New Worries About WLAN Security

Wireless LAN security continues to be a major thorn in the side of everyone who promotes, sells or installs WLANs. WEP (Wired Equivalent Privacy) is easily compromised with relatively simple tools, forcing vendors and IT managers to look elsewhere for encryption solutions. Likewise, there's no real standard for authentication. Yes, 802.1x may work eventually, but today it almost always requires the implementation of a proprietary authentication framework. And authorization, including the ability to assign granular levels of access rights once users attach to the network, is an afterthought (see our June 10 evaluation of WLAN security overlay products.)

Even if vendors address privacy, authentication and authorization services, your security headaches won't end. Other problems are looming, the most pernicious of which are DoS (denial of service) attacks. While DoS is a fact of life on all networks, it's worse on wireless networks because not only do you need to guard against attacks at Layer 2 and above, you're also extremely vulnerable to physical-layer attacks to the medium.

At a recent Defcon convention in Las Vegas, engineers from AirDefense (www.airdefense.net), a purveyor of intrusion-detection systems (IDSs) for WLANs, detected 807 attacks over the course of two hours. More than half the attacks were probes from tools like Netstumbler, which are used by hackers and administrators to detect vulnerabilities in WLAN environments. Another quarter of the attacks were identity thefts, including MAC (Media Access Control) address spoofing. But about 125 attacks represented more sophisticated threats unique to WLANs. These included RF jamming at the physical layer, attacks on specific stations that continually disconnected them from access points, rerouting of traffic through hostile stations, and a new set of attacks that use wireless management frames to launch attacks.

As WLANs become increasingly mainstream, we expect to see IDSs that address many facets of the problem. For IT managers, it's just one more issue that requires their diligent attention.