Sunday, October 7, 2007

Wireless Security Threats

What are the threats that we face today with regards to wireless networks? An informative list has been compiled by the National Institute of Standards and Technology as part of their documentation on Wireless Security. Hereunder is an extract from that document.
To date, the list below includes some of the more salient threats and vulnerabilities of wireless systems:
All the vulnerabilities that exist in a conventional wired network apply to wireless technologies.
Malicious entities may gain unauthorized access to an agency’s computer or voice (IP telephony) network through wireless connections, potentially bypassing any firewall protections.
Sensitive information that is not encrypted (or that is encrypted with poor cryptographic techniques) and that is transmitted between two wireless devices may be intercepted and disclosed.
Denial of service (DoS) attacks may be directed at wireless connections or devices.
Malicious entities may steal the identity of legitimate users and masquerade them on internal or external corporate networks.
Sensitive data may be corrupted during improper synchronization.
Malicious entities may be able to violate the privacy of legitimate users and be able to track their physical movements.
Malicious entities may deploy unauthorized equipment (e.g., client devices and access points) to surreptitiously gain access to sensitive information.
Handheld devices are easily stolen and can reveal sensitive information.
Data may be extracted without detection from improperly configured devices.
Viruses or other malicious code may corrupt data on a wireless device and be subsequently introduced to a wired network connection.
Malicious entities may, through wireless connections, connect to other agencies for the purposes of launching attacks and concealing their activity.
Interlopers, from inside or out, may be able to gain connectivity to network management controls and thereby disable or disrupt operations.
Malicious entities may use a third party, un-trusted wireless network services to gain access to an agency’s network resources.
Internal attacks may be possible via ad hoc transmissions.
As with wired networks, agency officials need to be aware of liability issues for the loss of sensitive information or for any attacks launched from a compromised network.~ Source: NIST, United States of America
As you can see, there are vulnerabilities on all levels, some of which wouldn’t normally come to mind, so we must be prepared for the worst and not take anything for granted. One prime example would be, with reference to the above point about how handheld devices are easy stolen - we can take the simple preventative measures to combat such a threat. Don’t carry round highly sensitive information on your portable device; only take what is absolutely necessary. Leave other data on the corporate or home network, or on a removable storage media. Also, if available, enable the auto lock feature (with a password) and add a PIN number to the device; so that when you switch it on, you will have to enter a Personal Identification Number before it starts up.

No comments: