Spencer Parker was looking for a wireless internet connection at an IT exhibition when he saw something strange on his computer. It was displaying two icons for BT’s wireless internet service, but one of them was advertised for free. After some investigation, he found one link was legitimate and the other (the free one) a fake, set up by hackers who were stealing information and sending viruses to computers connected to it. Mr Parker searched further but the signal went dead.
Free wireless internet scams like this are called “evil twin” attacks. They usually appear close to public wireless access points (hotspots) in hotels, cafes and airports, and Mr Parker believes they are becoming more sophisticated.
”That was particularly nasty,” says Mr Parker, director of technical solutions for the wireless security company AirDefense. “Hotspots are easy to spoof, all you do is put up a fake webpage. At the end of the day people just want internet access. Their guard goes down because they think they’re getting it.”
For a mobile work force, the best defence against these scams is education, Mr Parker adds. But for a company with its own wireless network, there are also technical challenges to conquer, namely keeping the hackers out.
Armed with a laptop, a wireless card and some easily downloaded software (NetStumbler, for example) it is possible to see most of the wireless networks within range. And using Pringles cans as directional antennae, you can pick up wireless signals from a mile away.
A hacking attack using similar tools led to the imprisonment of 21-year-old Michigan man, Brian Salcedo. The FBI arrested Salcedo after they saw him with a laptop outside a hardware store as he siphoned credit card numbers over the company’s unprotected wireless network.
To see how companies use wireless, staff at security company RSA drove around financial districts in four cities looking for insecure access points - a technique known as war driving. Companies in Frankfurt fared best, with 34 per cent of networks unencrypted and open to hacking. Others followed closely, with 35 per cent in San Francisco, 36 per cent in London and 38 per cent in New York.
“If you look at the war driving maps of the world in the financial districts, there are a significant proportion of wireless access points running without encryption,” says Richard Starnes, the UK president of the Information Systems Security Association. “For corporations, if wireless applications are not encrypted, intellectual property and assets may be affected.”
The problem with wireless is that many devices, such as access points and laptops, are sold with the security settings switched off to make them easy to install. As a result, many companies are unaware they could be leaking data over the airwaves to outsiders.
“Wireless opens backdoors to your network,” says Michael Maddison, director of enterprise risk services for Deloitte Touche. “Malicious attacks can bypass the huge investment made by companies in firewalls and intrusion detection. It’s easy to circumvent controls.”
So how can wireless networks be used safely? The US Government Accountability Office (GAO) recently published guidelines of how federal agencies should secure wireless networks. Its first recommendation, which applies to any organisation, is to assess the risk of deploying wireless and then create enforceable policies for who is allowed to do what.
Mr Maddison agrees: “The best practice is to apply risk assessments, and make enforceable policies. From a business point of view you can’t deny the benefits of wireless.”
But perhaps the best advice from the GAO is to use the security tools already at hand, such as firewalls, authentication mechanisms (passwords), and encryption. Mr Starnes says the easiest way to encrypt data is with a virtual private network (VPN), which provides a secure ‘tunnel’ for information to travel through.
The Wi-Fi Alliance industry association certifies broadcast and security standards for wireless products. It says anyone without a VPN should use an encryption option called WPA - Wi-Fi Protected Access - or WPA2, a newer version. It advises companies to change any default passwords and obscure the identity of a network to make it less attractive to potential hackers. Moving access points to the middle of the office can also weaken the signal outside, making it harder for eavesdroppers to steal information.
Mr Starnes adds that a common scenario in companies is where an employee will install their own rogue-access point without permission. This can allow unauthorised people on to the network. But using detection tools, it is possible find the access points before the hacker does. Mr Maddison advises IT managers perform a regular sweep for alien devices.
“We always recommend that the company has an understanding of the wireless network they put in,” says Mr Maddison. “Considering investing in one of the tools that can find rogue-access points is a very good idea.”
The popularity of wireless is growing as equipment costs fall. Datamonitor estimates the number of hotspots in the world will grow from 106,860 today to 146,100 by 2007. But with all the risks associated with wireless, is it really worth deploying? After his experience with the evil twin, Mr Parker still believes it is.
“All of the things are available to make wireless secure, like strong authentication and encryption, but they can be difficult to deploy,” he says. “Traditionally it hasn’t been secure, so the people with purse strings have emphasised that this is important. Now the majority of companies have more security on their wireless network than on their wired. That’s one of the good things about it.”
Dan Ilett writes for Silicon.com
SIMPLE STEPS FOR A SECURE WIRELESS WORLD
The very quality that makes a local area wireless network attractive to companies - the freedom of a world without cables that allows employees previously wedded to their desktops the ability to roam free - can also be its greatest vulnerability if appropriate measures are not taken to ensure interlopers cannot gain access.
But following a few simple steps should ensure organisations can enjoy a secure wireless system.
■Run a risk/benefit analysis of establishing a network. If the latter wins out, use the exercise to establish enforceable security policies.
■Decide early who is allowed to what. For all the horror stories of random hackers waiting outside a building to steal corporate secrets, the greatest risk is often within. So make sure that only the appropriate individuals have access to network and security management tools.
■Plan the geography of the network carefully. If you are concerned about external security issues, locate base stations towards the middle of your building or campus, which should reduce the strength of signal on the perimeter.
■Make sure your system’s security tools are turned on. Most wireless networks will come with some degree of built-in securitry but these are often de-activated upon installation to make that process easier.
■Use security tools already employed within the organisation. The proper use of firewalls and authentication mechanisms (such as passwords) and encryption are as valid in the wireless world as elsewhere.
■Many experts believe the best way to secure data is to install a virtual private network (VPN), which provides safe passage for information. But if you can’t do this use one of the WPA - Wi-fi Protected Access - encryption options outlined by the Wi-Fi alliance. www.wi-fi.org
■Review network integrity regularly.