Common Security Pitfalls

Knowing the most common problems with WLAN security as it relates
to the 802.11 standard can help you find and solve the problems with
your implementation before they become vulnerabilities that hackers
can exploit to your disadvantage.

Poor Security, Better than No Security at All!
The most common problem is that the security controls in your wireless
equipment are turned off by default out of the box. Although these security
features and functions are not all-encompassing to stop hackers,
leaving them disabled just puts you at unjustified risk. Better that you
should have minimal security measures as opposed to having no security
enabled.


Short Keys
Most cipher keys are very short; most implementations use only 40-bit
encryption keys, which can make the key stream repeat. There is no reason
why you should not at least use larger key sizes when employing
encryption techniques. To that end, a key size should be at least 80 bits
long. When using longer keys, the likelihood of having them compromised
by a hacker is far less. Hackers use “brute force” attacks that
basically try all possible combinations of usernames and passwords to
“force” their way into your WLAN. When you make the hacker’s job
much longer and more difficult, there is a greater likelihood you will
catch the intrusion attempt and resolve your network vulnerability.
Initialization Vectors
Repetition is bad because it makes it easier for hackers to decipher the
data channel for the average LAN. Initialization vectors make the
cipher stream repeat, and it is that very repetition that creates vulnerability
in your WLAN.

Shared Keys
One of the methods meant for protecting your WLAN is the element
that can be most easily compromised. “Shared” cipher keys by their very
definition constitute a vulnerability because they can be “shared” with
hackers as well as legitimate employees. The entire basis of maintaining
security is highly dependent on keeping these keys secret and in the
possession of authorized users only.
In the previous section we saw that hackers often try every possible
username and password combination in order to try and “force” access
privileges into your WLAN. Your encryption keys must be changed
often, otherwise you have very little means to protect yourself against a
hacker attack.
WEP uses the RC4 keys, but their deployment is poor at best due to
the fact that a hacker can sometimes intercept the key just by examining
the first few packets. (There are a number of other programs that do
not have the same RC4 vulnerabilities; they do not leak the key schedule
in each packet transmission.) Although this type of interception is
often used by more advanced hackers, in fact there a number of automated
means that have made this type of attack much more accessible
to almost anyone interested in a simple point-and-click interface to run
scripts to intercept information pertaining to your wireless network.

Checks and Balances for Packets
It is essential to maintain the privacy and substance of each packet during
wireless transmission handled by cyclic redundancy checks. However, CRC is not always sufficient to maintain the substance of the encrypted
packets because it is quite possible for someone to intercept and modify
the data channel. This means that these types of protection mechanisms
are not sufficient to protect your WLAN from a hacker attack.
Using encryption enables you to protect yourself so that you do not
become an easy target for a hacker attack. If you use protocols that do
not employ encryption, you are leaving yourself open to a cryptographic
attack on your WLAN.

Authentication
Accessing the network need not necessarily depend on trying to crack
the access codes; it could be done by something as simple and easy as
stealing the actual wireless network interface card already configured
with its unique MAC address to access the wireless network.
In the vast majority of WLANs, no authentication is actually taking
place. At a minimal level, only verification that the wireless device is set
to use the proper SSID occurs. Systems that screen out devices based on
identity are highly vulnerable because it is a simple and easy matter to
“spoof” or fake the identity of your wireless device based on the SSID.
Sometimes you only require just that piece of information to log into the
wireless network. How secure is that?
Authenticating the device often relies on the simplest form of “shared
key challenge response” mechanism. The attack most common in this
type of authentication is the hacker who is between the wireless workstation
and the access point using challenge response authentication
mechanisms that proceed in one direction only. However, an added level
of protection is possible when authentication occurs on both sides in
order to verify that both the users and network are authorized to use
the network resources.