Being a professional services consultant, I have the pleasure of working with some of the largest organizations in the world -- solving their IT security problems. This allows me to see many different of network designs and configurations. Thus, in my time in this field, I have heard many myths that organizations believe to be true when it comes to their WiFi security.
Is your network safe? The answer might surprise you. Here are seven common myths in WiFi security and some tips on how to properly secure your network.
1. Our wireless network requires a password: therefore it is safe.
While requiring a password to access a wireless network is better than leaving it open to unauthenticated users, it may not even prevent even a novice hacker from breaking into the network. Even after all of the warnings over the years about using Wired Equivalent Privacy (WEP) protection, we still see companies use it. We see it used to support hand scanners or other one-off equipment that does not support stronger encryption, however WEP is cryptographically flawed--avoid using it or engage a professional to build a layered defense. Lastly, limit the use of WiFi Protected Access (WPA)-Pre Shared Key (PSK) for user authentication because the key would need to be rotated after every employee departure since it is static and the same for all users.
2. My Internet Service Provider (ISP) securely set up my wireless network.
This is an unfortunate myth, as many ISPs and equipment manufacturers still default to WEP protected networks. In fact, even if you are using one of the largest ISPs and they performed your install or you picked up an install kit, your network is most likely using this antiquated wireless protection.
In addition to equipment defaulting to WEP, the technicians either do not have a standard installation process or it is not always followed. Personal experience indicates that the encryption chosen by the installers depends on their knowledge and personal preference rather than a standard process.
Fortunately ISPs and hardware manufacturers are slowly changing. The latest wireless gateways and routers are finally shipping with WPA as the default, but if your organization does not have the latest equipment, you may need to change your security manually.
The bottom line is that hardware and ISPs vary and will need to be investigated on a case-by-case basis. You will have to perform due diligence as this area has been neglected for a very long time.
3. The hardware required to break into my wireless network is too expensive and hard to obtain.
While this may have been true 7-10 years ago, it is not true anymore. In fact, ordinary laptops are powerful enough to easily crack keys or brute force passwords -- the information needed to access the network. A very capable USB wireless adapter that can be used for wireless hacking is available online for just $16 with free shipping. Lastly, the operating system needed to perform this wireless attack is freely available for download from the Internet.
4. The time and skills required to break into my wireless network are more than an attacker would invest.
A well-versed attacker can break into a weak wireless network in just 5-10 minutes. Even a novice Linux user could stumble through it in less than an hour after following any of the numerous tutorials and YouTube videos available on the Internet. Moderately protected networks do not stand a chance over time. Great care must go into design and implementation to prevent a good attacker from breaking in before a network defender is able to detect and stop the attack.
5. No one wants to break into my wireless network. We share our data anyway.
Attackers do not necessarily break into networks with malicious intent -- sometimes it is just boredom, curiosity or a challenge they are seeking. However, keep in mind that the moral compass is not always functional for all individuals. Plus, even if you aren't worried about corporate espionage, you most likely deal with employee records or accounting at some point. Thus, everyone has something to lose, whether that is money, privacy, or both.
6. Our computers are patched and the firewalls are enabled, therefore an attacker on my network cannot harm me.
Even if your computers are patched and firewalled, an attacker can still perform a man-in-the-middle attack and intercept your communication. This attack involves tricking a victim into routing their traffic through the attacker's computer. You will most likely not even notice any strange behavior; however, this attack enables invaders to not only to obtain the data sent across the wire, but also your credentials needed to continually authenticate to your critical systems.
7. I will notice if an attacker is close enough to my work place to be able to access the wireless network.
Ninety-five percent of the wireless assessments we conduct suffer from wireless signal bleed. This means that the wireless signal is available outside of the building. Sometimes from as far away as the corners of their parking lots and even the next building over. Ideally, the wireless signal strength should be just strong enough to provide a reliable wireless connection without making it available to all of your neighbors. Also remember that if you are in a shared office building, you not only have to worry about horizontal bleed, but also vertical bleed for the floors above and below that are not owned by your organization.
Lastly, inexpensive antennas can be purchased or easily assembled to increase the wireless gain enough to produce a usable wireless signal from blocks away. You will not even see the attacker or the vehicle they are sitting in while they are breaking into your network. We have seen wireless bleed so extreme that we were able to launch our attacks from a café about 75 yards from the building.
The hope in writing this article is to raise awareness, which is always the first step in moving toward securing your network. Keeping in mind these myths, work with your trusted IT manager to properly design and implement the most secure wireless architecture for your business.