AUGUST 30, 2006 | It's a great idea to have employees working from
home via wireless connections. Unless, of course, hackers break into
those employees' wireless LANs -- and potentially compromise your
entire enterprise network.
Researchers say it's way too easy to break into most home WLANs
because most users typically leave their wireless routers configured
with the default SSID, administrative password, and unencrypted
settings. That makes the home WLAN a welcome mat into the user's
corporate network.
"It's scary how vulnerable these networks are," says Ken Baylor,
director of market development and strategic alliances for McAfee. In
some recent war-driving tests, McAfee found half of home wireless
LANs were unprotected and unencrypted, Baylor says. And few
enterprises are paying attention to their users' home WLANs.
The safest bet is a secure VPN connection for your users, researchers
say. Even a well-secured home WLAN with a WPA/WPA2 encryption and a
unique SSID is still not as safe as a secure VPN link. That's because
the wireless encryption ends where the wired network begins.
But even with a VPN, a user can contract spyware and suffer from a
keylogging attack, Baylor says.
Meanwhile, most home users run WEP encryption or none at all, he
says. Only about 10 or 20 percent run WPA. The 128-bit WEP encryption
isn't enough: Baylor says his team was able to crack WEP encryption
on a wireless router in less than two minutes.
WEP is notoriously weak for encryption, security researchers say. "If
anyone is using WEP to keep anyone except their kid sister from
reading their mail, they're in trouble," says one researcher who
requested anonymity. "Even WPA-PSK with a weak passphrase is way
better then WEP."
Even more dangerous than an attacker eavesdropping or piggybacking on
your user's home WLAN is what Baylor calls the "evil twin" attack,
basically a phishing scheme that sends the machines to corrupted
servers posing as a trusted resource. All it takes is hacking into a
Linksys wireless router's DHCP setting, for instance.
"So if the user types in 'bankofamerica.com,' he's sent to a phishing
site" that looks exactly like the real one, Baylor says, and it's
totally transparent to the user.
"These attacks are simple to set up and get running," Baylor says.
"They are undetectable, so it's very likely these have been done."
In an evil twin attack, the hacker basically intercepts and redirects
the user to the fake site and steals his bank account or other
sensitive data, says Corey O'Donnell, vice president of marketing at
Authentium. (See Insecure at the Airport?) The hacker simply logs on
as the system admin of the wireless router, which is a no-brainer
when the user leaves it in the default setting.
"But home users are no less secure than other non-corporate
entities," O'Donnell says. "The vulnerabilities are greater when your
users are in a public space, and a hacker comes in and poses as a
falsified WiFi connection and steals your data."
How can you protect your home users, and ultimately your corporate
network?
Change passwords on wireless devices
Upgrade to the latest firmware
Turn off the default SSID (it advertises the WLAN)
Consider WPA2
Use authentication, such as 802.1X
Add a personal firewall to the WLAN end point
- Kelly Jackson Higgins, Senior Editor, Dark Reading
