A federal agency is readying a report that will recommend against the U.S. government using wireless LANs — except when applying a long, detailed list of security controls.
Even though wireless LANs are a billion-dollar business and growing fast, reports such as the one coming out from the National Institute of Standards and Technology (NIST) continue to dog the technology.
Sources say, the U.S. Department of Defense also is said to be considering restrictions on wireless LAN usage for classified and nonclassified environments.
What NIST is advising
Among NIST’s recommendations is that wireless LAN access points be located only where no unauthorized individuals can access them.
With freeware such as AirSnort, hackers have been known to access wireless LAN access points from up to 1,000 feet away.
NIST also suggests that agencies put firewalls between wireless and wire-based LANs. Another 50 or so recommendations will be included in the report, called “Wireless Network Security.”
The NIST report arrives at a time when the IEEE is attempting to standardize on port authentication in 802.11 wireless LANs.
The proposed 802.1X standard addresses several authentication types, including passwords, certificates, media access control (MAC) addresses and the widely used Remote Authentication Dial-In User Service protocol. But 802.1Xs progress hasn’t been smooth, with a University of Maryland professor cracking the technology earlier this year and companies such as Cisco Systems Inc. and Funk Software Inc. battling over how to bolster it.
But it’s critical to move ahead on 802.1X because the 802.11b specification, as the NIST report points out, lacks any “true authentication” of users. Only a user’s wireless LAN-enabled device is authenticated via what’s called the Service Set Identification (SSID).
The NIST report suggests that wireless LANs should include VPN clients and gateways for privacy and authentication. Wired Equivalent Privacy (WEP), the 802.11 standard for encryption, has been shown to be too easily broken using freeware such as WEPCrack.
Report cites helpful vendors
NIST singled out vendors such as Bluesocket and Vernier Networks as being among those that deliver products that can address wireless LAN security and privacy concerns.
Searching out wireless LAN vulnerabilities is becoming a business. One start-up, AirDefense, has catalogued what it says are 100 types of denial-of-service attacks jamming the airwaves with noise to shut down wireless LAN access points, 27 attacks to take over wireless LAN stations, 490 different probes to scan wireless LANs for weaknesses and 190 ways to spoof media access control (MAC) addresses and SSIDs to assume the identity of another user.
“The MAC address is unique, so only one should be trying to come into the wireless LAN at a time,” says Fred Tanvella, chief security officer at AirDefense, which developed a wireless LAN intrusion-detection sensor.
“So if someone is using a Cisco card and another a Lucent (Technologies Inc.) card, and they’re trying to fake it, we can tell,” he says.
Government contractor Science Applications International Corp. (SAIC) is experimenting with a “honeypot” to detect and trap hackers trying to break into wireless LANs from a distance (sometimes referred to as “wardriving”). The goal is to gather information about how hackers get in.
While SAIC officials declined to discuss the project in depth, it is known to be based on Cisco wireless LAN access points deployed in the Washington, D.C., area.