PREMIUM SEARCH Search by job title, geography and build a list of executive contacts
Ah, the long-promised wireless office. Employees could wander free, surfing the Web and corporate intranets without a care. They could blithely skip from cube to cube, meeting to meeting, bearing laptops and never losing track of a single e-mail. True to the vision, over the past few years short-range wireless local-area networks (WLANs) have gone from tech exotica to standard fare in some homes and offices.
Trouble is, with the rise of WLANs has come a whole new breed of security threats. A key research paper released on July 25 by cryptographers Scott Fluhrer of Cisco Systems and Itsik Mantin and Adi Shamir of Israel's Weizmann Institute pointed out critical flaws in wired equivalent privacy (WEP), the primary security protocol for WLANs using the now-dominant 802.11b wireless transmission standard (also known as Wi-Fi). The trio later used their knowledge of this flaw to break the encryption on a WEP-protected network -- in a mere 15 minutes.
Then in August, two security consultants released a program dubbed AirSnort for public consumption. AirSnort took Fluhrer, Mantin, and Shamir's theoretical framework and turned it into solid code that most tech-savvy users could operate with little difficulty. In effect, the program points out the holes in WEP security. It could allow anyone with a laptop running Linux to drive or walk around a city and gain unauthorized access to potentially sensitive wireless networks.
"It's certainly an alert. People should never be passive about their security. I think these guys did quite a service," says Scott Schnell, senior marketing vice-president at leading encryption-products vendor RSA.
"WAKEUP CALL." The problem with WEP is simple. Each packet of data in the wireless stream is encrypted with an algorithm that scrambles the traffic. Attached to each packet is a key that will allow the device on the other end to unscramble the data. In WEP, the keys are not random but are sequentially linked (Key C must follow Key B must follow Key A). So if a malicious hacker can crack any one of the keys, it's ridiculously easy to crack the rest. "AirSnort is a wakeup call about the importance of well-designed security software," says RSA's Schnell.
Even worse, Schnell says, are the increasing number of instances where employees plug unauthorized WLANs into corporate networks. That might allow them to surf the Web anywhere in the office, but all too often, they don't think about security and fail to enable even basic WEP protection. The default installation mode of most WLANs is for clear transmission of data with no encryption at all.
And even installing WEP is no picnic -- it requires a system administrator or some other techie type to manually enter a key for each wireless networking card (the cards PCs require to access a wireless network). That's probably the last thing on the mind of an employee installing a wireless network for convenience. Remember, most likely these systems are going in behind corporate firewalls, thus circumventing any security software the IT staff might have put in place.
DRIVE-BY HACKING. With prices for the equipment falling, these problems are likely to become even more serious in days ahead. WLAN systems cost less than $200, and wireless access cards for PCs run less than $100 right now -- and are heading south fast. "These access points are like modems were back in the 1980s. It's very easy for people to plug them in without even thinking about it," says David Safford, manager of IBM's Global Security Analysis Lab.
In fact, according to Safford, anyone with a laptop can use a program such as NetStumbler (among others) to sniff out these wide-open networks. Unlike AirSnort, NetStumbler requires little tech savvy -- it's a point-and-click tool. "We have read accounts of the drive-by hackers going in and reconfiguring the company access points [using these programs]," says Safford.
So how to keep wireless traffic under wraps? First, maintain a strict audit of wireless access points in your corporate network. IBM makes software that can be mounted on a handheld device, so IT pros can walk around the office and audit wireless connections. Second, companies should stop shipping WLANs with WEP security measures turned off for the default installation. That may slightly up the level of savvy required to run these systems, but the trouble is worth it in terms of added security.
DIG A TUNNEL. Another step would be to limit traffic on a WLAN to machines with approved media access codes (MAC addresses, or specific character strings that identify machines on a wireless network). By allowing only known MAC addresses to surf, you can prevent unauthorized access. Even so, outsiders who find an unencrypted WLAN or a WLAN with standard WEP encryption could still read all the data going across that network, possibly intercepting sensitive information.
Better yet, companies can use standard VPN (virtual private network) software to create an encrypted tunnel for each connection between a user and a WLAN. In general, VPN systems are based on more stable security protocols and much harder to crack, according to Chris Wysopal, a senior researcher at computer-security company @stake. And, as Schnell point out, corporate laptop users are already accustomed to firing up the VPN when they log onto company networks from the road. If it's good enough to use outside the office, why not use it for shorter-range WLAN traffic, too, asks Schnell.
A final option would be for companies to look to the new generation of products that use 802.1x, a protocol that includes dramatically improved security provisions. Most of these products feature the advanced encryption standard (AES), a new, government-sanctioned system that has undergone fairly extensive testing. More important, AES will not rely on sequentially derived keys attached to data packets.
Microsoft has already built support for 802.1x into its upcoming XP operating system, and Cisco Systems is one of the first out with a WLAN that can use the new protocol. These products will be pricier in the short term but should get much cheaper. With AirSnort and NetStumbler having pointed out significant holes in wireless networks, there's no excuse for not making their protection a top priority.
Salkever covers computer security issues twice a month in his Security Net column, only on BW Online Edited by Douglas Harbrecht
Get BusinessWeek directly on your desktop with our RSS feeds.
Add BusinessWeek news to your Web site with our headline feed.
Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.
To subscribe online to BusinessWeek magazine, please click here.
Copyright 2001 , by The McGraw-Hill Companies Inc. All rights reserved.
Printer-Friendly Version
