/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsThough wireless technology has been around for a long time, it’s just entered the networking market. Setting up wireless devices is pretty easy since they seamlessly integrate with your existing network. However, security on wireless networks is still a much talked about issue, despite the various safeguards that are built in. Here, we’ll discuss some of the safeguards provided, how they can be compromised, and what you can do to tighten security.
On guard, by default
802.11b, the main standard for wireless LANs has several safeguards built into it, but none of them are foolproof.
ESSID. The first line of defense is the Extended Service Set ID. Think of this as the workgroup that one specifies on a Windows network. A person must know the ESSID before he can access the network. The wireless AP (Access Point) periodically broadcasts this ESSID, which makes it easy for anyone with a wireless node and packet capture utility to know about it. The best way to solve this issue is to disable the broadcast, since it serves no real purpose.
|
WEP. WEP (Wired Equivalent Privacy) is an encryption scheme for wireless networks based on 64 or 128-bit RC4 stream cipher. Being a symmetric encryption algorithm, the same key is used to encrypt and decrypt data. It has been observed that WEP can be cracked in a matter of few hours using freely-available utilities on the Internet.
Access lists. These are lists of MAC (Media Access Center) addresses of the wireless NICs (Network Interface Card) authorized to access your network. While the original idea behind MAC addresses was for each NIC to have its own unique MAC, nowadays almost all NICs are programmable to use any MAC address. Authorised MACs, like ESSIDs, can be sniffed out of the air.
Authentication. 802.11 provides two methods of authentication: open system and shared key. An open system lets any client authenticate as long as it conforms to any MAC rules that have been set. All authentications take place without any encryption. On the other hand, in a shared key system, both the client and the AP have a key that is used to encrypt/decrypt the authentication packets. Shared key requires WEP. When establishing a connection, the client requests authentication and is delivered some random text. The client then proceeds to encrypt the text using its own key, and transmits this data back to the AP. The AP then analyzes this data and verifies its validity using its own key. A connection is established if this data is validated, which happens only when both devices have the same key.
Watch out for vandals
With most wireless APs, logging into a network (or sniffing/ tampering the data flowing over it) is as simple as tuning into a radio broadcast. Unfortunately, this claim is not as exaggerated as it sounds. This is so because while with wired networks one requires actual physical access to the medium over which the network is running, in the case of wireless networks there is no such medium. Thus, a hacker might very well sit in your parking lot with a laptop and wireless NIC, or even many blocks away with a directional antenna, and still use your network like any other user. Security measure like WEP can be
compromised by a competent individual given some time, and serve only as a mild deterrent.
Another minor threat is the possibility of losing a wireless enabled-host since it will have all the necessary WEP keys and ESSID to access your network.
Can wireless LANs hurt you?
Wireless networks use electromagnetic waves (radio frequencies) for data transmission. Radio waves cause motion of electrical charges in the atmosphere and convert energy into heat. This process is called ‘Thermal biological effect’ and can be dangerous if the body is exposed to high power radio waves for longer durations. Absorption of RF fields in body tissues is measured as SAR (Specific Absorption Rate) and is measured in Watts per Kilogram. A limit of 2 w/kg has been defined as the safe limit by most standards’ organizations. Human eye is extremely prone to RF waves and may act as a ‘heat sink’ if placed in front of RF sources. These thermal effects may cause eye cataracts. However, don’t get alarmed because all this may not happen at all to you as a user. Let’s see why.
|
You would have heard of possible health issues with cellular phones. Wireless LANs operate at much lower power than mobile phones and have shorter ranges of say 100-300 feet compared to several miles in case of mobile phones. Also, compared to cellular phones, these devices are not constantly connected. A typical wireless LAN operating in 2.4 GHz range works at around 100 mw when transmitting which is less then 1/1000th the power level of a microwave oven. Also, these waves fade rapidly as the distance increases, very little exposure is provided to people in a wireless LAN.
There have been lots of discussions on these health issues through out the world but no scientific evidence is present to prove the ill effects of these waves on the human body. And most importantly, most of these devices adhere to specific emission limits that have been set and are regulated by different organizations like ANSI (American National Standards Institute), IEEE (Institute of Electrical and Electronics Engineers), FCC (Federal Communications Commission) and NCRP (National Council on Radiation Protection and Measurements). They recommend, as a precaution though, that users remain at least 2” from a wireless LAN PC card and 8” from a base station.
Anuj Jain and Ankur Saxena