Closing wireless backdoors

Wireless LAN analyzers detect rogue users and devices

The emergence of wireless networking has spawned the growth of rogue users and devices that can cause serious security breaches if they are not tracked down and disconnected.

With the majority of laptop computers now being shipped with wireless access cards and the growth of Wi-Fi hot spots beaming wireless signals, many agency officials may unknowingly have unauthorized users and nonsanctioned radio signal broadcasts in their buildings that can endanger the security of agency networks.

To purge rogue users from their ranks, many agencies are using technology designed to scan wireless networks for unauthorized users or those not conforming to agency wireless security policies. They can also identify wireless signals bleeding in or out of the building.

A June report by the Homeland Security Department's inspector general, for example, found that DHS lacked the ability to prevent unauthorized users from connecting to its networks because unauthorized wireless devices were broadcasting beyond agency facilities to public roads and private residences.

"As soon as you deploy a single wireless device — a [personal digital assistant], a laptop or an access pointyou now have opened a backdoor to your corporate security," said Anil Khatod, president and chief executive officer of AirDefense Inc., which markets technology for monitoring wireless local-area networks (WLANs). "The wireless signal bypasses the physical security of the four wallsand it bypasses the firewall. Now you have an invitation for anyone who is roaming around near the building to get access to your corporate network."

AirDefense is among a growing number of WLAN analyzer vendors — including AirMagnet Inc., WildPackets Inc., Fluke Networks Inc. and Network Instruments LLC — targeting the federal government market. WLAN analyzers usually consist of 802.11 network cards in laptop computers for software-based analyzers or handheld devices for hardware-based analyzers. The handheld analyzers usually are built using Hewlett-Packard Co. iPaq Pocket PCs or tablet PCs.

The Defense Department's Joint Forces Command Joint Experimentation Directorate in Suffolk, Va., uses AirDefense's monitoring tools to identify unauthorized wireless devices being brought into buildings, often by contractors providing product demonstrations, said Derek Krein, security and wireless engineer at the directorate.

"We use AirDefense to give us a general spot of where they are and a PDA to track them down," he said.

The technology also allows directorate officials to monitor the range of the wireless signal broadcast from access points, Krein added. The wireless access points have been strategically placed in the center of the building with the signal tuned so connectivity to the wireless network is severed when a user leaves the building.

Many WLAN analyzer vendors offer distributed solutions featuring sensors or probes that can be placed near access points to detect intruders and attacks, monitor the throughput of access points, detect interference with the wireless signal and enforce agency security policies.

For example, AirMagnet's distributed WLAN security solution identifies rogue devices and sends packets telling the unauthorized machine to drop its connection, but it also features more than 100 alarms that detect other potential security problems such as attempted intrusions. In addition, once a problem is identified, users can get advice on how to eliminate security vulnerabilities.

"When you fire up our software, it will tell you in 30 to 60 seconds all the security vulnerabilities nearby and what you should do about [them]," said Rich Mironov, AirMagnet's vice president of marketing. "Rather than having some cryptic instruction to check an access point's configuration, it will explain what type of access point you have, that the default security setting is enabled and why you should change it."

AirMagnet also offers software and a network card to run on a handheld device using the Pocket PC operating system. Those tools allows field technicians to walk through an agency to scan the airwaves for unauthorized users or those not following security policies, Mironov added. The device, used by the U.S. Supreme Court, will display the IP addresses of unauthorized devices.

Officials at the Naval Postgraduate School in Monterey, Calif., have chosen AirMagnet's technology to secure and monitor their WLAN and survey wireless networks from unmanned aircraft.

Lt. Cmdr. Joe Roth, an instructor at the school, used a handheld analyzer to note the number of rogue wireless devices on campus before the technology was officially sanctioned. Now Roth uses AirMagnet's visualization tools to provide an overall picture of the security and performance of the campus WLAN.

"These visualization tools don't exist on most products and with access points themselves," Roth said. "Sometimes more is less, and when you start putting too many access points on one channel, it is helpful to visually see the conflicts. Tools like this help you manage and explain to senior leadershiphere is a list of people who are not complying" with security policies.

Within its WLAN monitoring solution, WildPackets also offers visualization tools designed to help agencies monitor wireless networks. Its AiroPeek NX features packet stream analytics, with the analyzer accumulating data packets to monitor traffic being exchanged on the network. As a result, agencies can identify data that is being sent without being encrypted or track down the root of a performance problem, said Dovid Coplon, WildPackets' product marketing manager.

"If the Web server is having a slow response time...if you only looked at one packet, you wouldn't be able to gauge that," Coplon said. "Our expert is able to see the request and the responses and able to report to the user there is a slow response time that needs to be addressed."

In a new product release scheduled for the fall, WildPackets officials plans to add support for radio frequency spectrum analysis with a new hardware chip that measures such signals. Many analyzers offer signal strength indicators, but different card manufacturers have varying ways of measuring the signal, Coplon said. The new chip will allow users to more accurately track sources of signal interference — such as microwave ovens and fax machines.

Havenstein is a freelance writer based in Cary, N.C.

THE PAYBACK

Many products that analyze wireless local-area networks (WLANs) are evolving into wireless network management tools that provide the obvious benefits of eradicating unauthorized users and signal bleeds. But the devices also perform advanced troubleshooting to ensure that wireless productivity gains are not overshadowed by network maintenance.

For example, analyzers give agency officials the ability to ensure that access points are being placed in the right locations and are functioning properly. They can also monitor the WLAN€s usage levels.

"Because the technology is designed to find anything that is available, you can easily see where all the potential connections are and what kind they are," said John Parkinson, vice president and chief technologist for the Americas region of Capgemini. "There's only so much spectrum available, and the more access points you put in, the more potential there is that they will step on each other. Because you€ve only got a limited amount of bandwidth...you really need to know how much people are really using the wireless infrastructure so you can maintain service levels."

— Heather H. Havenstein

NEXT STORY: Agencies get out of the box