WLAN Security Threats
The nature of wireless communications makes defending against
attacks very difficult but extremely necessary. Threats come in many forms. The
vulnerability and exposure of your network comes from inside and outside your
network. Arguably, the internal troubles typically outnumber the external
threats.
Security threats surface as disruption in service,
unintentional leaks, and industrial espionage. Both professionals and amateurs
carry out attacks against WLAN security shortcomings, which is facilitated by a
plethora of publicly available tools. Even then, it might not be a person but
rather a byproduct of a careless design. The following describes three profiles
of people who can compromise a network.
-
The malicious hacker This is
the person who actively tries to exploit security weaknesses of the network. This person's
intent is to cause mischief, steal intellectual property, or cause business
disruption.
-
The unaware employee The
unaware employee is becoming more common. This is a person who has
unintentionally opened a vulnerability either directly (such as by installing a
rogue AP) or indirectly (such as acting as a catalyst for the spread of a
computer virus).
-
The war driver War driving is when individuals or
groups drive around and actively look for unprotected WLANs. In some cases, people mark the streets
or sidewalks with chalk to indicate the presence of unprotected WLANs, which is
also known as war chalking.
Now that we know who can carry out WLAN attacks, we will
outline the different attack strategies that can be employed. The attack
strategies are interception, rogue APs, and denial of
service.
Interception
Because there is no physical link in wireless and because radio
transmissions are not contained by physical boundaries, data can be intercepted.
Any data that is intercepted is compromised as it can be reassembled, resulting
in loss of intellectual property or exploitation of other safeguards.
You can, however, put security protocols into place to mitigate
or thwart the threat of interception. This is covered in the next section.
Interception provides a catalyst for malicious behavior in one of two ways:
-
Eavesdropping Data sent over a
wireless medium can be captured over time. Given enough time, even encrypted
data can be decrypted, although well-developed encryption techniques will extend
this time from days to years.
-
Impersonation Commonly known as "man-in-the-middle"
attacks, even when the data is sufficiently protected against prying ears,
devices can be impersonated. This can lead to service
availability attacks or inadvertent data capture with the latter leading to the
possibility of encryption cracking.
Rogue APs
Rogue access points are by far the most elusive culprits in a
WLAN deployment. Many vendors are building solutions that will tackle the
problem of rogue APs. Basically, rogue APs are internal or external to your
network and can either create a security hole or cause enough interference to
disrupt service. Internal rogues usually occur when an employee introduces an AP
to the internal network.
Ongoing commoditization has resulted in a steep drop in the
price of access points. As the cost barrier is removed, some people will not
only purchase an AP, but also independently decide to "plug" the personal AP
into the network in an attempt to gain more freedom and mobility. One way to
thwart this problem is to provide ubiquitous WLAN coverage. However, you can't
be sure that this solution will stop the practice entirely.
Roque APs are typically not intentionally malicious, but
require more effort to detect and mitigate. They threaten the network's
well-being and the integrity of the wireless space. Because WLANs rely on the
availability of channels of the RF spectrum, having competing devices in the
same RF space will likely disrupt your WLAN service.
Denial of Service Attack
A sometimes overlooked security threat is the overloading of
the network that results in the inability to access the network. This Denial of
Service (DoS) is a very real threat and can be easily carried out against a
WLAN. These attacks, although usually intentional, can sometimes happen by
accident. DoS as a security concern can never be ruled out because it can never
be completely avoided. DoS has one critical effect on the enterprise: the denial
of access to the RF space and thus the lack of network access. You learned in Chapter 2 that there is an opportunity
cost associated with unavailability of network access. As the organization
becomes more dependent on information and network access, this opportunity cost
can rapidly escalate with downtime.
Sections
Archive
Syndication
