You Don’t Have to Outrun the Bear...A Review of Basic Wireless Network Security
I have a friend from Alaska that told me the story of his father taking out of state visitors to a nearby stream to show them bears during salmon season. His friends had brought their favorite large caliber handguns, bragging that they could take care of any bears that decided to go after the group. Knowing a grizzly bear can take a long time to go down after being shot (thick skulls and a slow metabolism creates a lag time between a bear being shot and when it might go down, especially if enraged), his father chuckled at his friends. He then showed his friends the small, .22 caliber pistol that he carried on this trip. When asked if he was going to try and shoot out the eye of the bear or something similar, his father darkly gave the punchline to the old bear joke: I don’t have to outrun the bear, I just have to outrun my friends... though his friends were not entirely sure this was a joke.
I bring this story up, because I see wireless access point security in the same light. If you connect your network to the Internet, and especially if you broadcast your network to the greater world, there is a chance that ne'er-do-wells of the world might attack and take over your network via a wireless router. Network security is not a process of absolutes, but rather a statistical process of risk management. You can never be safe on the Internet, but you can be safer, and in fact you can make your network difficult enough to break into that almost any black hat will seek out someone else’s network. A car thief will move onto another Toyota Corolla if your Toyota Corolla is too difficult to break into, but if a car thief is looking to take your Mercedes Benz SLR McLaren, there is little you can do.
To see what should be done today, and how that advice has evolved over time, I’ve found two articles on the Internet that give advice on how to secure a wireless network for the home or small business. The older article, from around 2001 (based on the references to Orinoco routers in step 11), gives advise that is now woefully out of date. It is an ExtremeTech article with no author listed: http://www.extremetech.com/article2/0,1697,1152933,00.asp. The second article is more up-to-date, provided by About.com, written by Bradley Mitchell: http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
Though well meaning and relevant a decade ago, the ExtremeTech article is now full of advice that will only protect your network from your elderly neighbor. It advises people to enable WEP on their wireless router, for instance. While WEP is better than no security at all, even at currently common levels of encryption (128 bit), it is very easy for beginning hackers to get past. It gives the advice to change the SSID of your router, and to hid the SSID better yet. This still won't protect you from anyone who is using more sophisticated tools, but it will make your unprotected neighbor all the more likely to be targeted instead. The rest of the advice in the article is solid, if basic, such as changing the default passwords, scanning your network for unauthorized (and therefore unlikely to be properly secured) access points, and linking your access point in with an external authentication server.
The article from About.com covers much of the same ground, but is more relevant for today's security landscape. It again urges users to change the default password (isn't it amazing how often defaults are found?). Instead of WEP, it urges users to use WPA instead of WEP, due to the ease of WEP hacking. It gives the additional advice to enable MAC address filtering, though it is time consuming and only practical on smaller networks. Some additional advice for users to avoid auto-connecting to open Wi-Fi networks (I have seen "Free Internet" or similar SSIDs that are designed to draw in the unsuspecting, so that their computers can be easily compromised). Finally, About.com talks about using a more modern approach to security where each node on the network should have individual security in the form of firewalls, rather than rely only on protection at the perimeter (sole reliance on firewall is often referred to as the M&M method of security, hard on the outside, with a soft, gooey center...).
I’m a Certified Orinoco Wireless Engineer from way back in 2001 when I was a Network Systems Engineer with Lucent Technologies (no kidding, they were trying to create a certification track similar to Cisco for their wireless products), so there is nothing in either article that is new to me, though some of the linked research for this article was new, including the availability and speed of the tools that are now available to crack WEP security, ensuring that cracking WEP security is now a matter of minutes worth of work for someone with the right Wi-Fi card and the right software.
No comments:
Post a Comment