Wi-Fi Security: Guarding Against Man in the Middle Attacks


People discuss the security issues surrounding Wi-Fi a lot and it is one of the primary stumbling blocks to widespread adoption. Most people who look into the problem fixate on WEP as the primary problem. In fact for small businesses and SOHO, its not really a big concern: cracking a 128-bit key with the volume of traffic a small network generates is going to take too long to be worth it in most cases. Large businesses ought to be using VPNs anyway. The larger security problems, from my perspective, are more subtle, like the man-in-the-middle attack. This picture shows the set up:

In this scenario, the bad guy sits out in the parking lot or in the adjacent suite with a powerful WAP attached to their computer. They also run a DHCP server. When someone in the corporate net brings their laptop in and boots up, their Wi-Fi card associates with the bad guy's WAP and gets an address. If they are connected to the corporate LAN through a wired connection, the bad guys now have access to a trusted host on your network. If they normally attach wirelessly, they've associated to the wrong device which can then present them with login screens and steal passwords. Either way, its an effective strategy, easy to exploit, and difficult to protect against.

The best protection in this case is not some high-tech gadget, but some very straightforward, workaday IT practices:

  1. Manage all devices, especially laptops, and ensure that any device with a wireless card is also running a personal firewall product. This isn't normally done because most people think of the firewall being on the edge of the network without realizing that every wireless device is potentially on the edge.
  2. Create policies about what is and isn't allowed. For example, in this case, if you don't have a wireless LAN at the workplace, create a policy that disallows wireless cards to be enabled on devices in the workplace.
  3. Educate users to the dangers and enlist their help. They can be on the look out for unusual events. They should also remove or disable wireless access cards if your corporate environment doesn't allow them whenever they're at work.
  4. Regularly scan for rogue signals. The devices necessary to do this aren't expensive and even unskilled workers like physical security personnel can conduct the survey for evaluation by experts later on.

Wi-Fi security isn't rocket science (just computer science) and its not impossible. Mostly it requires some upfront expertise and a realtively well-run IT shop to carry out the practices. Its a shame its gotten a bum rap because I'm a firm believer that its a real productivity booster in many cases.