Re: Wireless security question...

[Austin Murkland <amurkland () merydion com>]

Marty wrote:
>  Hi,
>  
> We're having an in-house discussion regarding the risk
> related to wireless security.
>  
> The mobile users would like to be able to use the wireless
> technology within their laptops to access the office while
> they are away. Right now we don't allow wireless access
> points.
>  
> The questions we have are:
>  
> 1- Can a wireless router (installed in their home-office) be
> hacked into AND can this hacker take control of the wireless
> laptop. If so I would need some detail on how we can prevent
> that (besides WEP). Let's assume for the sake of discussion
> that there is no WEP encryption on the router. 
>   
Q1.a. Can a wireless router be hacked into?
Yes, but it depends on what you mean by that, if you're referring to 
obtaining administrator level privileges
on the router in question, the difficulty in that relies upon the 
provider of the equipment, and how well setup that equipment is.  If 
you're talking about just breaking into the network, or gaining access 
to the computer on that network that's a little different, and arguably 
easier, which leads to the next question...

Q1.b. Can this hacker take control of the wireless laptop?
Yes, but it depends on the security running on said laptop..if they have 
some sort of firewall/anti-virus in place it'll will be more difficult 
for an attacker to gain access to their laptop, however all form of 
security are not methods of keeping people out, but just slowing them 
down.  An attacker gaining access to a laptop or not largely depends on 
what their motives are, if it's free Internet, they'll might, just stop 
with access to your network, if it's industrial sabotage, their going to 
get as much information as possible, then deliver whatever payload is 
intended be it destroying information on your network, or just stealing 
all information that passing through it. 

Preventing that (in my scenario...slowing down that) would involve 
giving each wireless client their own vlan, and do not permit them to 
talk to other wireless clients locally, or perhaps even wired clients.  
WEP is crackable, usually in a matter of hours. 
http://www.tomsnetworking.com/Sections-article118.php
http://www.tomsnetworking.com/Sections-article120-page1.php
those links provide a good basic ideology of how to crack a wireless 
network with WEP turned on.
you're going to want to use an alternate form of authentication.

Q1.c. Assume no WEP on router.
No protection against anything is what you're saying there.  Understand 
that information that travels across networks using original protocols 
was not designed to be secure, and thus, Isn't.  When you login to 
email, aim/messenger/yahoo, when you access something on the network, 
this all occurs in cleartext (i.e. readable english), and anyone with 
network access and a basic understanding of network topology and 
router/switches will be able to see all of this information, and use it 
later, to send emails to your mistress& wife, withdraw funds from your 
bank account/stocks, and talk to your contacts during chat...FUD(Fear, 
Uncertainty, and Doubt) aside, a corporate network is assumed secure 
because you have a network admin. or equiv.  constantly making sure 
things *are *secure.  Wireless doesn't yet have the tools/ability to be 
as secure as a wired line, and the assumptions that follow through wired 
security, should not carry over.  Anyone within the wireless range can 
come near/in your building (or aim a long distance antenna at your 
building) and pickup a signal, jump on your network, and do what they 
feel like.  Not a good idea.

>  
> 2- How easy is it to access the laptop once you're into the
> router? Is it child splay or do we need a specialist?
>   
Q2.a How easy is it?
Accessing the network is child's play, accessing the laptop depends on 
what operating systems is running, what procedures if any they've gone 
through to "harden" (i.e. secure) the laptop against attack, and what 
software they've installed to yield basic protection from attacks.  If 
they have none of that, and are running windows... it's child's play, if 
it's a default install with no patches/protection of particular flavors 
of linux/unix, it's child's play...If they're running os x with no 
patches/protections... it's child's play... if either linux/unix or os x 
are updated, depending on the configurations options chosen at install 
they may be closer to being "hardened" , and it will take longer than a 
few minutes/hours to get in. 

Q2.b Do we need a specialist?
Judging purely by the questions, lack of specificities and a 
demonstrated lack of wireless/networking/security knowledge.... I'd 
advise either learning a lot more before you choose to implement a 
wireless solution, or hiring a CWSP, to calm your wireless security fears.
> 3- If the laptop's wireless router is secured with WEP and
> connected to the office via VPN can it be EASILY hacked
> into? The VPN connection gives them little access to the
> network, barely what they need to work. Will the intruder
> have access to our network?
>   
Q3.a Hack a VPN connection?
If the laptop has a rootkit, or some kind  of backdoor software 
installed... it would be easy, if it is properly hardened, and has basic 
protection software (firewall/antivirus) it would be more difficult.  It 
sounds like your VPN connection is setup in a secure manner.  How far 
that person would be able to get on your network depends on how skilled 
they are, whether you had IDS/IPS software on your network (alerting 
your net. admin that someone is actively trying to gain access to your 
network) and how well the attack may/maynot be able to circumvent all of 
this protection and intrusion detection/prevention software.  in short, 
yes (the answer is always yes...security just makes it harder), but not 
easily.  How uneasily largely depends on how much effort you put into 
security and following security policy (e.g. no easy passwords!!!)

Q3.b Will Intruder have access?
What you should be worried about is how easy/difficult it is for an 
intruder (i.e. compromised laptop) to gain access to the rest of your 
network...and how well you'll be able to detect an attack of this magnitude.
>  
>  
> 4- How secure is my sales rep. running around hotels with
> his laptop? 
>   
Q4. How secure is a laptop traveling across the country/world/state, 
etc...jacking onto strange networks....

If he's doing it to just web surf, he's fine....if he's using 
email...*make sure it's secure*, if he's doing anything with company 
information or passwords... *make sure it's secure or over VPN.... 
*Hotel networks, or public wifi networks are always in the same spot, 
and have thousands of users flying on/off their networks.  Their 
locations are WELL known to hackers, and the passwords/encryption which 
protect these networks should always be assumed as compromised. 

Don't use then without protection, Don't access any information you 
wouldn't want the random thug to have unless your 100% sure the 
connection is encrypted...even then you may want to change your 
password(s) after you're on a secure network again...

As a sidenote on laptops carrying confidential data to random locations, 
you may want to invest in a rainbow key, or USBKey which provides a 
hidden encrypted drive on the laptop.  While this protection is not 
foolproof, attaching the USBKey to your keychain, and then keeping all 
confidential info within that encrypted drive would shield that info 
from compromise if the laptop were lost or stolen.  Without the USBKey 
there's nothing identifiable to the operating system on the drive, just 
encrypted information (using AES encryption) hiding in unallocated 
partition space.  If this key is ever lost...so is that information.  
Duplicate keys are a GOOD idea.  one on site, one with the user.  If one 
of the pair is ever lost, a new key can be stored on them, but never 
reuse a lost key (i would hope that is obvious).


>  
>  
>  
> We are trying to assess the risk...should we, should we not
> allow wireless for the mobile workforce.
>  
>  
>   
You should, but as with all networking technologies involving security, 
you should do it right, and do it right the first time.

HTH (Hope this helps),

Austin Murkland
>  
> Thanks!
>  
> Marty
>
>
>
>