Driveby Hacking on the Go - Page 2
As Keeney sees it, lackadaisical security settings are a big problem indeed. Under their default settings, wireless hardware products from most vendors will automatically broadcast their IP addresses, allowing easy detection by sniffer software. A handful of vendors, including Symbol and Lucent, automatically disable broadcast IP. Otherwise, users must go out of their way to turn off this feature.
"What surprised me most during my vacation trip, though, was that less than half of the businesses and homes had even bothered to turn on WEP encryption," says Keeney, who works for Pasadena Networks, LLC.
Managed Services Provider (MSP) DataVox came up with similar findings about the use of Wired Equivalent Privacy (WEP) encryption within New York City's financial district in lower Manhattan.
In a recent driveby of London, the UK-based security company Orthus detected 124 wireless computer systems, which enabled them to access 207 different networks. More than two-thirds of these systems were unprotected by any type of encryption.
In a widely circulated paper published in January, 2001, the University of California at Berkeley pointed to several security defects in WEP. Software programs such as WEPCrack can be used for retrieving WEP keys. "Even so, though, cracking the keys takes more time than most people would be willing to spend," Keeney notes.
Several vendors have been devising workarounds to WEP encryption problems. Symbol, for example, uses rotating WEP keys in its wireless LAN lineup. In mid-December, RSA Security announced a WEP security patch that has gained approval from the IEEE. Co-developed with Hifn, the patch uses a technology called Fat Packet Keying to encrypt each packet of data with a different key.
Meanwhile, though, consultants have been advising the use of other security mechanisms to supplement WEP. Frequently raised suggestions range from firewall security to SSL, 802.1x, VPNs, and a number of proprietary solutions.
Bluesocket and ReefEdge, for example, each offer multifaceted security offerings which, although quite different from one another, combine proprietary authentication/encryption schemes with support for standard wireless protocols. Administrators can use either vendor's products to assign access rights and allocate bandwidth through role-based permissions, for instance.
ReefEdge also supports mobile roaming through proprietary Mobile Masquerading and Dynamic IPsec technologies. The US Airforce recently purchased ReefEdge's products for use at multiple sites, according to ReefEdge CEO Inder Gopal.
Another major wireless security problem, experts say, is that network administrators also rely on manufacturers' default Service Set IDentifiers (SSIDs), or network names, instead of creating SSIDs that are harder for outsiders to guess.