Wireless devices and security

One of the critical issues involved with the growing wireless market is security. Consumers and home businesses have been purchasing wireless devices to transmit everything from music to photos. However, mid-sized to large businesses, especially financial ones (banks, brokers, etc.) don’t trust this technology, and with a good reason. It’s not secure

Layers of Security

A recent article in PC World advises to “layer” your wireless defenses in this manner:

1. To defend themselves against “war driving,” users can simply turn on the WEP encryption that is already built in, and most war drivers will just move on to one of the many wireless LANs that isn’t protected.

2. Going to the next step, users can implement user authentication and dynamic WPA, with keys that change, to protect themselves from “script kiddies,” teenagers who use packaged hacking tools to infiltrate systems. Those authentication systems should include one of the current versions of the Extensible Authentication Protocol. (More about these later.)

3. For protection against professional hackers, the article recommends going the next step to strong encryption systems such as TKIP (Temporal Key Integrity Protocol), which will be used in WPA and 802.11i, or CKIP (Cisco Key Integrity Protocol), a proprietary implementation of the 802.11i recommendations that Cisco developed as a stop-gap measure.

Maximum wireless security, then, is a combination of several techniques: strong authentication and a strong encryption mechanism, coupled with data integrity.

Wi-Fi security currently has four choices: WEP, VPN, WPA and IDS.

WEP

The Wired Equivalence Privacy protocol is the orginal and most widely-used security protocol for wireless devices. There are two problems connected with WEP however. First, it is based on a system of “keys”. Hackers using the brute-force or “dictionary” method of entering alphanumeric combinations can eventually uncover the public and private keys.

The keys themselves are short (and therefore easily guessed) and static, instead of being updated dynamically from the server. To update the keys, a technician must visit each device at every location (hot spot, motel, etc). This just isn’t practical for most companies.

WAPs

WAPs (Wireless Access Points) are essentially low-frequency radio devices capable of broadcasting over short distances: ten or twenty feet in a home or up to a few city blocks for a business. You can buy a WAP at Best Buy for about $100. They’re manufactured by Microsoft, D-Link, Linksys, Netgear, and similar consumer-oriented companies. You can set up a WAP cable modem in your home, install a WAP card in each of your PCs and you now have a wireless home network, with each device having internet access.

But all radio signals are subject to interference; for example, they can be blocked by buildings and bridges. High-tension electrical cables can jam their signals.

Many WAPs are set up by default to respond to the strongest RF signal available. Therefore, anyone can set up a “rogue” WAP to pull the signals from another WAP. You can eavesdrop on your neighbors’ wireless networks by setting up your own WAP in your car and driving through the neighborhood.

Going to the next step, users can implement user authentication and dynamic WEP, with keys that change, to protect themselves from “script kiddies,” teenagers who use packaged hacking tools to infiltrate systems.