadcasting SSID: By default AP's broadcast their SSIDs, if you shutoff this setting it is harder for outsiders to find your AP.
* Enable MAC filtering: WARNING: this can only work in smaller environments where a centralized access list does not need to be maintained. You can enable only specific wireless cards to access the AP by only enabling those MAC addresses.
* Turn off shares: If security is important, scanning for shares and turning off the shares on the network can help. Also encrypting sensitive data can prevent hackers from accessing the data.
* Put your wireless access points in a hard to find and reach spot.
* Keep your drivers on all wireless equipment updated. This helps patch existing security vulnerabilities.
* Read current press releases about emerging wireless news.
About The Author
Richard J Johnson
Network+ Certified
RJ Computer Consulting
http://rjcomputerconsulting.com
Richard@johnsorichard.com
Article Source: http://EzineArticles.com/
Hacking Threats and Protective Security
The 1998 Data Protection Act was not an extension to, but rather a replacement which retains the existing provisions of the data protection system established by the 1984 legislation. The Act was to come into force from 24 October 1998 but was delayed until 1st March 2000.
In addition to data, manual records were to be brought within the terms of the new data protection system, thus allowing subject access rights to access to such records.
Due to the allowances made for existing institutions to be brought into compliance with the new legislation, manual data processing that began before 24 October 1998 was to comply with the new subject access accommodations of the Act until 2001.
Now 4 years later there are still unresolved issues such as the security threats presented by computerisation, these can be broadly divided into 3 broad categories:
Incompatible usage:
Where the problem is caused by an incompatible combination of hardware and software designed to do two unconnected but useful things which creates weak links between them which can be compromised into doing things which they should not be able to.
Physical:
Where the potential problem is caused by giving unauthorised persons physical access to the machine, might allow user to perform things that they should not be able to.
Software:
Where the problem is caused by badly written items of "privileged" software which can be compromised into doing things which they should not be able to.
Security philosophy:
A systems security implementations (software, protected hardware, and compatible) can be rendered essentially worthless without appropriate administrative procedures for computer system use.
The following details the results of the threat analysis. If a computer system was setup to mimic the current running of the health practice the following considerations should be understood:
Assets To Be Protected:
That due to the nature of the institution, stable arrangements would need to be made to protect the:
Data: Programs and data held in primary (random access and read only memory) and secondary (magnetic) storage media.
Hardware: Microprocessors, communications links, routers, and primary / secondary storage media.
Security Threats:
The following details the relevant security threats to the institution and the more common causes of security compromise.
Disclosure:
Due to both the sensitive nature of the information to be stored and processed there are more stringent requirements of the new data protection legislation, all reasonable precautions must be taken to insure against this threat.
Attackers:
Although the vast majority of unauthorized access is committed by hackers to learn more about the way computer systems work, cracker activities could have serious consequences that may jeopardize an organisation due to the subsequent violation of the seventh data protection principle ie that personal data shall be surrounded by proper security.
The staff:
It is widely believed that unauthorized access comes from the outside, however, 80% of security compromises are committed by hackers and crackers internal to the organisation.
operators:
The people responsible for the installation and configuration of a system are of critical risk to security. Inasmuch as they may:
[1] Have unlimited access to the system thus the data.
[2] Be able to bypass the system protection mechanisms.
[3] Commit their passwords for your system to a book, or loose notes.
[4] A tendency to use common passwords on all systems they create, so that a breach on one system may extend to others.
The data subject:
The data subject invoking the right to access personal data creates a breach in security by definition. To comply with such a request the data must be ‘unlocked’ to provide access to it, thus creating additional risks to security. Inasmuch as:
[1] If copies have to be made, this will normally be by clerical staff who would not normally have such rights themselves.
[2] The copies may go astray whilst being made available.
[3] Verification of the identity of the data subject becomes very important.
Software:
Many business have database applications that are typically designed to allow one to two staff to handle a greater work load. Therefore such software does not allow validation (confirming that data entries are sensible) of the details the staff enter.
This is a critical security risk as it allows basic acts of fraud to be committed, such as, bogus data entry (entering additional unauthorised information).
Importance Of Good Security:
Data is valuable in terms of time and money spent on gathering and processing it. Poor or inadequate system protection mechanisms canlead to malicious computer system attacks (illegal penetration and use of computer equipment).
One or more devious, vandalising, crackers may damage a computer system and / or data, such damage could have serious consequences other than those of the subsequent violation of the seventh data protection principle that may jeopardize the organisation. For example:
Loss of information: Which can cost money to recreate.
False information: With possible legal action taken.
Bad management: Due to incorrect information.
Principles Of Computer Security:
The publication and exploration of inefficiencies and bugs in security programs that exit in all complex computer programs (including operating systems), methods of entry and ease of access to such technical information has meant that a system is only as secure as the people who have access to it and that good system security cannot be guaranteed by the application of a device or operating system.
Computerisation:
Media reports that draw public attention to the security threats inherent in the nature of programable technology and the safety of individuals information has given rise to situations where institutions entrusted with sensitive information need to spend as much time and energy to gain public trust in such systems as they do in providing serveries.
Although this scenario does not yet apply to the health industry inasmuch as the public are not yet the end users of the system, such social impressions must be considered:
This leads us to the question: if life with computers is so wonderous, how do you leave it? Simply flip a switch and everything will shut down and you can explore the marvels of the oustide world. Computers are only tools and, just like an electric screwdriver, computers can save time and effort without taking anything away from you. All you have to decide is when you want to use a computer and when you don't, you're still in complete control of your life.
Principles Of Inference:
One of the new concepts introduced by the data protection legislation is ‘inference’, and data is now regarded as itself sensitive if sensitive data can be inferred from it. For example, if an estate agent displays complete details about one terraced house, you can infer what the neighbouring house is like. In a medical practice, full patient details about three members of a family could probably allow you to construct the details of a fourth.
This must be linked to the proposition that, in the last 10 years or so more information has been stored about individuals than in all of previous history, and, because of computerisation, all of that information is capable of being pulled together from the different organisations (banks, stores, state, etc) which hold it.
Right To Privacy:
It can be seen that the statement ‘The processing of personal computerised data represents a threat to the individual’s right to privacy’ is well founded. Unfortunately, until now, there has been no statutory right in English law to personal privacy.
For this reason, a right to privacy of that information has been set into the data protection legislation, and, it is only such legislation that prevents complete dossiers from being compiled on any given individual.
Health professionals are exempted from the need for prior approval before processing personal information, for example, as it is clear the health of the individual overrides the individual’s right to privacy, and the consent can be taken for granted.
This does not prevent health professionals from having the full burden of protecting that information from unauthorised access, specifically due to the higher obligations placed on them by the Hippocratic oath which states that a member of the medical profession should respect the secrets which are confided them, even after the patient has died.
However, as can be seen from the exemptions and exceptions, a difficult balance has to be achieved between the right to privacy, and the needs of the individual (and/or the organisation).
In the case of the any entity or practice, the data subject’s rights to the protection of the data that relates to them creates a conflict of interests between them and the practice inasmuch the complex security system needed for this requires extra administration and the navigation of a complex system every time data is need may place extra stress on the staff, both things the management may wish to avoid.
© I am the website administrator of the Wandle industrial museum (http://www.wandle.org). Established in 1983 by local people to ensure that the history of the valley was no longer neglected but enhanced awareness its heritage for the use and benefits of the community.
Article Source: http://EzineArticles.com/
Social Security Online
