Types of Wireless Network Attacks: Misconfiguration
There has been much talk concerning the flaws in software, along with the numerous system exploits being disclosed on a daily basis. However, security experts are more concerned that this serves as a distraction to IT professionals who should be focusing on a more severe problem - improperly secured wireless networks. Today's wireless environments are so poorly configured and managed that attackers can virtually walk right through without attracting too much attention.
The concern of mismatched software and hardware
The problem arises from the plethora of mismatched software and hardware, making way for a network infrastructure that is vulnerable to a wide range of attacks. In some cases, the devices may function properly but are terribly misconfigured. While several companies take the first step by implementing a security system, many more fail to maintain them, causing these implementations to be inefficient.
Incorporating SSID
SSID (Service Set ID) is a configurable identification mechanism that enables a client to communicate with the correct base station; all stations come included with their own default SSID. When configured properly, only clients configured with the corresponding SSID can interact with the base station. An attacker can exploit the default SSIDs in attempt to access a base station that may have still have its default configuration. Some will change the default SSID password to something simple, ultimately making the network just as vulnerable.
Those configured with more complex SSIDs are still subject to exploits. For instance, an attacker may attempt to guess the base station SSID using a brute force attack of known dictionary phrases, a trick that attempts to guess every word or phrase possible. What may seem like a time consuming process is made easy with the right hacking utilities. The use of simple SSID passwords is considered to be misconfiguration of network resources and makes it much easier for an intruder to compromise a network.
Unlike most of your data, SSID is not encrypted even when enabling the WEP feature, meaning the password is broadcasted in plaintext. This is a major concern as many access points have SSID broadcasting enabled by default. Even if it is turned off, a packet sniffer can simply wait for the next valid user to make a network connection and spy on the plaintext message.
Expert opinion
Lisa Phifer, Vice President of Core Competence Inc., has been actively involved in the development, implementation and evaluation of internetworking security, communications and network management solutions for more than 20 years. She has advised companies from small to large in regard to product assessment, security needs and the overall importance of using the best practices of emerging technologies. In a recent interview, Lisa noted that the Code Red worm was amazingly still infecting network servers at the end of 2007. This is very unsettling considering the fact that virus signatures and server patches to contain the infection have been readily available since 2001. Like most experts, Phifer blames this continuous outbreak on misconfiguration. She went on to state that Gartner Research has predicted that misconfiguration will account for an estimated 70% of successful wireless LAN attacks through the year 2009.
Post a comment