|
|
The adoption of wireless devices continues to grow as they become more affordable. The rapid spread of wireless technologies among both business and personal systems has improved interoperability and accessibility. However, this very ubiquity has also led to an increase in the number of threats to computer networks. Wireless technologies have given attackers new ways to steal sensitive information, tamper with business processes, and subvert network security enforcement mechanisms. As new threats and attacks are found against wireless networks, they are addressed with changes and additions to the protocols and standards. This book will introduce the basic concepts underlying the evolution of wireless security-the threats, the exploits, and the remediation strategies.
One attack that must be considered when using wireless technology is the threat of data interception. In data interception, one of the key benefits of wireless technologies also leads to one of its greatest weaknesses. Because radio transmissions are broadcast through the air to target devices, any system properly configured within the radio broadcast range can also receive the wireless messages. Thus, devices that should not be on the wireless network can receive the transmissions. The extension of the network by wireless technologies has also increased the attack surface available to malicious users; an adversary can become part of a network and interact with systems that were not designed to operate in a hostile environment.
A common activity used for wireless attacks is war driving. A malicious individual can drive around with a laptop and a wireless receiver listening to the radio traffic being broadcast. Programs running on the laptop can be set up to automatically analyze the data and attempt to break into the networks as they are found. In addition, many attackers also correlate the data with GPS information to create a map of wireless access points. Based on their location, attackers can later revisit these access points for further attack.
The use of data obfuscation through cryptographic ciphers and algorithms has been around for a long time. The Atbash alphabet was used to obscure the names of various items in Hebrew writings, such as the Bible. The obfuscation method commonly used on Usenet, rot13, has its origins in the scytales that were believed to have been used by ancient Greeks, whereby they wrapped a strip of paper around a stick, wrote the message, and transported the strip of paper. Only someone with a stick of equivalent diameter would be able to read the message.
The need for encryption has carried through from ancient times. Modern computer networks also make heavy use of encryption technology. As wireless technologies continue to spread, the use of encryption and authentication schemes has become more important for many users. Privacy concerns, classified information, and trade secrets are transmitted over wireless technologies. An adversary who receives the data being transmitted over the wireless link will still have to crack the encryption before the data being protected can be read. Transmissions from hostile sources trying to spoof the identity of an authorized party still need to subvert or break the authentication mechanism before the data will be accepted.
There are problems and limitations in many of the current encryption deployments for wireless technologies, however. The initial encryption mechanism used by 802.11X protocols is known as Wired Equivalent Privacy (WEP). WEP has a serious design flaw that allows hostile entities to derive the encryption key and see all traffic with relative ease. Access control mechanisms that used the Media Access Control (MAC) address of networked devices no longer give IT professionals any guarantee a rogue device is within an easily identified physical area. Wireless address book synchronization capabilities in cellular phones and other portable devices allow address books to be stolen when implemented incorrectly, for example, Bluesnarfing for Bluetooth-enabled devices.
With advances in cryptanalysis, software for analyzing wireless network traffic and deriving encryption keys and passwords has become commonplace. Assigning a complex encryption key for WEP still allows an attacker to find out what the key is within a matter of minutes using software such as aircrack and WepLab. Using stronger encryption algorithms with weak keys leaves networks vulnerable to dictionary attacks that use lists of words and permutations to try and guess encryption keys. Both aircrack and WepLab support this mode of operation as well.
Attackers can do more than just steal data being transmitted over wireless links. Many devices and software services accept input from the user to take action. This command channel can be hijacked, allowing the attacker to interact with sensitive applications they should not have access to.
Using a wireless input device such as a keyboard can allow passwords and credit card information to be intercepted. Hijacking the connection and taking control of the input may be possible as well, allowing the attacker to input arbitrary data, change passwords on online bank account interfaces, purchase a thousand bags of composting material to be delivered to your door, or send letters of resignation to your employer.
Popular wireless keyboard receivers can pick up transmissions from a different keyboard. If the communications travel over radio links instead of infrared, an attacker can sit down nearby and associate with the receiver using the same make and model of keyboard. In many cases, hijacking the mouse can be done through the same receiver as well.
In order to use such devices safely, you must gain a basic understanding of radio emission characteristics in order to assess the risk of using such devices for sensitive data. Chapter 2 will cover the nature of radio emissions to allow you to evaluate the risks of data interception and command channel hijacks in more detail.
There are many consequences of having the network security of a business compromised. Payroll and benefits data may be exposed; trade secrets can end up in the hands of competitors; data theft disclosure laws such as the California Security Breach Information Act (CA1386) can force a company to notify customers their private data have been stolen; and access to business-critical services from third-party vendors may be suspended until problems have been remediated to their satisfaction.
Preventing these problems holds a high priority for IT administrators. Various precautions and security measures implemented at network gateways such as firewalls, creation of bastion hosts, VPN tunnels, and host hardening have been used to mitigate the risks of data theft and network intrusion. However, all of the effort put into securing a network can be rendered moot by the careless installation of a single wireless access point. By enabling wireless devices to connect to the internal network within an office, attackers can enter the range of radio transmissions and join the internal network without having to circumvent the access control mechanisms already in place at the network perimeter and the physical access control systems as well.
The traffic and security monitoring system present at the wired network perimeter will not log attacks carried out from a rogue system already within the trusted network. Deployment of security-critical patches and host hardening activity are often lagging within a trusted network in comparison to the network perimeter.
|
|