I’ve had a few ask what the top wireless threats are in today’s 802.11 standard. While some are melicious most are accidental DoS attacks by other devices on the same spectrum. Sometimes these devices are not Wi-Fi.
Network Profiling and Reconnaissance
It’s no surprise the linux community created their own open-source wireless devices. They did much more! With some builds you can do mesh, bridging, NAC, routing, captive portal, firewall and more. The hardware used is called SBC (Single Board Computers). These computers are inexpensive and full of power. The same boards you can buy bare are the systems most large network vendors use to create their products. Some larger fortune 100 companies use these boards as design reference boards as they build their full production.
Wireless has grown at a fast past over the last year. With cost of deployment low enough to justify a WLAN deployment in any environment. Another reason is the understanding of Wi-Fi has grown in the IT organization and they are feeling more comfortable with supporting this new medium of communication.
With the growth of WLANs there comes the growth of assets in the network. Hospitals struggle the most with the explosion of device growth and need a way to track them in large campuses. With that I give you RFID tracking. This technology is not new at all. It has been around for years in other RF environments but now becoming very popular in Wi-Fi. In this post I’m going to focus around hospitals since I have done most installations for RFID in this environment.
What are some of the applications hospitals are using RFID for:
Create your own hotspot with little effort and little amount of cash. Hotspots are still in demand even though EVDO and 3G WAN wireless access is inexpensive and available through several providers. You still need hotspots for higher speed internet connections to keep your guest sticky or to provide temporary internet services to contractors.
There are several definitions of Guest Access “Hotspot”. I am referring to the ability to provide access to users that do not have user accounts on your local Active Director or RADIUS server. Also referring to guest of a coffee house or hotel. You can have paid for service guest or free access with some restrictions and security.
Wireless Intrusion Prevention also known as wIPS is not new technology. However, it has matured over the last several months and knowledge of its benefits are becoming well known.
Why use wIPS in your WLAN?
802.11 is a well known documented standard. Since anyone can review the standard they can understand how the management frames operate and wireless handshakes occur. This opens the door to attacks in the air and DoS type attacks. To eliminate the risk vendors implement their own method of over the air detection (OTA). Cisco uses Management Frame Protection (MFP) and RF Finger Printing to detect security threats to its own WLAN. Aruba, Meru, Trapeze and other also implement detection but do not offer MFP as an addition. Once the WLAN system detects a rogue device it can either auto contain or alert the administrators of the event and leave options up to the administrator on actions to take. Most vendors allow for APs to service clients and scan channels at the same time. There is a slight cost in performance and the cost very per vendor. You can also set APs to be sensors only and spend all their cycles scanning and detecting wireless security threats.
802.11n is in 2008 what Fast Ethernet was in the 90s. Finally, we can push more data through our wireless connections. Among several doors opened by this new technology the biggest door is an “all wireless office“. Imagine removing the IT costs of setting up a remote site or branch office. Now you could ship a few APs out to a small office with a post-it note that says “plug in wall”. After the AP initializes it would discover it’s controller that manages all the SSIDs and security policies for the AP. Your corporate users can use the same AD credentials to access the wireless infrastructure. Your AD and all other important resources can remain central. Too good to be true? Not really! I know of several large corporations that do this very same setup today. The good thing about it… It works! 11n helps to get the job done.
Key components of 11n
802.11v is a preposed extension of 802.11 standard. With .11v the access point can manage the existing wireless devices to a certain extent. For example, setting a power save poll PS-Poll to turn off the chipset during quiet times where there is no data to send or receive. Also the ability to reduce power of the radio if close to the AP. Both above settings can be controlled by the AP configuring the wireless device. Imagine how much power you can save on you iPhone? Read the rest of this entry »
Just recently there was a report of a student in Germany that uncovered a hole in a part of 802.11i. German student Erik Tews explains how he is was able to inject data on a wireless network using TKIP (Temporal Key Integrity). Read the rest of this entry »
