Download (direct link):
• Rogue APs. Hackers may also place a wireless LAN AP within the operating range of a wireless LAN to impersonate a real AP. In this case, the wireless LAN adapters may be fooled into believing that the rogue AP is, in fact, a legitimate AP. The rogue AP operator, the hacker who installs a rogue AP, can easily gain authentication information from users when they authenticate themselves to the AP. Once the hacker has the user-authentication information, he or she can easily use a laptop computer to gain access to the wireless LAN.
• The best way to counter the rogue AP attack is by constantly scanning for rogue APs in the coverage area for a wireless LAN. Radio scanners can detect the periodic beacon of the APs to determine if there are any rogue APs present in the LAN.
• The insertion attacks are also known as intrusion attacks as the intruder, in this case, can easily gain access to the LAN. It is important that a good wireless LAN security policy contains primitives for detecting insertion attacks.
Hijacking Secure Socket Layer (SSL) Connections
Today, Web servers on the Internet use an encryption protocol called Secure Socket Layer (SSL) for secure data transmission over the Internet. Most financial transactions that take place over the Internet, for example stock purchases from an online stockbroker or a book purchase from an online bookseller, take place using the SSL protocol. If a Web server is connected to a wireless LAN and an intruder gets access the wireless LAN, he or she can gain access to the Web server and conduct an attack known as SSL highjacking in which an intruder gains access to the Web server and controls the data.
AP Configuration Parameters
Most APs out of the box from the factory are configured in the least secure mode possible. Adding the proper security configuration is left up to the individual setting up a wireless LAN using the equipment. For example, most APs come with a default SSID. An attacker can use these default SSIDs to attempt to penetrate base stations that are still in their default configuration. Table 12.1 shows some of the most popular APs and their default SSIDs.
Table 12.1: Popular APs and Their Default SSIDs
Cisco Corporation tsunami
3Com Corporation 101
Compaq Computer Corporation Compaq
Intel Corporation intel
Linksys Corporation linksys
NetGear Corporation Wireless
Unless the administrator of the APs understands the security risks, most of the base stations will remain at a high-risk level. A good security policy must require that the AP configuration parameters are frequently checked to ensure their proper configuration.
Client Side Configuration Risks
If wireless LAN client computers are incorrectly configured, for example if the security parameters are incorrectly configured or are modified by the user as a mistake, the client computer may reveal critical information that can be picked up by a hacker resulting in the LAN compromise. A good security policy will require that only authorized users modify the client's wireless LAN configuration.
War driving is a new activity in which hackers drive around town with a laptop computer equipped with a wireless LAN adapter and a wireless LAN signal monitoring software with the objective of locating APs and recording the GPS coordinates of the AP location. Hackers normally share maps describing the geographic locations of APs on the Internet. If a company has its AP location and information shared on the Internet, its AP becomes a potential target and increases its risk. One of the popular places to upload war driving AP maps is http://www.netstumbler.com/. It includes a visual map and a database query tool for locating various APs.
A good security policy will include frequent monitoring of such Web sites and periodic change of the SSIDs of the APs.
Creating Security Policy
A carefully created wireless LAN security policy includes primitives to address most of the security requirements. Creating a security policy for a wireless LAN involves understanding your needs, following a guideline that helps you define the basic parameters that your wireless LAN security policy will enforce, and finally documenting them in an easy-to-follow document that outlines the overall security policy. In this section, we first walk you through a basic guideline that will help you create a security policy; then we show you a sample security policy that can be used as a seed document for your wireless LAN security policy document.
Wireless LAN Security Policy Guidelines
The wireless LAN security policy guidelines vary for each deployment. Following are some of the basic wireless LAN security policy guidelines that can be used to create a security policy for wireless LAN access and management.
Treat All Wireless LAN Devices as Untrusted on Your Network
You should consider all wireless LAN client computers to be untrusted, which means that you assume that any wireless LAN client equipment operating in a LAN could be a rogue computer unless authenticated. Using this primary assumption reminds you not to rely on the inadequate security primitives that many insecure wireless LANs rely upon. For example, if you consider all client computers equipped with wireless LAN adapters as insecure, you will not use MAC address-based authentication as the sole authentication mechanism.