How to beat wireless attacks
Attacks change to meet the changes in WiFi products.
By Andrew Lockhart, Network Chemistry | Techworld | Published: 17:00, 22 May 2006
As we know, WEP is notoriously insecure. This has led to a shift in focus from attacking the basic flaws in the 802.11 standard to attacking flaws in how it is implemented. As a result, various attack vectors are viewed differently now and instead of attacking a wireless network directly, the new approach is to go after the endpoints that attach to it.
This change in focus is evident in some of the vulnerabilities that were released earlier this year. For instance, the WEP Client Communication Dumb-Down vulnerability allows an attacker to trick a wireless client that is configured to use WEP and Open Authentication for a preferred network into associating with an AP set up by the attacker that does not use WEP - the "evil twin" with a twist. This vulnerability is very easy to do; it allows the attacker to simply pretend to be the AP the client is looking for and does not require the proper WEP key, which would ordinarily be the case.
In addition to the WEP vulnerability, one involving ad hoc networks was also disclosed. This issue stems from a flaw in Microsoft's wireless client software that will allow a client to join an ad hoc network using the same SSID as one of the user's preferred networks if a legitimate preferred network is absent. An attacker can configure an ad hoc network with an SSID that a client is probing for. When the client joins the network, the attacker can immediately begin to probe it for weaknesses.
Attacks that exploit these vulnerabilities are fairly simple to combat. The first type of attack can be effectively mitigated by not allowing preferred network profiles to automatically connect when the network is in range. Since the issue does not affect WPA or WPA2 profiles, migrating any WEP-based preferred network to newer standards is something to consider as well - especially in light of WEP's insecurities. This is important because while many enterprises may have moved beyond WEP, many home users still have WEP networks. If you allow employees to take laptops between home and work, then it is very likely they have a preferred network that is configured to use WEP. For the ad hoc issue the answer is even simpler-just disable ad hoc networking.
In summary, the key to combating attacks against your end users is to ensure that their PC's wireless configurations are adequately locked down and to educate them on safe wireless security practices.
Andrew Lockhart is lead security analyst at Network Chemistry, security book author, and author of Snort-Wireless, an open source project adding wireless intrusion detection to Snort. He is also an editorial board member of the WVE.. This article first appeared in Network World