Wireless Security: Is Your Data at Risk?

Last fall, federal prosecutors charged two young men with hacking into the network at a Lowe’s home improvement store in Southfield, Mich. They allegedly committed the crime while parked outside the store in a Pontiac Grand Prix.

The FBI says that in several visits over two weeks, the men used laptop computers with radio frequency communication cards to penetrate the store’s wireless network. From there, they entered the corporate-wide network, breaking into computers in several Lowe’s stores and at company headquarters. They altered computer programs, disabled computers at a Long Beach, Calif., store and intercepted credit card transactions.

Without the right security measures, something like this—or worse—could happen to you. If you send data over the air in your distribution center or other facility without adequate safeguards, you might as well hang out a sign declaring, “Come on in!” You’ve made your company an easy target for everyone from curious amateurs to industrial spies and cyber-saboteurs.

Logistics was one of the first industries to take advantage of wireless local area networks (LANs). Years before people started downloading email while sipping lattes at Starbuck’s, companies used wireless LANs in warehouses and similar facilities to provide real-time links between mobile data collection devices and logistics applications.

To some extent, corporate wireless systems have always been targets for mischief-makers. “Magazines are always publishing articles about being able to drive by XYZ Supermarket and change the LED banner sign that says, ‘Buy your Lotto tickets today’ to ‘Gandalf rules,'” says Ken Evans, vice president of marketing and product management at Fortress Technologies, a Tampa-based firm that develops security products for wireless networks.

But in the past, only a small percentage of hackers had the wherewithal to engage in this kind of tampering. “Now, any high school kid can download tools off the Internet and become very, very disruptive,” Evans says.

Wireless LANs are more vulnerable today, largely because the industry has developed interoperability standards. Back in the day, vendors sold proprietary hardware and software for wireless local area networking. Equipment was relatively expensive, and companies bought it mainly through specialized suppliers.

In 1997, the Institute of Electrical and Electronics Engineers (IEEE) introduced the first version of a standard for wireless LANs, called 802.11. Two versions of this standard are commonly known as “Wi-Fi.” Since Wi-Fi emerged, it has become a popular technology for providing untethered data communications.

Wireless Hot Spots

By setting up wireless “hot spots,” universities offer mobile connectivity to students, airports let travelers access the Internet, and businesses keep employees connected to their networks as they rove from office to conference room to factory floor. Anyone can buy a portable computer with a wireless communications card, or buy an access point to relay data over the air among devices in the office or home.

Logistics professionals “didn’t have a perceived security problem until wireless became mainstream. Now, anyone can buy an access point for $79 at Best Buy,” Evans says.

Wireless networks are vulnerable because they transmit data on radio signals, which pass through walls. Just as anyone with a scanner can eavesdrop on unscrambled police radio chatter, intruders with the right equipment can intercept wireless data transmissions in and around your facilities.

In a warehouse, for example, “cinder block walls will let a large percentage of RF through,” says a white paper on security for 802.11 wireless networks published by LXE, Atlanta. “The steel bay doors, if closed, will block some RF radiation, but if these doors are left open, as is often the case, then the network signal pours into the parking area unobstructed.”

While unauthorized people might find it hard to lurk undisturbed in the parking lot, determined eavesdroppers “will obtain a directional antenna that allows them to listen from anywhere within a quarter-mile radius that has a line of sight to the warehouse,” the paper says.

“If you don’t implement good security procedures, processes, and technologies, it’s equivalent to putting Ethernet ports outside the four walls of your corporate office building and making them accessible to anybody interested in plugging into your corporate network,” says David Baildon, global market leader, transportation and logistics solutions, Symbol Technologies, Holtsville, N.Y.

A wireless network might also be vulnerable because the operator doesn’t appreciate the potential threats. The biggest problem with security for wireless LANs today “is that it’s not being used,” says a white paper published by Intermec, Everett, Wash. Hackers can intercept data easily “because people just plug in the access point right out of the box and don’t change the default settings.”

For example, the security measures built into 802.11 equipment include Wired Equivalent Privacy (WEP), a protocol that encrypts data on the wireless network. To unscramble the encrypted data, a device on the network needs a special software “key.”

“People discovered early on that the WEP key that comes with an 802.11 device is so simple, hackers can figure it out easily,” says Dan Park, director of wireless management connectivity systems at Intermec. “If you removed all the factory defaults and put in a fairly extensive WEP key, then it became very difficult to break. But most people didn’t do that.”

Intrusions into wireless networks fall in three categories:

1. Thumbing a ride. Some people are looking for a hot spot to give them a free, high-speed connection to the Internet. Known as “war drivers,” most of these people have nothing against your company; they’re simply driving around looking for an RF signal so they can check a few web sites. While they won’t touch your data, the extra traffic on your site could slow your operation, Park says.

Some of these hitchhikers are far from benign. They could use your company’s network identity to launch spam or widespread denial-of-service attacks. “That can result in anything from the Internet Service Provider (ISP) shutting you down to the FBI knocking on your door,” says Evans.

2. Stopping traffic. Malicious hackers might try to knock your network out of service. Taking the microwave generator out of a microwave oven and turning it on where it interferes with the RF signal can bring a network down, though this sort of attack is rare, Park says. Hackers who penetrate the wireless network might also figure out passwords and use them to launch repeated login attempts, causing a massive data traffic jam.

“That is one weakness you protect against by using some of the new security features,” Park says.

Employees who use wireless computers or personal digital assistants (PDAs) that aren’t under the control of a system administrator can tie up the wireless network accidentally. “You may not think that you’re using wireless. But when you power up your laptop and wireless is running in the background, you’re causing disruption to the corporate network,” Evans says.

3. Spying and tampering. Like the men parked outside Lowe’s, hackers who penetrate your network can steal information about your company, products and customers, change that information or disable your software.

“We have within our network, data that’s important to our customers. We take the responsibility of protecting that information seriously,” says Jon Fieldman, vice president, enterprise integration and chief information officer at DSC Logistics, a third-party logistics provider that operates more than two dozen warehouses. DSC uses data collection equipment primarily from LXE and uses wireless networking technology from Cisco Systems.

Protecting customers’ data means two things, Fieldman says. “First, we do not want anyone to manipulate, delete, destroy, or change the data. Secondly, we don’t want anyone who is unauthorized to be able to see it.”

Just Beans?

It’s probably not a big deal if an industrial spy peering into your network learns that one of your workers has just picked 14 cases of lima beans. More often, though, hackers break into an RF network with bigger prizes in mind.

Hackers who penetrate the security measures in place on a wireless network can operate on that network just as though they were sitting at a desktop PC, says Hank Stephens, product manager for wireless infrastructure at LXE. “Potentially, they can do a lot of damage. Delete data, steal data. They could disable the network.”

“If I understand that you just sent 14 cases of lima beans, and I know all your security information, I can get into your network and look at other things besides lima beans,” Park says. “If I get access to your financial and inventory records, I can look at the price you charge for the beans, how many you sell in a year, and similar information.”

Once inside the network, spies can also obtain employee phone numbers, payroll data, confidential client information, details about intellectual property and more, says Baildon.

And if you ship not lima beans, but home entertainment systems, you have another worry. Sometimes organized rings of cargo thieves break into wireless networks to learn about upcoming shipments, warns John Sweitzer, director of industry marketing, transportation and logistics at Intermec. “That’s clearly a concern for high-value shippers.”

Once you understand the danger posed by threats to your wireless network, what can you do about it? First, you can take advantage of the authentication and encryption measures already built into the 802.11 standard.

Al Lovato, director of operations and technical services at DSC Logistics, says his company follows all of Cisco’s recommendations for configuring the security on its RF equipment. He advises other logistics professionals to heed their vendors’ instructions as well.

“Right now, many people just plug it in, and the defaults are no security at all. If you don’t take specific steps to establish those Cisco recommendations, or some type of other security on your wireless, you are generally wide open,” Lovato notes.

One technique for making the security in 802.11 more effective is to change the WEP key often. “If you put in a full WEP key and don’t use any factory defaults, you have to collect four million packets before you get enough information to break that key,” says Park. “So if after every three million packets you change that key, nobody will ever get in.”

Experts agree that the current 802.11 security standard needs improvement. Within the IEEE, a committee is currently working on a new standard, known as 802.11i. Because standard committees are notoriously slow in their work, and the market is eager for better security options, members of the wireless industry took matters into their own hands last year. A trade organization called the Wi-Fi Alliance published an interim standard called the Wi-Fi Protected Access (WPA).

WPA contains those portions of the not-yet-ratified 802.11i standard that are already in good working order. It doesn’t provide all the safeguards that 802.11i will, but it’s better than the earlier standard, Stephens says. Although it’s not rigorous enough to protect military networks or patient information in a medical institution, “in my opinion, the WPA product provides adequate security for the vast majority of corporations,” he says.

Stronger, Higher Walls

Organizations that need stronger security have further options. Fortress Technologies’ products, for example, are certified under a federal standard known as FIPS 140, which is mandated for networks that serve the Department of Defense (DoD) and other federal networks containing sensitive information.

As part of the DoD, the Defense Commissary Agency (DeCA) requires a FIPS 140-certified technology to secure the wireless networks in its 275 stores worldwide and its two warehouses in Germany. DeCA uses a variety of wireless handheld devices from Psion Teklogix and some wireless point-of-sale terminals from NCR.

While DeCA has always protected these networks, a few years ago it determined it needed to upgrade security, says Kendra Warren, director of technology and chief information officer at DeCA in Fort Lee, Va.

“As the use of wireless networks expanded, hackers and war drivers became more clever along the way. Subsequently, we had to find solutions that were far more fortified,” Warren says. “We needed a secure system built specifically for the rugged warehouse and retail environment.”

After an extensive evaluation, DeCA chose Fortress Technologies’ Air Fortress system. It completed worldwide deployment in June 2003.

Although federal government networks provide an obvious market for its technology, Fortress has been selling into other environments as well, such as David’s Bridal and MGM Mirage, which uses a wireless network to manage the flow of everything from food to playing cards among its Las Vegas hotels and casinos, Evans says. Beyond authentication and encryption software for the wireless network, companies can use other techniques to protect their data. One is to set up a firewall to segregate the wireless network from other corporate systems.

While this is a good approach, it’s also a tricky one, “because the people doing data collection in your warehouse probably need access to an application that’s on the corporate network,” Stephens says.

Using A Server

One solution to that problem is to load all transaction data from the wireless network onto a server. An application on the main network—say, an accounting system—could reach out to that server for data it needed, but traffic wouldn’t flow in the other direction.

“Nobody would ever be able to log into the accounting system from the outside,” says Park.

A company can further protect its wireless network by implementing virtual private networks (VPNs). A VPN establishes an exclusive connection between two machines that are communicating over a public network. It’s sort of an “electronic tunnel” that safeguards the data passing through it, says Yangmin Shen, director of technical marketing in Symbol Technologies’ wireless infrastructure division.

“The VPN approach is a good one, provided you can find the client drivers” for all the devices operating on the network, including computers with old operating systems. “In our case, we do offer drivers clear down to the legacy DOS machines,” he says.

The installed base of wireless devices can pose other challenges as well. Because it purchased its handheld computers and point-of-sale systems over the course of many years, DeCA’s devices incorporate many different versions of their developers’ proprietary software, and some of it runs under the DOS operating system. In many devices this “firmware” took up so much memory, there was no room left to add the code for security functions, Warren says.

Developers from Psion Teklogix and NCR worked with their counterparts at Fortress to make changes that allowed them to pack in all the necessary code, and do it in a unique way for each type of end-user device.

How can a company make sure it implements the security technology that best fits its needs? Start by taking stock of your particular situation. How valuable is your data? What risks would you run if someone broke into your network? Do you require a free flow of information between the wireless and wired environment, or can you afford to segregate your wireless network?

“Every enterprise will have its own evaluation of what the threats are, and their tolerances for each different vulnerability,” as well as how much effort they can afford to put into solving the problem,” Stephens says.

When considering the cost of a security implementation, it’s important to remember that it involves more than just the price tag on the software, says Park. A FIPS 140-certified system might require additional hardware as well. And the IT department will have to devote resources to managing any security system.

If you buy all your equipment from a single vendor, “it’s probably easier to supply security enterprise-wide than if you mix and match vendors for your basic wireless access points and infrastructure,” Lovato advises.

Single-Vendor Solution

Sticking with one vendor, you can take advantage of any new security features that company adds to its products, months before they’re adopted as standards throughout the industry. Also, “a single-vendor solution is much easier to administer and manage across the board,” he explains.

If you already have equipment from more than one vendor, or you have a mix of old and new end-user devices, you might need to deploy a combination of approaches to accommodate them all, says Shen. At the same time, you have to make sure none of those techniques impedes the mobility of these devices on the network.

For example, as a user roams from one access point to another, devices that use a technology called IP Secure (IPSEC) to establish a VPN tend to disconnect from the network, he says. This could make IPSEC a poor choice for use in a warehouse.

An organization deploying a security solution should keep in mind that 802.11 encryption standards are evolutionary, Warren says. “As fast as you can find a way to secure your wireless environment, someone has figured out a way to hack it. So this is not something that you do once, then put on a shelf and not pay attention to for three or five years.”

IT professionals can follow the latest developments by reading information security publications, but it’s just as important to monitor hackers’ publications, web pages and chat rooms, she says.

It’s also important for organizations that deploy wireless networks to share their experiences, Warren says. “There’s always a reluctance to say, ‘Someone got into my network,’ or, ‘We noticed a vulnerability.’

“But if industry will share their experiences in broader forums, everybody benefits. Practices will then become easier to insert, and partnering opportunities to reduce the cost or improve the quality of the solution will become well within the reach of even small groups.”