The Risks of Wireless Networking

The Risks of Wireless Networking
To understand the security problems inherent in wireless networking, you first need to understand the basic architecture of a wireless network. Today, most popular wireless networks use the IEEE 802.11 standard, adopted in 1997. Variations of this standard include the widely used IEEE 802.11b (also known as Wireless Ethernet, or Wi-Fi), which transmits data at a maximum speed of 11 Mbps, roughly the same speed as a conventional wired Ethernet connection. A pair of emerging standards called 802.11a and 802.11g use the same underlying technology as Wi-Fi to transfer data at speeds of up to 54 Mbps. (For an explanation of the differences between the various components of the 802.11 standard, see the sidebar "802-Point-Whatever: Decoding Wireless Standards.")

All the 802.11 standards define mechanisms by which network data literally floats through the air, using radio frequencies in the 2.4 GHz range. Network adapters with small antennas—typically installed in a PC Card slot on a notebook computer, or attached to a USB port on a desktop computer—transmit and receive data to communicate with the rest of the network. The most common wireless network configurations include a hardware device called a wireless access point, which incorporates its own transmitter/receiver and connects directly to the Internet or to a network hub or switch, often acting as a bridge between wireless and wired networks. Strictly speaking, an access point isn't required; small networks can get by using "ad hoc mode," in which network adapters communicate directly with one another in a peer-to-peer setup.

Because wireless networking uses radio frequencies, anyone who has a computer equipped with a wireless adapter and is within the effective range of the access point or an individual wireless adapter can attempt to connect to the network. With a modest investment in hardware and little or no technical skills, an outsider can compromise the security of your network in any of the following ways:

Theft of service. Even if an intruder can't break into individual computers on your network, he may be able to access the Internet using your connection. The result could degrade the quality of your Internet service. This risk is especially noticeable in high-density areas such as apartment buildings, where any of your neighbors with a wireless network adapter may be within the effective range of your access point.

Denial of service. An intruder who is unable to connect to your network can still cause some degree of havoc by flooding the network with connection requests. With enough persistence, an attacker could completely deny legitimate users access to the network.

Theft or destruction of data. Outsiders who successfully connect to your network can browse shared folders and printers. Depending on the permissions assigned to these resources, they can change, rename, or delete existing files, or add new ones.

Network takeover. An intruder who manages to log on to the network and exploit an unpatched vulnerability can install a Trojan horse program or tamper with permissions, potentially exposing computers on the LAN to attacks from over the Internet.

INSIDEOUT
--------------------------------------------------------------------------------

Don't skimp on protection

You've followed every recommendation in this chapter to secure your wireless access point. Can you relax now? Not yet. Remember that wireless networks can operate in "ad hoc" mode, where the adapter on each computer serves as an access point. An attacker who can't get to the access point can still target an individual computer and break in to the network. To protect yourself, make sure you've installed personal firewall software on every computer that contains a wireless adapter.

Out of the box, wireless networks are designed to be easy, not secure. Properly protecting a wireless network requires considerable extra effort. If you work in a large organization, with access to a Windows domain, multiple firewalls, virtual private networks, and a server that can authenticate computers against a central database, you can lock down a wireless network impressively. In a home or small network, however, your options are considerably more limited.

802-Point-Whatever: Decoding Wireless Standards
--------------------------------------------------------------------------------

Working Group 802.11 of the Institute of Electrical and Electronic Engineers is responsible for all wireless network specifications. That's a big job, it turns out—so big that the group has split into a number of smaller groups to tackle individual parts of the job. The result is a host of standards, all in varying degrees of completion and with confusing names that sound almost alike. Here are explanations of those that are most likely to impact your security planning for a wireless network.

802.11b, also known as Wi-Fi, is the current leader in wireless networking technology. It uses the 2.4 GHz frequency to send and receive data at a maximum rate of 11 Mbps.
802.11a uses hardware that looks similar to its 802.11b cousins; however, it broadcasts in a different frequency range, 5 GHz, and can reach maximum speeds of 54 Mbps, roughly five times faster than Wi-Fi.
802.11g is an alternative to the 802.11a standard that can also blast data across the network at 54 Mbps. Because this hardware uses the same 2.4 GHz frequency range as Wi-Fi adapters, manufacturers are more likely to make devices that support both standards, easing the transition for people who already have a substantial amount of Wi-Fi hardware and don't want to throw away that investment.
802.1x provides a mechanism for authenticating computers that connect to a wireless access point, typically through a Remote Authentication Dial-In User Service (RADIUS) server. This emerging standard is impractical for small networks but is ideal for large organizations that already have one or more authentication servers. (And no, the name is not a typographical error—because this standard applies to conventional wired networks as well as wireless, it contains only a single 1 in its name.)
802.11i is the successor to Wired Equivalent Privacy (WEP), the authentication system built into the Wi-Fi standard that turned out to be unacceptably easy to crack. When this standard is finalized, it will probably incorporate a technique called Temporal Key Integrity Protocol (TKIP).
Other task groups are working on aspects of wireless technology that affect quality of service (802.11e), communications between access points (802.11f), and spectrum-managed high-speed networking (802.11h).

A techie humorist once wrote, "The best thing about standards is that there's so many of them." That's certainly true with wireless networking. Because different portions of the 802.11 standards are in different stages of development, you may find products that are missing some technologies found in newer devices, and you may find other hardware makers that jump the gun, introducing technologies based on draft standards rather than the final version. For the latest technical details, you can read the sometimes dense and dry commentary at the official site of the 802.11 working group, http://www.ieee802.org/11. For a more readable summary, try the Web site run by the Wireless Ethernet Compatibility Alliance, at http://www.wi-fi.org.