Curt Frierson, VP, SouRCe Services, Security | Research | Consulting
Objective: The Emerging Technology Series is designed to assist financial institutions in evaluating the risks associated with new technologies. Organizations are often drawn by the features and functionality that cutting-edge technology can provide; however, it is important to understand the risks associated with any technology before implementing it into a production environment. Any addition to your technology infrastructure carries with it risk which must be planned for and managed. Understanding the risks involved will help align your institution’s technology decisions with business objectives. Although this guide will help highlight some of the more common risks financial institutions may face in implementing this technology, it is not intended to be a comprehensive guide to assessing risk within your network. A formal risk assessment should always be performed prior to implementation which addresses threats to your specific environment.
What It Does: Wireless networking helps enhance intra-office communication by providing a communication method that does not rely on a physical medium. Wireless Local Area Networks (WLANs) eliminate the need for traditional network cabling in providing network access to many users. This provides increased office mobility and avoids network cabling limitations.
How it Works: Wireless networking relies on two key components: a wireless access point and a wireless network interface card. The role of the access point is to provide a doorway for the wireless network interface to enter the traditional wired LAN. Once the wireless network interface has made a successful connection to the access point, the wireless client can communicate just as if it were connected through a network cable to the LAN.
Summary: The following chart presents some of the key threats associated with wireless technology in a financial services environment. In addition, some controls are identified to help manage or mitigate the identified threats. Following the chart, some additional security controls are presented which can help secure the overall environment of a wireless network. Each of the controls specified in this worksheet should be examined to determine whether they are appropriate for your environment.
|Eavesdropping||Eavesdropping (also known as sniffing) presents the most inherent risk to wireless networking due to the nature of wireless communication. Because there is no physical medium, transmissions cannot be easily secured by physical controls. Communication traffic can be attacked from any position within the wireless range. An eavesdropping attack involves capturing the data packets traveling over the wireless network. Because a lot of network communication occurs in clear-text, eavesdropping could allow an attacker to capture a large amount of sensitive data. Wifi Protected Access (WPA) can be utilized to securely encrypt traffic between the wireless interface and the access point. If encryption is needed from end to end (i.e., an employee utilizing a home wireless network to connect to the office), a VPN tunnel can be utilized in addition to WPA to secure the data until it reaches the remote site.||– WPA
– VPN Tunneling
– Long, Complex Encryption Keys
|Direct Access to Wireless Clients||Most wireless interfaces are configured by default to allow ad-hoc networking. The intention of this configuration is to allow devices within a close proximity to set-up a peer-to-peer network to share resources. While convenient for a meeting in the conference room, this configuration could potentially allow an attacker to associate with your wireless client and access your data while you are using your laptop. Your wireless client could also be tricked into connecting to an ad-hoc network that an attacker configured. Ad-hoc is not necessary when connecting to a wireless network through an access point. This setting should be disabled for most wireless network users. A client-side firewall such as the Windows XP firewall should also be utilized to protect against incoming communication. A further step to reduce the risk of direct wireless connections is to disable the wireless interface entirely when it is not in use.||– Disabling Ad-hoc Mode
– Client Side Firewalls
– Disabling wireless interface when not in use
– Hardware Profiles
|Unauthorized Devices||Wireless capabilities continue to be integrated with more and more computing devices. As this trend continues, the risk of employees utilizing unapproved wireless devices on the corporate network increases. These unauthorized devices are more likely to lack proper security controls. Insecure devices being connected to the WLAN presents numerous threats to network security. Rogue, or unauthorized, access points also fall into this category. Rogue access points can be installed by employees seeking to bypass content filtering or by attackers implementing their own gateway to the internal network. Unauthorized devices can also include individuals attempting to access the wireless network through “war driving”. War driving is the process that attackers use to identify and exploit wireless access points. Networks that require higher levels of security can specify a select group of devices which are authorized to use the access point. Any other devices attempting to connect, even with valid credentials, will be denied.||– MAC Address Filtering
– Audit log reviews
|Default or Incorrectly Configured Access Points||The default configurations of access points are widely known. Several aspects of default configurations pose risks to the overall security of the wireless network. The first and possibly most important is the password to the access point itself. With a default or weak administrative password, an attacker could potentially gain access to the access point and change any of the configuration settings. This could nullify most security controls that have been implemented. A complex and routinely changed password required to manage the access point is critical. Another risk of a default installation involves the Service Set Identifier (SSID). The SSID acts as a crude password for the access point. Users must connect to the access point by the SSID. Changing the default SSID will provide a minimal but important layer of security for the WLAN. SSIDs are also broadcasted by default. The purpose of broadcasting an SSID is to allow users to easily identify access points that are within range. Unfortunately, this also allows an attacker to easily identify that an access point is present. Disabling SSID broadcasts will prevent novice hacker attacks by requiring more complex methods of detecting the wireless network.||– Disabling SSID Broadcasting
– Strong administrative password
|Mobile Devices Being Lost or Stolen||Wireless technology is often used to facilitate mobile devices such as laptops or PDAs. The mobile nature of these devices requires them to be small and portable. While the size of these devices makes them convenient to carry, it also makes them easy to lose or be stolen. If the only settings required to connect to the corporate WLAN are configured in the laptop, an attacker who obtains the lost device could potentially access the network. Requiring a form of authentication that is not specific to the device will prevent a laptop thief from having unimpeded access to the wireless network. If static encryption keys are utilized, these keys should be changed periodically as well. This will prevent former employees or vendors from being able to gain access to the network through the same keys.||– Multi-factor Authentication
– Periodically changing encryption keys
|Denial of Service||Attackers may be able to disrupt wireless communication even if they cannot connect to the wireless network by flooding the wireless airwaves with static. This can effectively disable the wireless network so legitimate wireless users cannot communicate. Other electrical devices may inadvertently cause interference which could cause disruption as well.||– Traffic Shaping
– Performance Monitoring
Additional Security Controls:
- Firewall Between the Wireless LAN and Wired LAN: Placing a firewall between the wireless network segment and the wired network will create a security boundary in the event unauthorized access occurs in the WLAN.
- Wireless IPS/IDS: Monitoring wireless network activity with an intrusion prevention/detection system can allow you to proactively detect and block most types of intruder attempts to which you may otherwise be vulnerable.
- Selecting Strong Encryption Keys: WPA (WiFi Protected Access) is the best current alternative for encrypting wireless network traffic; however, the strength of its security relies on the length and complexity of the encryption keys. If a pre-shared key (PSK) is utilized, it is critical that the key be sufficiently long and complex. Otherwise, WPA-PSK is susceptible to dictionary or brute force attacks.
- Administrative Controls: Implement policies and procedures for wireless use that include tools, methods, and procedures to limit security risks by effectively combating threats. Controls should also include periodic testing, end user training, a methodology for risk assessment, and a formal strategy for addressing security incident response.