An article I read recently, attributed Simon Perry, vice president of Computer Associates' security division, as saying 802.11x security issues are all vendor hype.
According to Perry, the article says, the threat is merely conceptual at the moment, companies aren't using 802.11 technologies anyway, and those that are using them are adequately protected. In other words, the media has blown the issue completely out of proportion.
Is this a ploy for Computer Associates to gain media attention? Maybe so, but I feel the need to respond because WLANs (wireless LANs) pose a huge risk to any organisation's networks.
Although the media has brought the issue to the public's attention, the fact remains that 802.11x security -- as defined in the standard -- is very poor. WEP (Wired Equivalent Privacy) encryption is a joke, and SSID (Service Set Identification) and MAC (Media Access Control) address authentication provide only a miniscule layer of security that is easily circumvented, especially with today's available tools.
War driving has been discussed to death in the press, but it does occur on a regular basis. The new hobby for bored teenagers and technogeeks is to drive around with an antenna and GPS strapped to your laptop hunting for wireless access points. While most are not maliciously attacking networks and are carefully preventing themselves from accessing the network and any of the files contained therein, not everyone is so polite.
One of the more popular tools used in war driving, NetStumbler, tells you the access point name, whether encryption is enabled and numerous other bits of information. NetStumbler is also a great tool for administrators trying to identify rogue access points in their organisation. Taking a quick drive down Highway 101 in Silicon Valley, I picked up 20 access points, with only five using WEP.
Kismet is a wireless network sniffer for Linux that includes many of the same capabilities as NetStumbler. AirSnort is a Linux-based tool that tries to recover encryption keys. These and many more tools are freely available on the internet.
Although organisations still must be vigilant about securing their main internet gateway, the corporate perimeter is expanding. How many users access the internal network via a VPN or other means of remote access? How many of those users have wireless networks at home? Are they secure? If not, your internal network is vulnerable, regardless of how secure your main internet gateway is.
Organisations should create strong remote access policies and define how wireless networks should be configured. At a minimum, wireless home networks should use MAC and SSID authentication as well as 128-bit encryption. This is not the most secure setup, but you cannot expect someone to spend several thousand dollars to implement an enterprise security solution in their home.
Companies should look into using 802.11x for authentication and key exchange. Naturally, they should also tunnel wireless traffic via a VPN, removing the need to worry about WEP vulnerabilities. Until 802.11 is proven secure, smart network managers will keep worrying.