Home » Data Protection » Wireless/Mobile

Industry View

Risk Assessment: Are You Overlooking Wireless Networks?

The continually changing landscape of wireless technology requires updated security methods...and frequent auditing.

By Chad Kalmes and Greg Hedges

Page 2

For corporate networks, one of the most basic forms of security implemented for their wireless networks is a hidden service set identifier (SSID). The SSID is a sequence of up to 32 letters or numbers that is essentially the name of a wireless network. Hiding the broadcast of the SSID requires end users to know and manually enter the correct SSID in order to access the network. However, almost all wireless scanners and software available today can very easily discover the SSID of networks, even if it is not overtly broadcast. This enables easy access to the network if this "security through obscurity" technique is the only form of control in place. In addition, the SSID used may leak unintended information about the company or wireless network in use. Likewise, companies may unknowingly disclose sensitive information, including the company name or department, street address, domain name or even the encryption key in use, if this information is contained in the SSID.

Further, as all wireless communication occurs within a known spectrum of radio waves, unauthorized users can monitor those channels to see any of the network traffic passing by. Many internal auditors and IT managers can think back to the issues related to using hubs on corporate networks, which broadcast network traffic in a manner similar to wireless networks, and immediately recognize the risks and issues associated with that practice that eventually led to the deployment of switched networks. In wireless terms, though, imagine those hubs also take away all of your walls and physical security controls.

While the most basic forms of wireless encryption (including WEP, LEAP, etc.) were initially broken using brute-force methods, newer shortcuts can cut the time it takes to decipher wireless traffic down to a matter of hours. In a typical corporate network, the time to defeat encryption can be even shorter due to higher traffic volumes. In terms of how easy this can be, one must only look to the numerous headlines highlighting hackers with wireless-enabled devices who have obtained retail customer records and other information while sitting in cars parked hundreds of feet away from retail stores.

Wireless enthusiasts and members of the underground community are also using the availability of wireless to gather information regarding the wireless networks cropping up around the world. Nowadays, there are even handheld devices for sale, roughly the size of a pack of gum, that allow users to determine a networkâ¬"s security scheme, signal strength and wireless standard (802.11b or 802.11g) without the use of a laptop. Several websites are also dedicated to mapping the wireless networks via these â¬Swar drivingâ¬ techniques. One such informational site, WifiMaps.com, lists access points virtually everywhere in the United States. Malicious as well as legitimate users can use this information for virtually any purposeâ¬from research to reconnaissance. If you think your network is small and private, try looking it upâ¬you may be surprised by what is publicly known about your company just based on your wireless network.