Guerrillas in Our Midst

A little over a year has passed since the publication of the University of Maryland's paper "Your 802.11 Wireless Network Has No Clothes" ( which detailed a number of holes in wired equivalent privacy (WEP), the encryption protocol used to secure 802.11b wireless LANs.

The impact the paper had on 802.11b was highly damaging. Within months, there were further damning analyses, countless scare stories in the press, and, predictably, a new wave of hacking tools capable of cracking WEP keys within minutes.

Frustratingly, this all took place at the moment that wi-fi looked set to take off commercially. The price of hardware had fallen dramatically, and the reaction from anyone coming into contact with the equipment ranged from mild enthusiasm to rampant zeal. However, despite its charms, the corporate sector took a couple of long steps back from wi-fi, waiting for some clarity on the security issues. What could have been a busy year for the implementation of wireless soon became a desert, with few network administrators gaining familiarity with the technology.

Prior to this, another facet to 802.11b had caught the attention of radio hackers. By using directional antennae and line of sight, the range on 802.11b network cards could be extended from the initial limit of 300 metres to distances of ten miles or more. These discoveries quickly prompted a flood of activity from networking enthusiasts on the Internet. Groups such as ( and the Bay area wireless group ( soon began to build communities designed to establish metropolitan area networks in cities worldwide. This movement thrived on the ability to create fixed IP communications over WAN links comprising a bandwidth six times that of a T1 line. At present, there are over a hundred wireless WAN and MAN communities worldwide, with most major cities housing nascent communities eager to reap the rewards a skilful deployment can bring.

Nevertheless, these pipe (or pipeless) dreams face serious limitations in the form of a lack of investment, and the same anarchic nature that brought hackers flooding to the technology in the first place. Because 802.11b hardware can only operate within the 2.4-gigahertz band provided, multiple networks face limitations on their ability to proliferate without interference. As well as this, the technology shares the 2.4GHz band with other electrical devices, including Bluetooth and microwave ovens. Some wireless communities have already assumed the mantle of planning forums, striving to rationalize the deployment of wireless WANs through the use of cellular planning and other techniques found within mobile phone networks.

Amateur as they are, there is a danger in ignoring the impact that these communities can have on the future security of wireless networking. The ethos behind these communities has so far been largely philanthropic, as evidenced in Hawaii, where a string of wireless masts provides Internet connectivity to schools and small businesses in remote areas. However, the tone used for wireless community names illustrates that their intent can stray from the benevolent 'community' networks to potentially more unsavory 'guerrilla' networks.

Risks are apparent in the relatively safe haven that a sophisticated guerrilla network can provide for cybercrime, operating as it does outside of any regulations. The tracing of malicious or illegal activities within these networks will prove difficult at best if the routers and gateways aren't obliged to store any logs of their activity. This anarchy could be tempered somewhat if the business community were disposed to join the party with some heavy investment and stipulations on deployment. However, the lack of steering committees like the Internet Engineering Task Force (IETF), and the narrow spectrum available, is likely to steer them clear, leaving wireless WANs to become a temporary autonomous zone for modern day pirates. Still, the greatest, and most humbling, risk of all is one of meritocracy. While participants in guerrilla networking hone their skills daily, familiarizing themselves with bewilderingly complex implementations, corporate IT staff worldwide have for the most part yet to see a wireless network interface card (NIC).

Despite security issues the widespread adoption of wireless networking has come to be regarded as an inevitability. Big IT players such as Microsoft have already invested heavily in the field, and there is an increasing desire for the benefits to be realized. Wi-fi is a highly seductive technology, as can be discovered when trying to retrieve insecure wireless iPAQs from the hands of the boardroom elite, or when forced to re-price the cost of a bridge on campus. Its simplicity offers solid returns on investment, and it has the potential to radically improve the ergonomics and productivity of the modern workplace.

802.11b, despite the publicized security flaws, looks set to stay around for a while, as the next generation of wireless 54Mbit per second hardware is costly and has yet to provide a clear winner between the 802.11a, 802.11h and Hiperlan2 standards. So, for the meantime, what can be done to secure 802.11b in the enterprise?

Although the initial four key implementations of WEP have recognized weaknesses, hardware vendors such as 3Com and Cisco have stayed ahead of the curve from the start by releasing hardware with tighter security. For the better part of a year it has been possible to hide service set identifier (SSID) broadcasts from snoopers, and to automate the swapping of WEP keys, dropping them well before a sufficiently long window has been left open to crack them.

The introduction of temporal keying, which enables old 802.11b hardware to employ rapid changeover of WEP keys, is expected to gain ground later this year, allowing administrators to harden existing cards through the use of a software patch. Looking ahead, the next generation of 802.11b hardware will replace the RC4 algorithm currently in use with AES, which is altogether better suited to wireless transmission. Finally, the use of virtual private networks (VPNs) provides a further layer of encryption which has had years to prove itself on the Internet.

The use or combination of any of the above measures hardens wireless networks, and steers them well clear of the perceived dangers they displayed at the start of last year. As these improvements in security become more apparent to the corporate sector, there is a growing chance of increased uptake of wireless LANs over the coming year. But for now we are still in the midst of a lull that has allowed wireless hackers to establish themselves on the high ground. When wireless technology starts to roll out in volume, IT staff will need strong guidance and proven security skills in the establishment and maintenance of wi-fi.

In short, it now falls to security professionals to show the same level of ability with wireless networks as the hackers...

Perry Norton is a consultant working for the IT security practice of PricewaterhouseCoopers in Dublin ( Perry specializes in wireless technologies and can be contacted at [email protected]


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.