Infrastructure Protection Center
BEST PRACTICES FOR WIRELESS FIDELITY (802.11b)
experts have successfully intercepted and broken the security built into
the IEEE 802.11b Wireless Local Area Network (WLAN) standard. The software
tools used to exploit the vulnerability are simple to use and available
on the Internet as freeware. The WLAN industry has responded with a set
of best practices that will assist the corporate and individual WLAN users
to mitigate risk to their system.
The deployment of
wireless networking systems is proceeding rapidly. Advancements in the
technology and reduction in the cost of ownership have converged such
that wireless systems are becoming a measurable part of the national information
infrastructure. The growth in sales booked and sales projected indicate
that it qualifies as a technology mega-trend. Along with their convenience
and popularity, however, wireless systems provide new and attractive opportunities
for those seeking to exploit them. "Raising the security bar" by reducing
wireless network vulnerabilities, therefore, becomes an important consideration
for any organization that adopts wireless systems.
There are several
different wireless networking technical standards.(1)
Currently the IEEE 802.11b standard, Wireless Fidelity (Wi-Fi) wireless
Ethernet, is widely deployed. Over one hundred vendors are members of
the Wireless Ethernet Compatibility Alliance (WECA), the trade organization
which seeks to shepherd development and deployment of WLAN.(2)
A WLAN is essentially
a radio system. It broadcasts the data traffic to anyone who is in proximity
to intercept it. The effective transmission range can vary from a hundred
feet to an entire campus. To enhance data integrity, WECA members adopted
an integrated encryption scheme called Wired Equivalent Privacy (WEP)
into the 802.11b standard. The standard was assumed to be adequate since
no beta testing had been able to defeat WEP without a significant computing
effort. In August 2001, however, a group of experts announced they had
succeeded in defeating the WEP security scheme. Since that publication,
various hacker tools that greatly facilitate exploitation of the vulnerability
have appeared on public web sites. Successful exploitation of the vulnerability
has been simplified to getting within range to intercept the broadcast.
WECA has announced
that a revision to Wi-Fi, dubbed 802.11i, is under development, and
be ready for certification testing in 2002. In the meantime, WECA has
published the WEP Security Statement as a list of best practices for
and individual users. The Statement may be found at http://www.Wi-Fi.com/pdf/20011015_WEP_Security.pdf, and includes advice for users in both small and large environments.
For smaller organizations, including home users, and for lesser-valued
WECA recommends one or more of the following:
a) Turn WEP on
and manage your WEP key by changing the default key and, subsequently,
changing the WEP key, daily to weekly.
b) Password protect
drives and folders.
c) Change the default
SSID (Wireless Network Name).
d) Use session
keys if available in your product.
e) Use MAC address
filtering if available in your product.
f) Use a VPN system.
Though it would require a VPN server, the VPN client is already included
in many operating systems such as Windows 98 Second Edition, Windows
2000 and Windows XP.
For larger organizations,
or where the value of the data justifies strong protection by a small
business or home user, the WECA statement provides examples of additional
The focus of this paper is the WEP vulnerability of IEEE 802.11b.
Vulnerabilities in other systems like 802.11a and Bluetooth, should they
arise, will need to be addressed separately.
Some of the vendors have reduced the complexity of installing the
systems by engineering them to be appliances. They can be as simple to
install as a kitchen toaster. As we have seen with other technologies,
there is added risk by accepting the default settings of computer-related
software, or by lacking familiarity with recommended best practices that
go beyond the 'system on' button.