Continued from page 1
Insecure Network Configurations- Many companies think that if they are using a firewall or a technology such as VPN, they are automatically secure. This is not necessarily true because all security holes, big and small, can be exploited. Also if devices and technologies, such as VPNs, firewalls or routers, are mis-configured, network can be compromised.
Accidental Associations – This can happen if a wireless network is setup using same SSID as your network and within range of your wireless device. You may accidentally associate with their network without your knowledge. Connecting to another wireless LAN can divulge passwords or sensitive document to anyone on neighboring network. Wireless LAN Security – What Hackers Know That You Don't www.airdefense.net Copyright 2002
Social Engineering – Social Engineering is one of most effective and scariest types of attacks that can be done. This type of attack really scares me and can be done for many other purposes besides compromising security in wireless networks. A scenario: Someone dressed up as a support person from Cisco enters workplace. The secretary sees his fake credentials and lets him get pass front desk. The impersonator walks from cubicle to cubicle, collecting user names and passwords as he/she goes. After finding a hidden corner, which seems to be lightly traveled, he plugs an insecure Access Point into network. At same time he configures Access Point to not broadcast its SSID and modifies a few other settings to make it hard for IT department to find this Rouge Access Point. He then leaves without ever being questioned by anyone because it looks like he just fits in. Now, all he has to do is be within 300 feet from access point, (more if he added an antenna), and now has access to all kinds of secure documents and data. This can be a devastating blow to any corporation and could eventually lead to bankruptcy if secrets of company were revealed to competitors. Bruce Schneier came to my classroom and said following about Social Engineering, “Someone is just trying to do their job, and be nice. Someone takes advantage of that by targeting this human nature. Social Engineering is unsolvable.”
Securing Wireless Networks
According to Bruce Schneier and others such as Kevin Mitnick, you can never have a totally secure computing environment. What is often suggested is to try and control damage which can be done if security is breached. One can try many different tools on market which can help prevent security breaches.
WEP – WEP supports both 64 and 128-bit keys. Both are vulnerable, however, because initialization vector is only 24-bits long in each case. Its RC4 algorithm, which is used securely in other implementations, such as SSL, is quite vulnerable in WEP. Http://www.infosecuritymag.com/2002/jan/cover.shtml Wireless Insecurities By Dale Gardner. Different tools exist to break WEP keys, including AirSnort, which can be found at www.airsnort.net. Although this method is not a secure solution, it can be used to help slowdown an attacker if other means are not possible financially or otherwise.
VPN and IPSec- IPSec VPNs let companies connect remote offices or wireless connections using public Internet rather than expensive leased lines or a managed data service. Encryption and authentication systems protect data as it crosses public network, so companies don't have to sacrifice data privacy and integrity for lower costs. A lot of VPN's exist on market today. An important note about VPNs is, interoperability does not really exist, and whatever you use for your server has to be same brand as your clients most of time. Some VPNs include: Borderware BroadConnex Networks CheckPoint Cisco Computer Associates
DMZ – Adding this to your network enables you to put your wireless network on an untrusted segment of your network.
Firewalls – Firewalls are all over place. Firewalls range from hardware to software versions. By adding a firewall between wireless network and wired network helps prevent hackers from accessing your wired network. This paper doesn't go into specifics about different firewalls and how to set them up, but there are many. Some of firewalls include: - ZoneAlarm (an inexpensive based software firewall) Zonelabs.com - Symantec has many different firewalls depending what you require.
PKI - Public-key infrastructure (PKI) is combination of software, encryption technologies, and services that enables enterprises to protect security of their communications and business transactions on Internet. What is PKI? http://verisign.netscape.com/security/pki/understanding.html
Site Surveys – Site Surveys involve using a software package and a wireless device to probe your network for Access Points and security risks.
Proactive Approaches Since wireless technology is insecure, companies or anyone can take a proactive approach to try and identify hackers trying to gain access via wireless networks.
Honeypots – are fake networks setup to try and lure in hackers. This enables administrators to find out more about what type of techniques hackers are using to gain access. One product is Mantrap created by Symantec. “ManTrap has unique ability to detect both host- and network-based attacks, providing hybrid detection in a single solution. No matter how an internal or external attacker tries to compromise system, Symantec ManTrap's decoy sensors will deliver holistic detection and response and provide detailed information through its system of data collection modules.” http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157
Intrusion Detection – Intrusion Detection is software that monitors traffic on network. It sounds out a warning if a hacker it trying to access network. One such free product is Snort. “Before we proceed, there are a few basic concepts you should understand about Snort. There are three main modes in which Snort can be configured: sniffer, packet logger, and network intrusion detection system. Sniffer mode simply reads packets off of network and displays them for you in a continuous stream on console. Packet logger mode logs packets to disk. Network intrusion detection mode is most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user defined rule set and perform several actions based upon
RJ Computer Consulting http://rjcomputerconsulting.com Richard@johnsorichard.com