Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Security of Wireless Local Area Networks

advertisement 
87-01-25 Security of Wireless Local Area Networks
Previous screen
Amin Leiman
Martin Miller
Payoff
Wireless networks have grown in popularity because they can be installed in hard-to-wire
locations and are able to support mobile work forces. However, the increased flexibility of
these systems does not come without a price. Wireless LANs are exposed to an array of
security threats that differ from those that confront conventional wired LANs. This article
focuses on the critical factors that should be considered when evaluating the security of
wireless LANs, including their physical configuration, type of transmission, and service
availability.
Introduction
Wireless local area networks (LANs) use a Network Interface Card with an Frequency
Modulation transceiver to link multiple workstations. External antennas can be used to
provide omnidirectional transmission between workstations. Wireless LANs are
implemented using any of three types of communications technology: infrared, radio
frequency, and microwave. A typical wireless LAN can be connected without any cabling;
in some configurations, the wireless LAN may also be connected to a wired network.
Wireless technology allows users the freedom to move (within certain boundaries)
without the restrictions imposed by trailing cables. Networks can be set up without having
to lay cable, which makes it much easier to implement changes in the network
configuration. Indeed, the primary reason for the growth of wireless LANs has been their
configuration flexibility in hard-to-wire locations and their ability to support mobile work
forces. These benefits must be weighed against the fact that wireless systems can cost as
much as two-and-a-half times the amount per workstation of conventional cabled networks.
This article examines the strengths and weaknesses of various forms of wireless
networking, with special emphasis given to potential security exposures. Three critical
factors must be considered in evaluating the security of wireless LANs: their physical
configuration, type of transmission, and service availability. The article discusses each of
these factors and concludes by reviewing the controls best suited for securing wireless
transmissions.
An Overview of Costs and Benefits
Infrared LANs require no Federal Communications Commission (FCC)license and are
relatively secure because disruption of their required line-of-sight operation (e.g., that
caused by electronic eavesdropping) will bring the LAN down. However, they use limited
bandwidth, are easily disrupted (e.g., they cannot transmit through walls), and they are
more expensive than conventional cabled LANs.
The radio frequency LAN does not require line-of-sight transmission, but it is easily
intercepted. However, some products do provide encryption capability. Radio frequency
wireless LANs require an FCC license.
The microwave transmission LAN is a technology used to bridge LANs between
buildings or greater distances as an alternative to using commercial telephone lines. It is
less expensive than using leased lines and is not subject to phone company rate
fluctuations. However, it does require microwave and satellite dishes at both ends, which
are subject to city zoning laws. As with radio frequency transmission, microwave
transmission methods are subject to interception.
Previous screen
Wireless network technologies also share some general limitations as described in the
following sections.
Interoperability
Interoperability is a problem with current wireless LANs. Different LANs use different
technologies that are not highly compatible. For example, some vendors use the infrared
part of the spectrum while others use the radio-wave band. Those that use the radio-wave
band may operate at different frequencies which accounts for their different speeds. FCC
regulations vary for different vendors' products. As a response to this situation, the
Institute of Electrical and Electronics Engineers' The Institute of Electrical and Electronics
Engineers 802.11 committee is developing a standard radio frequency protocol.
Given the diversity of interests and protocols currently being developed, it is possible
that no one standard will emerge. Instead, industry-specific standards may arise, such as
one for retail and another for manufacturing.
Performance
Performance of wireless LANs has generally lagged behind that of cabled LANs. Infrared
LANs operate at or below 1 megabit per second (Mbps). Radio frequency LANs typically
run between 2M bps and 3.5M bps, well below Ethernet's published rate of 10M bps. (The
actual Ethernet throughput is lower than this stated rate; the variance is therefore not as
great.) Despite the difference, it is expected that wireless LANs wil move to a frequency
capable of boosting speeds to 16M bps, a pace highly comparable with the capacity of
current cabled networks.
Configuration
Configuration limitations restrict the use of wireless LANs. For example, infrared LANs
require line-of-sight operation. Although radio LANs can transmit through walls, to be
most effective they are typically kept on the same floor within a fixed area (depending on
the requirements of the specific vendor equipment used). The wireless LAN may work well
in one location but may not be recognized on a network in another office. The challenge is
to route a microcomputer's data to the appropriate file server when the computer is
continually moving.
Industry Applications
Wireless computing is slowly gaining broader acceptance as portables become more
prominent in business settings. In addition, the development of cellular technology has led
to increased interest in wireless LANs. With the growing acceptance of cellular technology,
organizations have become more comfortable with the concept of processing without
cables.
Often such new technologies as wireless LANs experience dynamic growth only after a
unique application is introduced that is well suited to the technology. Electronic messaging
(E-mail) may be that application. Wireless messaging fits well with a growing work force
that must be able to communicate in real time. Wireless mail networks allow mobile users
to communicate wherever they are without plugging into a data port. This includes
participation in mail-enabled applications specifically adapted for portable computers.
Electronic wireless messaging is typically accomplished by sending a message from a
network through a gateway to a local switch, transmitting by satellite, from which it is
downlinked to a relay station, which in turn transmits to a stationary or mobile receiver.
From here, the user can download the message to microcomputers running such mailenabled applications as dispatch and sales systems. Although wireless E-mail is a Wide
Area Network application, it is certain to influence attitudes about the use of wireless LAN
processing within the office environment.
Previous screen
Recent developments may help spur the growth of wireless LANs. These developments
include:
·
Hardware and software for notebook and laptop computers that allow access to host
systems over wireless networks.
·
External wireless adapters that attach to a computer's parallel port, allowing even those
computers with no available slots to gain wireless access.
·
Cellular technology that allows the user to carry a computer from one cell to another
while the software automatically seeks and finds the next adjacent cell and makes the
connection to the new server, forging a link to the first server and maintaining the
logical link at all times.
·
The development of a wireless LAN with transmission rates of 5.7M bps, which is
comparable to the speeds of many wired Ethernet LANs.
·
The recent plan by the Federal Communications Commission to allocate 20 MHz of
radio spectrum—which would not require a license—for use in wireless networks.
·
Motorola's announcement that it would move to the next stage of financing Eridium, a
$3.37 billion wireless global telecommunications network scheduled to begin operation
in 1998. Eridium will use 66 low-earth-orbit satellites to provide subscribers wireless
voice, paging, facsimile, data, and“radio-determination” satellite-locating services.
Wireless technology is being applied in such diverse settings as the airline, banking,
and health-care industries. For example, a major European air carrier is using a palmtop
product to check passengers remotely from the curbside and parking lot at an East Coast
airport, which has resulted in shorter check-in lines. A major Midwestern commercial bank
transmits customer information to its branches using spread-spectrum radio frequency
LANs, which has improved customer service. And a Florida hospital is considering
implementing cellular technology that would allow doctors to travel throughout the hospital
with palmtop computers without losing connection to the network.
Security Concerns
Wireless LANs differ from hard-wired LANs in the physical and data link layers of the
Open Systems Interconnect (OSI) reference model. In attacking hard-wired LANs, a
perpetrator would need physical access to the communication medium either through the
cables that connect the network or through the telephone closet. A wireless LAN
communicates through the air; intercepting emanated signals in the air requires more
sophisticated techniques.
The belief that airborne transmissions can be easily intercepted with readily available
radio equipment is simplistic and misleading. Intercepting is one thing, understanding the
intercepted data another. This is especially true if the data is sent in digital form. Many
wireless LAN products have built-in security features specifically designed to prevent
unauthorized access to signals in transit. Decrypting an encrypted signal requires vendorsupplied decryption devices and decryption keys as well as the technical expertise to use
them effectively.
According to a US Senate subcommittee report, the Electronic Communications Privacy
Act of 1986 (ECPA), which prohibits the interception of electronic messages, does not
cover wireless data communications. The Senate Privacy and Technology Task Force
report says that the ECPA “failed to anticipate” how the variety of private communications
Previous screen
available to users would expand and how data would be carried by radio links. It
recommends that the law be updated to protect most radio-based communications
55
technology.
The absence of laws protecting wireless communications has encouraged perpetrators
to attempt unauthorized access to company data. As a consequence, businesses and other
organizations have been wary of using this technology for sensitive applications.
Currently, the use of wireless LANs in industry has been limited to nonsensitive
applications. However, as users learn more about wireless LAN technology and methods
for securing wireless communications, organizations should become more interested in
using this technology for processing sensitive applications.
This article focuses on the three critical factors that should be considered when
evaluating the security of a wireless LAN: physical configuration, type of transmission,
and service availability. Each of these factors is related; therefore, the security specialist
must have a clear understanding of all of them to fully appreciate the relevant security
issues.
Physical Configuration
From an operational point of view, use of wireless LANs gives the user more flexibility
in changing the configuration of terminals. However, from the security perspective, this
flexibility provides more avenues of potential attack. Intruders can intercept wireless
transmissions without having to physically access the office in which the network is
located. However, the ease of such access depends, in part, on how the wireless LAN is
configured. For example, if designed correctly, an in-office wireless LAN should limit the
range of access to the office area. On the other hand, a network designed to communicate
between buildings is more susceptible to potential intruders because the range of possible
interception is much wider.
But even then, the intruder's task is not a simple one. It requires being able to
distinguish the target data from other data being transmitted at the same time. The intruder
must also be able to decipher the signal. Although computers can be used to sort out the
signal, this process requires significant effort and expense.
It is important to recognize that the coverage area in a wireless network is not defined
by distance alone but by signal levels and cochannel interference as well. A wireless LAN
may also be used to extend an existing hard-wired LAN rather than to replace it; this may
add further complexity to the overall architecture.
Types of Transmission
As stated earlier, there are three types of wireless LAN technologies: infrared (e.g.,
light and laser beam), radio frequency(e.g., spread spectrum), and microwave. Each of
these technologies has its own security exposures. Currently, there are three popular
wireless LAN products on the market utilizing these different technologies. The BICC
Communications InfraLAN uses infrared, the NCR Corp. WaveLAN uses spread
spectrum, and the Motorola Altair uses microwave technology. The following sections
describe the security exposures common to each technology.
Infrared
Infrared communications require line-of-sight transmission over a limited
bandwidth. For example, InfraLAN uses an optical wavelength of 870 nanometers; its
range between nodes is 80 feet. Hence, a potential intruder must be in the office within the
55
Betts, M., ÒDo Laws Protect Wireless Nets?ÓComputerworld 25, no. 24 (1991), p. 47.
Previous screen
specified range and must be in a line-of-sight path, a combination of factors that can be
easily achieved only by insiders.
The use of infrared technology is not licensed by the Federal Communications
Commission. This increases the possibility of unauthorized use and potential interference.
However, this technology is also relatively secure because disruption of its line-of-sight
operation (e.g., in the event of electronic eavesdropping) will bring the LAN down. In light
of the limited distance between nodes and the line-of-sight requirement, infrared-based
wireless LANs are considered relatively secure.
Radio Frequency.
Although radio frequency transmissions can pass through walls and partitions,
radio frequency networks must usually be kept on the same floor. Because line-of-sight
transmission is not required, transmitted data can be more readily intercepted. To combat
this problem, some products have incorporated encryption capabilities.
By sending data over several frequencies, spread-spectrum transmission minimizes the
possibility of eavesdropping. Radio frequency-based LANs currently use frequencies in the
range of 902 MHz to 928 MHz. The drawback of these frequencies is that they are also
used by television, VCR extenders, and antitheft devices in stores. In the presence of such
devices, the network may be disrupted. Generally, radio signal is affected by noise and
interference.
WaveLAN is one product that uses spread-spectrum technology. In an open
environment, it can cover a range of 800 feet, and in a semiclosed environment, it can
cover a range of 250 feet. Because radio technology is well understood by many
professionals, it may also be more susceptible to attempts at unauthorized access. This
exposure can be mitigated by implementing such security mechanisms as encryption and
access controls.
It should be noted that the The Institute of Electrical and Electronics Engineers 802.11
committee is trying to forge a standard radio frequency for use in network transmissions.
Microwave.
Microwave is a communications technology used to connect LANs between
buildings and over greater distances than is possible with infrared or radio frequency
technologies. Altair uses microwave technology; this product is compatible with existing
cable-based standards, protocols, and communication speeds, and can complement,
replace, or extend such networks as token ring and Ethernet networks. One of Altair's
strengths is its transparent operation with Ethernet architecture and such Network Operating
System as Novell NetWare and Microsoft LAN Manager. Altair utilizes the FCC-licensed
18GHz frequencies, and it can cover a range of 5,000 square feet. To coordinate the use of
separate frequencies, Motorola has established a centralized Altair Frequency Management
Center to ensure compliance with FCC regulations.
Altair provides two built-in security features: data scrambling and restricted access. The
data scrambling feature scrambles data between the control module and the user module.
The restricted access feature, which is incorporated into Altair's Time-Division
Multiplexing architecture, allows access only to user modules whose 12-digit IEEE 802.33
Ethernet addresses have been entered into the control module's registration table.
Because microwave use is FCC-licensed and, hence, is monitored, it is considered the
most secure system. As one might expect, potential intruders tend to avoid regulated
environments for fear of being caught and prosecuted.
Service Availability
Previous screen
For a complete understanding of the security concerns affecting wireless LANs, the
concept of service availability must be understood. In a simple way, service availability can
be thought of in terms of the dial tone one gets when picking up a phone—the absence of a
dial tone can be the result of equipment failure, a busy circuit, or a poor signal.
Service availability can be discussed in terms of these three components: signal
availability, circuit availability, and equipment availability. To tap the network using
unauthorized terminal connections, the perpetrator must obtain an adequate signal, an
available circuit, and the right equipment. If any of the three components of service
availability is missing, access to a wireless LAN cannot be completed. However, having
service availability does not automatically mean getting successful access to the network.
Other factors such as network architecture and network security mechanisms affect the
potential success of access attempts.
Signal Availability.
In a radio frequency system, signal availability has to do with whether there is
sufficient radio energy reaching the receiver to produce an acceptable bit-error rate in the
demodulated signal. In an infrared system, the receiving unit must be in the line of sight of
the beam. Signal availability directly relates to distance; as a node is placed beyond the
effective range, the signal becomes unavailable.
Circuit Availability.
Circuit availability usually depends on cochannel interference and adjacent channel
interference. Cochannel interference occurs when two transmissions on the same carrier
frequency reach a single receiver.(The ratio of the carrier to interference is called the carrierto-interference ratio.) Adjacent channel interference occurs when energy from the
modulated carrier spreads into the adjacent channels. The Motorola Frequency Management
Center maintains a central data base that tracks the location and frequency of each Altair
module in the US to lessen the possibility of interference.
One tactic of intruders is to locate the carrier frequency and purposely jam the receiver
to prevent other transmissions from accessing the receiver. Wireless networks are
particularly susceptible to this form of attack.
Equipment Availability.
Equipment availability refers to the availability of appropriate equipment for a
particular network. In the case of wireless LANs, special equipment and connectors may be
required to access the network. For example, equipment proprietary to Altair is needed to
access an Altair network. Therefore, an intruder cannot use a typical scanner to access and
compromise the network. In addition, this equipment must be connected to the Altair LAN
by means of ThinNet T connectors with terminators, which are also unique to Altair.
Wireless Network Controls
Security of a wireless LAN depends on two factors: protective security mechanisms and
audit mechanisms. These controls are discussed in the following paragraphs.
Protective Security Mechanisms
As identified by the International Standards Organization in itsISO-OSI Reference
Model Security Guidelines, several mechanisms can be used to provide security services in
Previous screen
a network: encryption, cryptographic error checks, source authentication, peer-to-peer
authentication, and access control. In wireless LANs, encryption and access control are the
two most widely used methods of security.
Encryption.
The three most common techniques of encryption are link, end-to-end, and
application encryption. link encryption encrypts and decrypts information at each physical
link, whereas end-to-end encrypts the information throughout the network and decrypts it
at the receiving location. Link encryption is more secure if the information is being
transmitted by means of several physical links because multiple keys are required to
decipher the information. Application encryption encrypts information at the application
level. Among wireless LAN products that offer encryption, Altair uses end-to-end
encryption to scramble data sent between the control module and the user module.
Access Controls.
Access controls are used to identify network users and authorize or deny access
according to prescribed guidelines. Some LAN operating systems use the workstation ID
stored in Network Interface Card, which the LAN operating system checks at log-on time.
Any workstation attempting to access the network without the correct ID is disconnected
from the network. Another way of providing access control is by means of a user
registration table. For example, Altair requires that the 12-digit Ethernet addresses of all
authorized users be entered into the control module's registration table. Any user whose
code has not been so entered is denied access to the network. This feature is effective in
restricting potential perpetrators from gaining network access.
Audit Mechanisms
To maintain a secure wireless LAN, a security audit should be performed in addition to
ongoing monitoring activities. The security audit of a wireless LAN requires the
examination of security policy, security protection mechanisms, and security
administration. These areas are described in the following paragraphs.
Security Policy.
Security policy governs the overall activities of the network. Without an effective
policy, it is difficult to enforce protection. A security policy should specifically address the
policy for accessing the wireless LAN. The policy should be as specific as possible. At a
minimum, it should specify who is authorized to access the network, under what
circumstances and what capacity, and when access is permitted. The policy should also
establish the rules for moving workstations to ensure proper monitoring of each physical
access point. The security manager should ensure that this policy is communicated to all
network users and that it is adopted by them.
Security Protection.
Securing a wireless LAN requires constant physical and logical protection. Physical
protection involves securing the physical devices from unauthorized access. This usually
requires such normal security housekeeping as providing a secure room to house the
computer devices. Logical protection usually requires access controls and data encryption.
It is crucial that all built-in security features be fully implemented; add-on security products
(e.g., end-to-end encryption devices) should be considered as necessary.
Security Administration.
Previous screen
Without proper enforcement, security policy and protective devices provide false
assurance about the organization's level of information security. Therefore, it is important
that one or more individuals be designated to act as a security administrator. The security
administrator is responsible for ensuring that the organization's security policy is
implemented and that all applicable security features are fully and correctly used. Strict
enforcement of security policy and procedures is particularly important in a wireless LAN
environment because of the relative ease with which users can change the composition of
the network.
Conclusion
To take full advantage of the benefits of wireless networks, appropriate security measures
should be instituted. With the constant development of new technologies, security
exposures need to be controlled in a cost-effective manner. Although customer demands
influence the development of new products, they typically do not drive the development of
security features for these products. It is management's responsibility to ensure that newly
acquired wireless technologies are implemented in a controlled way.
In the purchase of a wireless LAN product, the quality of its security features should be
carefully reviewed and tested. Because wireless LAN technology is relatively new, it is
recommended that products be considered on the basis of the security mechanisms they
incorporate and on the reputation of the vendor for its research and ongoing development of
products. Before a wireless LAN product is purchased, the quality of its security features
should be thoroughly evaluated and tested.
Author Biographies
Amin Leiman
Amin Leiman, CISA, is a manager in the Computer Risk Management group of Arthur
Andersen & Company S.C. in Los Angeles.
Martin Miller
Martin Miller is a manager with Deloitte & Touche's Computer Assurance Services in
Seattle. His practice focuses on network controls and security.
Related documents
WAEA
WAEA
ZigBee Based Intelligent Helmet for Coal Miners
ZigBee Based Intelligent Helmet for Coal Miners
Dr. Luk R. Arnaut
Dr. Luk R. Arnaut
Wireless structural health monitoring system(Literature review
Wireless structural health monitoring system(Literature review
wireless - Home and Learn
wireless - Home and Learn
Answers to End-of-Chapter Materials
Answers to End-of-Chapter Materials
Daftar Singkatan
Daftar Singkatan
TechnoCom Selected to Speak at 86th Annual TRB Meeting
TechnoCom Selected to Speak at 86th Annual TRB Meeting
Download
advertisement