87-01-25 Security of Wireless Local Area Networks Previous screen Amin Leiman Martin Miller Payoff Wireless networks have grown in popularity because they can be installed in hard-to-wire locations and are able to support mobile work forces. However, the increased flexibility of these systems does not come without a price. Wireless LANs are exposed to an array of security threats that differ from those that confront conventional wired LANs. This article focuses on the critical factors that should be considered when evaluating the security of wireless LANs, including their physical configuration, type of transmission, and service availability. Introduction Wireless local area networks (LANs) use a Network Interface Card with an Frequency Modulation transceiver to link multiple workstations. External antennas can be used to provide omnidirectional transmission between workstations. Wireless LANs are implemented using any of three types of communications technology: infrared, radio frequency, and microwave. A typical wireless LAN can be connected without any cabling; in some configurations, the wireless LAN may also be connected to a wired network. Wireless technology allows users the freedom to move (within certain boundaries) without the restrictions imposed by trailing cables. Networks can be set up without having to lay cable, which makes it much easier to implement changes in the network configuration. Indeed, the primary reason for the growth of wireless LANs has been their configuration flexibility in hard-to-wire locations and their ability to support mobile work forces. These benefits must be weighed against the fact that wireless systems can cost as much as two-and-a-half times the amount per workstation of conventional cabled networks. This article examines the strengths and weaknesses of various forms of wireless networking, with special emphasis given to potential security exposures. Three critical factors must be considered in evaluating the security of wireless LANs: their physical configuration, type of transmission, and service availability. The article discusses each of these factors and concludes by reviewing the controls best suited for securing wireless transmissions. An Overview of Costs and Benefits Infrared LANs require no Federal Communications Commission (FCC)license and are relatively secure because disruption of their required line-of-sight operation (e.g., that caused by electronic eavesdropping) will bring the LAN down. However, they use limited bandwidth, are easily disrupted (e.g., they cannot transmit through walls), and they are more expensive than conventional cabled LANs. The radio frequency LAN does not require line-of-sight transmission, but it is easily intercepted. However, some products do provide encryption capability. Radio frequency wireless LANs require an FCC license. The microwave transmission LAN is a technology used to bridge LANs between buildings or greater distances as an alternative to using commercial telephone lines. It is less expensive than using leased lines and is not subject to phone company rate fluctuations. However, it does require microwave and satellite dishes at both ends, which are subject to city zoning laws. As with radio frequency transmission, microwave transmission methods are subject to interception. Previous screen Wireless network technologies also share some general limitations as described in the following sections. Interoperability Interoperability is a problem with current wireless LANs. Different LANs use different technologies that are not highly compatible. For example, some vendors use the infrared part of the spectrum while others use the radio-wave band. Those that use the radio-wave band may operate at different frequencies which accounts for their different speeds. FCC regulations vary for different vendors' products. As a response to this situation, the Institute of Electrical and Electronics Engineers' The Institute of Electrical and Electronics Engineers 802.11 committee is developing a standard radio frequency protocol. Given the diversity of interests and protocols currently being developed, it is possible that no one standard will emerge. Instead, industry-specific standards may arise, such as one for retail and another for manufacturing. Performance Performance of wireless LANs has generally lagged behind that of cabled LANs. Infrared LANs operate at or below 1 megabit per second (Mbps). Radio frequency LANs typically run between 2M bps and 3.5M bps, well below Ethernet's published rate of 10M bps. (The actual Ethernet throughput is lower than this stated rate; the variance is therefore not as great.) Despite the difference, it is expected that wireless LANs wil move to a frequency capable of boosting speeds to 16M bps, a pace highly comparable with the capacity of current cabled networks. Configuration Configuration limitations restrict the use of wireless LANs. For example, infrared LANs require line-of-sight operation. Although radio LANs can transmit through walls, to be most effective they are typically kept on the same floor within a fixed area (depending on the requirements of the specific vendor equipment used). The wireless LAN may work well in one location but may not be recognized on a network in another office. The challenge is to route a microcomputer's data to the appropriate file server when the computer is continually moving. Industry Applications Wireless computing is slowly gaining broader acceptance as portables become more prominent in business settings. In addition, the development of cellular technology has led to increased interest in wireless LANs. With the growing acceptance of cellular technology, organizations have become more comfortable with the concept of processing without cables. Often such new technologies as wireless LANs experience dynamic growth only after a unique application is introduced that is well suited to the technology. Electronic messaging (E-mail) may be that application. Wireless messaging fits well with a growing work force that must be able to communicate in real time. Wireless mail networks allow mobile users to communicate wherever they are without plugging into a data port. This includes participation in mail-enabled applications specifically adapted for portable computers. Electronic wireless messaging is typically accomplished by sending a message from a network through a gateway to a local switch, transmitting by satellite, from which it is downlinked to a relay station, which in turn transmits to a stationary or mobile receiver. From here, the user can download the message to microcomputers running such mailenabled applications as dispatch and sales systems. Although wireless E-mail is a Wide Area Network application, it is certain to influence attitudes about the use of wireless LAN processing within the office environment. Previous screen Recent developments may help spur the growth of wireless LANs. These developments include: · Hardware and software for notebook and laptop computers that allow access to host systems over wireless networks. · External wireless adapters that attach to a computer's parallel port, allowing even those computers with no available slots to gain wireless access. · Cellular technology that allows the user to carry a computer from one cell to another while the software automatically seeks and finds the next adjacent cell and makes the connection to the new server, forging a link to the first server and maintaining the logical link at all times. · The development of a wireless LAN with transmission rates of 5.7M bps, which is comparable to the speeds of many wired Ethernet LANs. · The recent plan by the Federal Communications Commission to allocate 20 MHz of radio spectrum—which would not require a license—for use in wireless networks. · Motorola's announcement that it would move to the next stage of financing Eridium, a $3.37 billion wireless global telecommunications network scheduled to begin operation in 1998. Eridium will use 66 low-earth-orbit satellites to provide subscribers wireless voice, paging, facsimile, data, and“radio-determination” satellite-locating services. Wireless technology is being applied in such diverse settings as the airline, banking, and health-care industries. For example, a major European air carrier is using a palmtop product to check passengers remotely from the curbside and parking lot at an East Coast airport, which has resulted in shorter check-in lines. A major Midwestern commercial bank transmits customer information to its branches using spread-spectrum radio frequency LANs, which has improved customer service. And a Florida hospital is considering implementing cellular technology that would allow doctors to travel throughout the hospital with palmtop computers without losing connection to the network. Security Concerns Wireless LANs differ from hard-wired LANs in the physical and data link layers of the Open Systems Interconnect (OSI) reference model. In attacking hard-wired LANs, a perpetrator would need physical access to the communication medium either through the cables that connect the network or through the telephone closet. A wireless LAN communicates through the air; intercepting emanated signals in the air requires more sophisticated techniques. The belief that airborne transmissions can be easily intercepted with readily available radio equipment is simplistic and misleading. Intercepting is one thing, understanding the intercepted data another. This is especially true if the data is sent in digital form. Many wireless LAN products have built-in security features specifically designed to prevent unauthorized access to signals in transit. Decrypting an encrypted signal requires vendorsupplied decryption devices and decryption keys as well as the technical expertise to use them effectively. According to a US Senate subcommittee report, the Electronic Communications Privacy Act of 1986 (ECPA), which prohibits the interception of electronic messages, does not cover wireless data communications. The Senate Privacy and Technology Task Force report says that the ECPA “failed to anticipate” how the variety of private communications Previous screen available to users would expand and how data would be carried by radio links. It recommends that the law be updated to protect most radio-based communications 55 technology. The absence of laws protecting wireless communications has encouraged perpetrators to attempt unauthorized access to company data. As a consequence, businesses and other organizations have been wary of using this technology for sensitive applications. Currently, the use of wireless LANs in industry has been limited to nonsensitive applications. However, as users learn more about wireless LAN technology and methods for securing wireless communications, organizations should become more interested in using this technology for processing sensitive applications. This article focuses on the three critical factors that should be considered when evaluating the security of a wireless LAN: physical configuration, type of transmission, and service availability. Each of these factors is related; therefore, the security specialist must have a clear understanding of all of them to fully appreciate the relevant security issues. Physical Configuration From an operational point of view, use of wireless LANs gives the user more flexibility in changing the configuration of terminals. However, from the security perspective, this flexibility provides more avenues of potential attack. Intruders can intercept wireless transmissions without having to physically access the office in which the network is located. However, the ease of such access depends, in part, on how the wireless LAN is configured. For example, if designed correctly, an in-office wireless LAN should limit the range of access to the office area. On the other hand, a network designed to communicate between buildings is more susceptible to potential intruders because the range of possible interception is much wider. But even then, the intruder's task is not a simple one. It requires being able to distinguish the target data from other data being transmitted at the same time. The intruder must also be able to decipher the signal. Although computers can be used to sort out the signal, this process requires significant effort and expense. It is important to recognize that the coverage area in a wireless network is not defined by distance alone but by signal levels and cochannel interference as well. A wireless LAN may also be used to extend an existing hard-wired LAN rather than to replace it; this may add further complexity to the overall architecture. Types of Transmission As stated earlier, there are three types of wireless LAN technologies: infrared (e.g., light and laser beam), radio frequency(e.g., spread spectrum), and microwave. Each of these technologies has its own security exposures. Currently, there are three popular wireless LAN products on the market utilizing these different technologies. The BICC Communications InfraLAN uses infrared, the NCR Corp. WaveLAN uses spread spectrum, and the Motorola Altair uses microwave technology. The following sections describe the security exposures common to each technology. Infrared Infrared communications require line-of-sight transmission over a limited bandwidth. For example, InfraLAN uses an optical wavelength of 870 nanometers; its range between nodes is 80 feet. Hence, a potential intruder must be in the office within the 55 Betts, M., ÒDo Laws Protect Wireless Nets?ÓComputerworld 25, no. 24 (1991), p. 47. Previous screen specified range and must be in a line-of-sight path, a combination of factors that can be easily achieved only by insiders. The use of infrared technology is not licensed by the Federal Communications Commission. This increases the possibility of unauthorized use and potential interference. However, this technology is also relatively secure because disruption of its line-of-sight operation (e.g., in the event of electronic eavesdropping) will bring the LAN down. In light of the limited distance between nodes and the line-of-sight requirement, infrared-based wireless LANs are considered relatively secure. Radio Frequency. Although radio frequency transmissions can pass through walls and partitions, radio frequency networks must usually be kept on the same floor. Because line-of-sight transmission is not required, transmitted data can be more readily intercepted. To combat this problem, some products have incorporated encryption capabilities. By sending data over several frequencies, spread-spectrum transmission minimizes the possibility of eavesdropping. Radio frequency-based LANs currently use frequencies in the range of 902 MHz to 928 MHz. The drawback of these frequencies is that they are also used by television, VCR extenders, and antitheft devices in stores. In the presence of such devices, the network may be disrupted. Generally, radio signal is affected by noise and interference. WaveLAN is one product that uses spread-spectrum technology. In an open environment, it can cover a range of 800 feet, and in a semiclosed environment, it can cover a range of 250 feet. Because radio technology is well understood by many professionals, it may also be more susceptible to attempts at unauthorized access. This exposure can be mitigated by implementing such security mechanisms as encryption and access controls. It should be noted that the The Institute of Electrical and Electronics Engineers 802.11 committee is trying to forge a standard radio frequency for use in network transmissions. Microwave. Microwave is a communications technology used to connect LANs between buildings and over greater distances than is possible with infrared or radio frequency technologies. Altair uses microwave technology; this product is compatible with existing cable-based standards, protocols, and communication speeds, and can complement, replace, or extend such networks as token ring and Ethernet networks. One of Altair's strengths is its transparent operation with Ethernet architecture and such Network Operating System as Novell NetWare and Microsoft LAN Manager. Altair utilizes the FCC-licensed 18GHz frequencies, and it can cover a range of 5,000 square feet. To coordinate the use of separate frequencies, Motorola has established a centralized Altair Frequency Management Center to ensure compliance with FCC regulations. Altair provides two built-in security features: data scrambling and restricted access. The data scrambling feature scrambles data between the control module and the user module. The restricted access feature, which is incorporated into Altair's Time-Division Multiplexing architecture, allows access only to user modules whose 12-digit IEEE 802.33 Ethernet addresses have been entered into the control module's registration table. Because microwave use is FCC-licensed and, hence, is monitored, it is considered the most secure system. As one might expect, potential intruders tend to avoid regulated environments for fear of being caught and prosecuted. Service Availability Previous screen For a complete understanding of the security concerns affecting wireless LANs, the concept of service availability must be understood. In a simple way, service availability can be thought of in terms of the dial tone one gets when picking up a phone—the absence of a dial tone can be the result of equipment failure, a busy circuit, or a poor signal. Service availability can be discussed in terms of these three components: signal availability, circuit availability, and equipment availability. To tap the network using unauthorized terminal connections, the perpetrator must obtain an adequate signal, an available circuit, and the right equipment. If any of the three components of service availability is missing, access to a wireless LAN cannot be completed. However, having service availability does not automatically mean getting successful access to the network. Other factors such as network architecture and network security mechanisms affect the potential success of access attempts. Signal Availability. In a radio frequency system, signal availability has to do with whether there is sufficient radio energy reaching the receiver to produce an acceptable bit-error rate in the demodulated signal. In an infrared system, the receiving unit must be in the line of sight of the beam. Signal availability directly relates to distance; as a node is placed beyond the effective range, the signal becomes unavailable. Circuit Availability. Circuit availability usually depends on cochannel interference and adjacent channel interference. Cochannel interference occurs when two transmissions on the same carrier frequency reach a single receiver.(The ratio of the carrier to interference is called the carrierto-interference ratio.) Adjacent channel interference occurs when energy from the modulated carrier spreads into the adjacent channels. The Motorola Frequency Management Center maintains a central data base that tracks the location and frequency of each Altair module in the US to lessen the possibility of interference. One tactic of intruders is to locate the carrier frequency and purposely jam the receiver to prevent other transmissions from accessing the receiver. Wireless networks are particularly susceptible to this form of attack. Equipment Availability. Equipment availability refers to the availability of appropriate equipment for a particular network. In the case of wireless LANs, special equipment and connectors may be required to access the network. For example, equipment proprietary to Altair is needed to access an Altair network. Therefore, an intruder cannot use a typical scanner to access and compromise the network. In addition, this equipment must be connected to the Altair LAN by means of ThinNet T connectors with terminators, which are also unique to Altair. Wireless Network Controls Security of a wireless LAN depends on two factors: protective security mechanisms and audit mechanisms. These controls are discussed in the following paragraphs. Protective Security Mechanisms As identified by the International Standards Organization in itsISO-OSI Reference Model Security Guidelines, several mechanisms can be used to provide security services in Previous screen a network: encryption, cryptographic error checks, source authentication, peer-to-peer authentication, and access control. In wireless LANs, encryption and access control are the two most widely used methods of security. Encryption. The three most common techniques of encryption are link, end-to-end, and application encryption. link encryption encrypts and decrypts information at each physical link, whereas end-to-end encrypts the information throughout the network and decrypts it at the receiving location. Link encryption is more secure if the information is being transmitted by means of several physical links because multiple keys are required to decipher the information. Application encryption encrypts information at the application level. Among wireless LAN products that offer encryption, Altair uses end-to-end encryption to scramble data sent between the control module and the user module. Access Controls. Access controls are used to identify network users and authorize or deny access according to prescribed guidelines. Some LAN operating systems use the workstation ID stored in Network Interface Card, which the LAN operating system checks at log-on time. Any workstation attempting to access the network without the correct ID is disconnected from the network. Another way of providing access control is by means of a user registration table. For example, Altair requires that the 12-digit Ethernet addresses of all authorized users be entered into the control module's registration table. Any user whose code has not been so entered is denied access to the network. This feature is effective in restricting potential perpetrators from gaining network access. Audit Mechanisms To maintain a secure wireless LAN, a security audit should be performed in addition to ongoing monitoring activities. The security audit of a wireless LAN requires the examination of security policy, security protection mechanisms, and security administration. These areas are described in the following paragraphs. Security Policy. Security policy governs the overall activities of the network. Without an effective policy, it is difficult to enforce protection. A security policy should specifically address the policy for accessing the wireless LAN. The policy should be as specific as possible. At a minimum, it should specify who is authorized to access the network, under what circumstances and what capacity, and when access is permitted. The policy should also establish the rules for moving workstations to ensure proper monitoring of each physical access point. The security manager should ensure that this policy is communicated to all network users and that it is adopted by them. Security Protection. Securing a wireless LAN requires constant physical and logical protection. Physical protection involves securing the physical devices from unauthorized access. This usually requires such normal security housekeeping as providing a secure room to house the computer devices. Logical protection usually requires access controls and data encryption. It is crucial that all built-in security features be fully implemented; add-on security products (e.g., end-to-end encryption devices) should be considered as necessary. Security Administration. Previous screen Without proper enforcement, security policy and protective devices provide false assurance about the organization's level of information security. Therefore, it is important that one or more individuals be designated to act as a security administrator. The security administrator is responsible for ensuring that the organization's security policy is implemented and that all applicable security features are fully and correctly used. Strict enforcement of security policy and procedures is particularly important in a wireless LAN environment because of the relative ease with which users can change the composition of the network. Conclusion To take full advantage of the benefits of wireless networks, appropriate security measures should be instituted. With the constant development of new technologies, security exposures need to be controlled in a cost-effective manner. Although customer demands influence the development of new products, they typically do not drive the development of security features for these products. It is management's responsibility to ensure that newly acquired wireless technologies are implemented in a controlled way. In the purchase of a wireless LAN product, the quality of its security features should be carefully reviewed and tested. Because wireless LAN technology is relatively new, it is recommended that products be considered on the basis of the security mechanisms they incorporate and on the reputation of the vendor for its research and ongoing development of products. Before a wireless LAN product is purchased, the quality of its security features should be thoroughly evaluated and tested. Author Biographies Amin Leiman Amin Leiman, CISA, is a manager in the Computer Risk Management group of Arthur Andersen & Company S.C. in Los Angeles. Martin Miller Martin Miller is a manager with Deloitte & Touche's Computer Assurance Services in Seattle. His practice focuses on network controls and security.