Wireless security

[Updated to reference Microsoft article on non-broadcast wireless networking]

I read an article the other day in Information Week, by Preston Galla. The name rang a bell, and I remembered that he used to review shareware for ZDNet. The fact that I remember his name suggests that I disagreed strongly with what he wrote about my software 🙂

The article basically says that you can secure wireless networks by a few simple steps:

  1. Hide your network ID (disable SSID broadcasts)
  2. Use Encryption “WEP is probably enough”
  3. Filter out MAC addresses
  4. Limit the number of IP addresses offered by your DHCP server
  5. Sniff for intruders using a tool like AirSnare
  6. Install host-based firewalls on all systems

Let’s contrast that with a ZDNet blog article by George Ou on “The Six Dumbest Ways to secure a Wireless LAN“, along with a quick parenthetical summarisation of what I believe George is saying:

  1. MAC filtering (an attacker can fake a MAC if he intercepts a packet)
  2. SSID hiding (an attacker can read the SSID from many other packets)
  3. LEAP authentication (CISCO screwed up)
  4. Disabling DHCP (an attacker can easily steal another host’s IP address)
  5. Antenna placement (search on “Pringles can” and “wireless”)
  6. Use only 802.11a / Bluetooth (oh, because hackers don’t have those?)

Dishonourable mention: WEP encryption – “it takes only a few minutes to break a WEP based network which makes WEP completely ineffective”.

I make that three out of six of Preston’s recommendations on how to secure wireless networks line up in George Ou’s “dumbest six ways”. I have to agree with George.

The DHCP one is a classic – to try and limit the hackers, you make it easier for them to engage in a denial of service attack on you?

That’s stooopid.

Even Microsoft, a company known for allowing people to make decisions that don’t exactly help security (hello, account lockout?) without comment, has documentation on disabling SSID broadcast as being a bad idea – note the tone of the article says “we’re trying to make it easier to do this, but really, it’s a bad idea to begin with”.

6 thoughts on “Wireless security”

  1. I still think there are two levels of wireless security. The first being protect your corporate network. In that case WPA and 801.x should be used to keep hackers at bay. The second type of security is a user at home wanting to prevent his neighbors from mooching net access. In that case WEP should be good enough 95-99% of the time. Since most people’s neighbors aren’t cracking wep. Also you can still use your DS if you just use wep.

    Disabling broadcasting is useless and just makes everyone’s life more difficult. MAC filtering is a little better, but again just makes things needlessly difficult.

  2. There’s more classes of wireless network than that, of course.
    Here’s an extended taxonomy, and the sort of thing you might need to secure:
    Public (free) access: Protect the infrastructure from damage, provide equivalent service to all users, monitor and prevent users who use the service to commit damage.
    Public (pay) access: Same as for Public (free) access, but you also want to limit usage to people who have paid.
    Private (home) access: Control who can use the wireless network, prohibit the exposure of data to unauthorised parties.
    Private (corporate) access: Strongly control who can use the wireless network, prohibit the exposure of data to unauthorised parties.
    There’s not much difference between what the home wireless and corporate wireless wants; the difference is in the resources they can expend – the time, money, and expertise.
    The same is true for the attacker – the difference is generally in the time, money, and expertise. WEP cracking, SSID sniffing, MAC faking, they’re all dead simple and cheap – so it’s no use using WEP, blocking SSID announcements or limiting MAC addresses.
    DHCP limiting is a total non-starter – it’s a Denial-of-Service attack waiting to happen.
    Never install a “security feature” that costs more to administer and/or use than it will save you in recovered or prevented costs.

  3. I still dis-agree on wep. While it may be dead simple to you and I to crack I just don’t see the average person looking for free wi-fi in neighboorhood to be doing it. The problem is there are still a good deal of consumer devices that don’t support even WPA-PSK and most home routers don’t allow multiple levels of security.

  4. The average person looking for free wi-fi downloads a simple toolkit that allows them to crack WEP if they aren’t around an unencrypted link.
    Consumer devices need to come up to scratch.

  5. Maybe you should leave it wide open for anyone to connect. But … use QoS or some method of rate limit for all IPs but your own. So as to cause the other hosts to only get 56Kbs bw. 🙂

    Then the unwnated geusts will become frustrated and discouraged and, leave.

    Just a thought.

  6. Sounds like a good idea to me.
    Part of me wants to argue that it’s dead simple to saturate your wireless bandwidth anyway, but then again, it’s worth ‘suggesting’ to the wireless hacker that he might want to go elsewhere to get bandwidth, if that’s what he wants.

Leave a Reply

Your email address will not be published. Required fields are marked *