This site will look much better in a browser that supports current web standards, though its content is accessible to any browser or Internet device.

::Skip Top Navigation::

Home > Regional Networks > TCN > Wireless Security

Building Networks to Support Educational Goals

Wireless Solutions—Security

by

Patricia Hendricks

 

Educators are implementing wireless local area networks (WLAN) to save the time, cost, and mess of wiring old buildings for high-speed network access. Educators also consider wireless networks in order to maximize technology investments. For instance, laptops and PDAs connected to a wireless network are easily transported from room to room. Finally, educators are installing wireless networks to further reduce communication costs with Voice Over Internet Protocol (VoIP) phone systems.

One disadvantage of WLANs is that they bring increased security risks. Educators must protect both the data that is used and stored on the network, as well as the network capacity. This chapter of the Technology Coordinator’s Handbook discusses protecting the WLAN capacity. It details the security risks, recommends methods of protection, and concludes with an evaluation rubric for security polices and procedures.

Of course, wireless networks are the only technology that can be compromised without jumping on the wire. Traditional network security methods require a perimeter approach. Information technology (IT) architects build a firewall around the network to control data going into and out of the network. This approach does not work with WLANs. Bragg (2003) explains, “ The only thing you need to know about wireless security is that you cannot perimeter-ize it. Wireless technologies are not something that stop at any traditional network boundary, so you cannot concentrate your security efforts for wireless at the boundaries” (p. 1).

 

Security Risks

Network capacity is sometimes hijacked to allow spammers, porn distributors, and other “bad guys” use of your network to distribute their product. Since wireless communications take place on unlicensed public frequencies, anyone can use and monitor these frequencies. War driving or access point mapping describes people and equipment that detect, monitor, and map wireless networks and then make this information available on the Internet. War chalking is a chalk mark on a public sidewalk indicating a vulnerable or unprotected wireless network. These practices have become so common that perpetrators have developed language, codes, and symbols to designate their practice.

A hacker will need three pieces of information about your wireless network to utilize network capacity: the server set identifier (SSID), one or more media access control (MAC) addresses, and wired equivalent privacy (WEP) status.

Each wireless network uses a SSID to name the network. The SSID is an alphanumeric name that is 1-32 bytes. The purpose of an SSID is to help hardware clients find and connect to an access point (AP) on the correct network. A free online war driving tool, Netstumbler, uses an 802.11 probe request that causes all APs in the area to issue an 802.11 probe response. This response usually includes the SSID and WEP status. Hijackers may also “listen” for beacons from the AP. On a WLAN an AP may advertise its presence several times per second by broadcasting beacon frames that carry the SSID.

Each computer carries a MAC address, a unique hardware number. Usually a network administrator will define a list of approved MAC addresses that are allowed to connect to the access point. McClure, Scambray, and Kurtz (2003) explain this vulnerability: “The MAC address does not provide a good security mechanism because it is both easily observable and reproducible. Any of the station MACs can be observed with a wireless sniffer and the attacker’s MAC address can be changed easily in most cases. Therefore, the attacker simply needs to monitor the network, note the clients that are connecting successfully to the access point, and then change their MAC address to match one of the working clients” (p. 467).

WEP is a security protocol defined in 802.11b that uses encryption to provide WLANs a level of security and privacy similar to wired networks. WEP was developed by the Institute of Electrical and Electronics Engineers (IEEE) and has been widely criticized for its vulnerabilities. It is based on a secret key that is shared between the user’s hardware and the AP. This secret key is used to encrypt all data that travels between the AP and the client. However, the packet header, initialization vector (IV), and ID portions of the packet are not encrypted. Hijackers use two common methods for breaking the WEP protocol. First, they analyze the encrypted and unencrypted information to deduce all or part of the secret key. Second, they try different combinations until they “guess” the correct password. This is not difficult to do if 24-bit encryption is used.

 

Protection Methods

There are seven simple steps to protecting your wireless network:

  • Change the SSID from the default setting.
  • Disable the feature that responds to broadcast SSID requests.
  • Remove the SSID from beacon frames.
  • Implement WEP on all your APs with the 128-bit key strength.
  • Select a secret key that is over eight characters long and is not found in the dictionary. This key should use a mix of numbers, letters, and special characters.
  • Change your WEP key as often as possible.
  • Adjust the amplitude of the radio frequency so that it is not broadcast to an unwanted area. Steve Rampado, senior manager of enterprise risk services for Deloitte and Touche LLP, claims that he was able to access a Fortune 500 WLAN from a park bench two miles away.

 

Other Protection Methods

A new standard 802.1x is now available that allows for more secure wireless networks. However, this standard requires compatible equipment. Therefore, as you upgrade equipment make sure that it is compatible with 802.1x.

Cisco Systems, Inc. also developed a more secure protocol, Lightweight Extensible Authentication Protocol (LEAP). It is proprietary, but Cisco has been licensing LEAP to vendors and allowing them to integrate the protocol into their clients and authentication servers. LEAP works with a number of operating systems; however, it only works with Cisco access points.

Protected Extensible Authentication Protocol (PEAP) verifies the user’s identity through a digital certificate. While this standard provides more security, it has not yet been ratified by the IEEE. Hence, there are still interoperability problems. This protocol currently only works with Windows 2000 and Windows XP.

 

Evaluating Your Wireless Network

Consortium for School Networking (CoSN) has developed a District Security Rubric and Planning Grid (Table 1) that includes security indicators. This grid allows districts to self-evaluate their efforts.

Table 1

Security Indicators

 

Basic

Developing

Adequate

Advanced

Wireless access control

Wireless access: Reliance on end-user caution or light, localized usage to limit risk.

Wireless access may be spreading faster than it can be properly controlled. Not all access points are properly configured.

Wireless access is properly configured; secondary strategies may include non-technical tactics (e.g., powering off access points over weekends). Intrusion risks are balanced against accessibility.

Wireless access properly configured; secondary strategies (VPN, segmentation) provide additional layer of security. Intrusion risks
are minimized by monitoring and strong authenti-
cation control.

 

From “Cyber Security for the Digital District” by the Consortium for School Networking, 2004. Retrieved January 2005, from

http://securedistrict.cosn.org

 

Conclusion

Wireless networks are often cheaper to install and easier to use. However, networks that were built on 802.11a and 802.11b standards may have security vulnerabilities. Educators must be vigilant in protecting their network capacity by following the seven simple protection methods outlined in this chapter of the Technology Coordinator’s Handbook. If educators are considering a new wireless network, they should purchase equipment that utilizes 802.1x, LEAP, or PEAP security protocols.

 

We are interested in learning about your efforts to secure your wireless network. Please send your stories to phendric@temple.edu.

 

References

 

Bragg, R. (2003, February) Securing wireless, part 1. Retrieved January 2005, from

http://searchsecurity.techtarget.com

Consoritum for School Networking (2004). Cyber security for the digital district. Retrieved January 2005, from http://securedistrict.cosn.org

 

McClure, S., Scambray, J., & Kurtz, G. (2003) Hacking exposed: Fourth edition. Berkeley , CA : McGraw Hill.

 

Helpful Resources

 

Bragg, R. (2003, February) Securing wireless, part 2: WLAN best practices. Retrieved January 2005, from

http://searchwin2000.stage.techtarget.com

 

Loftus, J. (2004, June) Small changes can thwart WLAN hackers.Mobile Computing News. Retrieved January 2005, from

http://searchmobilecomputing.techtarget.com

 

Rendon, J. (2003, January) Not many making the LEAP to PEAP.Mobile Computing News Retrieved January 2005, from

http://searchmobilecomputing.techtarget.com

 

Shimonski, R. (2003, February) Wireless security. Retrieved January 2005, from

http://www.windowsecurity.com

 

Home > Regional Networks > TCN > Wireless Security