Different standards use different frequencies 802.11b – oldest and most widely used 802.11a – newer, faster, shorter range 802.11g – combination (frequency of b, speed of a); not a standard yet but equipment supporting it is already available Bluetooth is another standard (not addressed in this presentation) Used for local device and file sharing Also has potential vulnerabilities Improper use or implementation could also lead to data disclosure, data corruption, denial of service OIGs may want to consider looking into the use and security of other wireless technologies as well
Example of an implementation of a wireless network Remote clients: computers, PDAs, etc. with wireless network cards Access point: price range $70 - $1000s; capabilities range from simple connection to different levels of authentication and access control; may or may not support encryption and virtual private networking Gateway to a wired network; could be the access point itself Wireless networks can be isolated and just connect a few wireless users to each other but often they will be connected to a wired network for further network (Internet or Intranet or both) access
dislosure: e.g. sending email from laptop could be intercepted or modified DoS: jamming or just interference (e.g. 802.11b uses 2.4GHz, same as microwave ovens) Unauthorized access: just turning your computer on (many new laptops come with wireless cards, on by default) makes you susceptible to hackers breaking into your computer over wireless Agencies spend lots of money and man hours to secure wired networks, hooking up one wireless network can negate all those security measures by opening an unsecured back door Last point – see next slide
If the wireless network is connected to a wired network, you have to look at how the networks are connected and if there is any kind of barrier/access control from the wireless network to the wired network. Wireless networks are often less secure than wired networks (or at least security has not been addressed yet) so you need to protect users, servers, data on the wired network from unauthorized access via the wireless network. A wired network often has a secured network perimeter (e.g. with firewalls) and if you put up a wireless network behind that perimeter, you create a potentially less secure back door into the wired network.
WEP is supposed to provide protection against data disclosure equivalent to that on a wired network but it doesn’t. With enough data going over a wireless network, an attacker could break WEP encryption in as little as 2 hours or less. Because wireless networks use radio signals that can be jammed with inexpensive equipment, they are very susceptible to denial of services (already talked about earlier)
“ Policies often have not been developed.” While this is true, it might be worth noting that some agencies have addressed the use of wireless, specifically the Department of Defense’s wireless restriction on classified information. And because of TIGTA review, the IRS has developed specific policies and guidance on restrictions over the use of wireless technology. (something about NASA Centers/Agency working on policies?) Remember to consult with your own legal Counsel prior to conducting any wireless scanning efforts. While OIGs are generally within their jurisdiction to conduct wireless scans, coordination with your Counsel staff will provide guidance on any agreements needed from the agency, agency personnel subject to scanning efforts (e.g., employees, contractors, and business partners), and legal aspects of intercepting and retaining wireless data packets
“Internal scanning to verify the source of signals.” In addition to internal scanning, physical search (i.e., walk through) will provide verification that the wireless equipment resides within the agency’s property. This will ensure the wireless signals you find are not coming from the office or building next door OIG may or may not be able to look at actual data being transmitted over wireless networks (legal issues, etc.). If you can, you can see if sensitive, proprietary or mission critical data is being sent, level of encryption, how easy to crack
Most if not all of these tools are readily available and cheap (or free) Laptop Network card: $40 - $150 Antenna (don’t absolutely need one because network cards pick up signals pretty well): $30 – unlimited (range extender, yagi, parabolic grid antenna – different ranges) GPS: $150 and up Sniffing software: used to pick up and identify access points, many are free from the Internet (e.g. Kismet, Netstumbler, Macstumbler) WEP cracking software: e.g. Airsnort, WEPcrack Mapping software: e.g. Mappoint, Stumbverter, Carte; used to map out signal strength and range; very useful for presenting your results, helps to convince management and users of the extent of the problem
Wireless networks are easy to install but more difficult to secure. Policies may not be in place yet. So users are putting up networks without help from and maybe without knowledge of IT staff often security is inadequate NASA’s reviews found numerous unsecured wireless networks. Often the network identifier being sent out by access points was very descriptive of who owned the network, where access points were located, or what kind of hardware was being used. Even though wireless networks are already operational, policy development is lagging behind. Only now starting to enact policies. (e.g. scientists know enough to put up an access point because they want the convenience but they don’t have the time or knowledge to maintain and secure them) (e.g. found one organization that didn’t have a firewall between official wireless network and organizational wired network) TIGTA review identified an unauthorized wireless network that was both unsecured and connected back to the IRS’ internal network. In addition, they found a lack of employee awareness on the agency’s position over the use of wireless networks By their very nature, wireless signals will usually exceed physical boundaries of the organization. The challenge is trying to eliminate the use of unknown wireless networks, limit sensitive data from traversing the wireless network, and control/protect connectivity to the agency’s internal network.
Evaluating Wireless Networks Robert W. Cobb and Staff National Aeronautics and Space Administration IT Roundtable 25 March 2003