Wi-Fi woes as survey spots security setbacks

12 Mar 2004

Wireless networking holds the promise of unfettered access to information for any company that adopts it, but a survey has revealed that many Irish organisations now using the technology are leaving themselves wide open to attack.

Awareness of wireless security remains worryingly low in some of Ireland’s top business parks, according to the survey, Wireless Security: Threats and Vulnerabilities, prepared by security consultants at LAN Communications during December 2003 and January 2004. The report examined wireless local area network (WLAN) connectivity within businesses based in the Irish Financial Services Centre, Citywest Business Campus and Cork Airport Business Park — representing between them a useful cross-section of indigenous and multinational firms across several industry sectors such as IT, financial services, manufacturing and pharmaceuticals. But if this list would normally represent the great and good of Irish industry, their performance in this survey somewhat tarnishes that image.

As the name suggests, wireless networks are not restricted by physical cables or leads, so the data being passed from device to device travels freely over radio waves, unencumbered by obstacles such as doors, walls, floors or ceilings. That is not to say that data sent wirelessly can’t be secured and encrypted — it can — but the latest research suggests that few Irish companies are taking the most basic precautions, let alone the necessary ones.

WLAN’s lack of physical boundaries means that it can be easy to detect and intercept data being transferred wirelessly without having to enter a building. According to LAN Communications, wireless management traffic can be detected as far away as 600m from an access point, which is the device to which wireless systems connect. There are many software packages freely available on the internet for monitoring the wireless airspace.

Using a laptop and Red-Audit — non-commercial wireless scanning software developed by Red-M, a provider of hardware and software tools for secure wireless control — researchers from LAN Communications were able to sample activity on WLANs, detecting devices within range. The audit was carried out passively, that is, without actively intruding onto any company’s network.

In simple terms, the vulnerabilities that have been unearthed show that many networks are open to eavesdropping, denial-of-service attacks, unauthorised access or even tampering with data.

The IFSC fared particularly badly in the survey; 70pc of wireless access points found there did not even use the most basic settings for encrypting data, even though this capability comes as standard with current wireless devices. This compares with 35pc in Citywest Business Campus and 25pc at Cork Airport Business Park. The report puts this finding starkly: “Where encryption is not in use, wireless communications can be easily ‘sniffed’ and deciphered by anyone in range.”

In all, the survey detected a total of 147 wireless devices in 33 separate networks and revealed numerous other serious network security flaws. Across all three sites, more than two thirds of detected access points were found to be broadcasting network names; information that could prove useful in gaining unauthorised access to a corporate infrastructure. In Citywest, this figure was worryingly high with 94pc of network names identifiable from detected access points.

In addition, 15pc of the access points detected across the three sites were broadcasting a default network name that could be used to discover other network configuration details such as management passwords.

Of the total number of devices, 6pc were being used as part of a peer-to-peer network, which LAN Communications said made them extremely vulnerable to security breaches. These kinds of connections are commonly found in companies that do not have a wireless LAN as such, but which must cater for users with wirelessly enabled laptops or personal digital assistants. Interestingly, 16pc of the peer-to-peer connections at the IFSC were encrypted, the only one of the three sites where this practice was found in any form.

The survey also found that 11pc of wireless access points had not been configured correctly and were still using manufacturers’ default settings, suggesting that some devices were quickly installed with little thought given to correct network configuration or security imperatives.

If some of the findings seem like so much technical nitpicking, it’s worth remembering that protecting important business information is the fundamental issue at stake here. What’s more, there is an increasing trend, especially in heavily regulated industries such as financial services and pharmaceuticals, for company directors to be made responsible for the security of their information systems. In other words, this is not just an IT problem.

In its report, LAN Communications recommends that organisations should define strict security policies to manage their wireless communications and outlines several solutions, such as configuring access points properly, implementing user authentication, encrypting wireless traffic and installing intrusion prevention software on any laptop or system that will connect wirelessly.

These measures shouldn’t come as a hindrance to allowing the kind of mobility that WLAN permits. In what may be the closest the report gets to a sales pitch, LAN Communications suggests one effective method for security is to use a dedicated system to monitor the wireless airspace continuously. Coincidentally, though it is not stated directly in the text, Red-M supplies just such a product.

Taken as a whole though, the survey will either be a useful wakeup call or shock therapy to managers at a time when wireless networking is making steady inroads into the mainstream. Industry heavyweights such as Microsoft and Intel are actively supporting developments with new products designed to take advantage of wireless connectivity. A range of access points and interface cards are now widely available from a slew of manufacturers.

As LAN Communications acknowledges in its survey, the presence of so many products has led to a range of different fixes and solutions for many of the flaws that the report highlights. With a single security standard still to be ratified and users clamouring to be unchained from their desks, who’d be a network administrator?

By Gordon Smith

Pictured ‘catching’ a ‘hacker’ red-handed is Neil Wisdom, sales director of LAN Communications