LAN Sharks
Does wireless networking set your LAN afloat or offer it as bait? Make sure your WLAN keeps the bad guys out
by Paul Sholtz
May 2002
Wireless networking is quickly becoming one of the most exciting and fastest growing areas of high technology. Streaming video is now available on properly equipped cell phones, 3G networks are finally being rolled out, and the International Telecommunications Union predicts that the number of mobile phones in use worldwide will soon surpass 1 billion.
In fact, wireless networks are becoming so pervasive that you may encounter them in places you might not ordinarily expect to find them. One example is at the airport check-in counter, where wireless LAN (WLAN) technology is increasingly used for bag matching and curbside check-in applications. Yet despite the heightened state of alert following September 11, these systems are still sometimes deployed without adequate security controls in place.
According to reports recently issued by independent security consultants, WLAN systems at the American Airlines terminals at Denver International Airport and San Jose International Airport were operating completely in the clear, without any encryption in place at all. In one instance, the security experts witnessed an intrusion taking place while they were conducting their tests. In another case, the IP address of the curbside terminal was prominently pasted on the computer monitor. Access to a bag-matching system could, in theory, allow an attacker to manipulate flight information to show that luggage belonged to a boarded passenger, when in fact it did not.
These cases illustrate that even in places where you might expect to find exacting attention paid to security concerns, wireless technologies can still slip under the radar and create potential hazards. But that doesn't mean WLAN technologies should be abandoned. There are steps you can take to ensure that your WLAN deployment is as secure as possible.
The Rising Popularity of WLAN Systems
A WLAN is just what it seems like—a network without wires. WLANs use high frequency radio waves rather than wires to communicate and transfer data between nodes on the network. The simplest WLAN configuration is a peer-to-peer arrangement, also known as an ad hoc WLAN (see the "Ad Hoc WLAN Configuration" diagram). Ad hoc WLANs let desktop and laptop computers communicate wirelessly, as long as they're equipped with compatible WLAN adapters and are within range of one another.
Although ad hoc WLANs are certainly convenient, infrastructure WLANs are probably more common. In this case, WLAN technology is used to extend an existing wired LAN and provide cable-free connectivity between users and resources on the wired network segment. Two types of devices are used on an infrastructure LAN: an access point (see "In Depth" sidebar) and a PC (or PCI) adapter card. The access point is connected to a wired Ethernet network using an ordinary RJ-45 cable (see the "Infrastructure WLAN Configuration" diagram). Once attached, the access point acts as a wireless hub, passing data back and forth between the wired network and the wireless clients.
WLANs come in several different flavors. The two most common types are 802.11a and 802.11b. Both standards use the Ethernet transport protocol, making them compatible with higher-level protocols like TCP/IP. Where they differ is in the specifics of their transmission characteristics.
The 802.11b standard is the more common of the two. 802.11b transmitters operate at 2.4GHz and can transfer data at rates up to 11MBps using direct sequence spread spectrum modulation, also known as DS-CDMA. 802.11b networks are ideal if you're deploying a WLAN in a large facility with significant range requirements, for instance a warehouse or department store. Security experts studying WLANs have spent most of their time looking at 802.11b deployments, but many of the security concerns covered in this article are also common to other 802.11-based networks.
802.11a networks aren't as common as 802.11b, but with data transfer rates of up to 54MBps, they offer superior performance for bandwidth-hungry applications. 802.11a networks operate at 5GHz, a higher frequency than 802.11b systems. Unfortunately, that means they're constrained to a significantly smaller spatial range. 802.11a transmitters rarely send data farther than 60 feet, a far cry from the 300 feet that is common with 802.11b transmitters.
802.11a networks are ideal if you need high performance (for instance, if you're deploying voice or video applications over your WLAN), or if the 2.4GHz band is already somewhat crowded. Cell phones, microwave ovens, and Bluetooth devices all operate in the 2.4GHz band and can degrade the performance of an 802.11b WLAN, so operating an 802.11a network in the 5GHz band avoids this interference.
WLANs are becoming increasingly popular in venues where users demand the benefits of location independence and freedom of movement, or in places that can benefit from simplifying their IT infrastructure. Some examples include:
- Applications within the enterprise that require roaming and mobility across a floor, building, campus, or between facilities. This sector has been the largest driver of WLAN growth for the past several years.
- Vertical software applications that involve large amounts of data collection, such as bar codes and industrial automation solutions.
- Small businesses that can benefit from the simplicity and ease-of-use that WLANs offer.
- The residential and home-office markets, which have always been more difficult to wire than businesses.
- The hottest area of growth for WLAN technology over the next few years will probably be in public areas, including airports, hotels, convention centers, and even coffee shops.
In many ways, WLANs are a dream come true. They reduce calls to the company help desk, increase worker productivity, and can lower the total cost of LAN ownership. But WLANs also introduce a host of security risks that must be addressed and controlled before the technology becomes widespread.
