 |
|
|
WiFi (IEEE 802.11) has a huge following in home, office and public applications, but security is increasingly being seen as its biggest weakness. Security is possible, but comes at a price. The trick is to balance the cost of the network with the level of security required.
Most residential applications of WiFi still run without any security, with few problems. Someone stealing service or hacking into your computer, would have to be parked fairly close to your home, and would often raise eyebrows, just like the Toronto man who was recently caught driving down a one-way street while allegedly downloading child porn over a stolen WiFi signal.
Security is a bigger concern for businesses, particularly those in multi-tenant office buildings where their signals can be easily monitored from other offices. Companies should assume that their WiFi signals are public because, even if standard laptops cannot pick up the signal, equipment with high gain antennas may still be able to.
Good security should provide authentication to verify the identity of a device trying to access the network, encryption to obscure the data from eavesdropping, and integrity to verify the identity of the sender and ensure that the contents of packets are not changed in transit.
The security system built into 802.11b standard is known as WEP (Wired Equivalent Privacy). This is satisfactory for home users, but fails for business users due to both security and management concerns. Flaws in the implementation of the encryption algorithm in WEP has received a lot of attention, but what is more important is that it relies on a single key for each access point. Even if the WEP security algorithm was unbreakable, the shared key would be like leaving the back door to Fort Knox open, with no guards.
A shared key is both a management nightmare and a security risk. If a company has multiple access points, and each has a different key, then each WiFi-enabled computer will have to be provisioned with all the keys for all access points its users may access (possibly all of them). Worse yet, whenever a key is changed, all laptops will have to be updated. The shared key should be changed at least whenever an employee leaves the company. Without this precaution, an ex-employee with a grudge and a laptop could sit in the parking lot and access the corporate network. That person’s account might be shut down, but at the least, monitoring of the transmissions of other employees could still occur.
One approach is to assume that WiFi is completely insecure and locate it outside the corporate firewall, relying on VPN access to get inside. Access to the WiFi network would still provide eavesdroppers with access to the internet, but not to the corporate network. Furthermore, those who did have access to the corporate network would be protected by the VPN encryption, so eavesdropping would not be possible.
The problems with a VPN solution are relatively minor. VPNs require a double logon for employees, and they will not protect Access Points from denial-of-service attacks or degradation of service through unauthorized internet access. More importantly, buildings will have to be wired with separate Ethernet for the ‘outside’ devices, such as WiFi Access Points.
There is a lot of work going on to improve the security of WiFi – perhaps too much work, because the many alternatives are creating a compatibility nightmare. The end-game of strong security on the WiFi air interface will require a complete replacement of hardware, so an interim solution known as WPA (WiFi Protected Access) has been designed.
WEP keys are known to be weakly protected. An alternative to strengthening the protection of the keys is to use TKIP (Temporal Key Integrity Protocol) to change keys more frequently than hackers can crack them. This is not much use if there is only a single root. Consequently, a corporate login server (AAA – Authentication, Authorization and Accounting server) will be required to keep track of each user’s base key.
Network managers for larger companies need to think before implementing AAA. One AAA per site will not give roamers from other company locations access to the network. A centralized AAA will put considerably more load on the inter-office network and, if offices are not connected by private facilities or VPNs, could become a security risk.
The future of WiFi security lies with IEEE 802.1x and EAP (Extensible Authentication Protocol). Unfortunately, at present, this is being extended in several different directions, many of them proprietary. Until a clear direction emerges, companies need to remain cautious about purchasing new equipment, and may wish to rely on the VPN method of security for the interim.
David Crowe is a wireless standards and technology consultant based in Calgary. He published the newsletters Cellular Networking Perspectives and Wireless Security Perspectives. He can be reached at David.Crowe@cnp-wireless.com.
© – Copyright