How to watch out for wireless rogues

Twenty years ago, employees starting sneaking PCs into the office, under the radar of mainframe-oriented IT departments.

Now, tens of thousands of unauthorized wireless LAN hardware devices called access points (AP) have popped up in enterprise networks, according to analysts, vendors and users. The majority of these rogue APs are being brought in through the back door without the IT unit’s knowledge. They’re installed by employees who crave mobility and don’t mind spending US$200 or less for a wireless AP.

It’s “a classic example of technology bypassing corporate IT,” says Dave Bray, director of network technology at ADC Telecommunications Inc. in Eden Prairie, Minn. But the proliferation of unauthorized APs is a far more serious threat than the standalone PCs that were brought in 20 years ago, he says.

These industry-standard 802.11b, or Wi-Fi, devices are plugged directly into an enterprise network, often behind a firewall. They transmit sensitive data that can be easily picked up by a snoop using freeware hacking tools and a US$99 wireless LAN card while sitting in an office parking lot.

Sophisticated hackers don’t even need to be near the premises to pick up a signal. Using long-range antennas – either commercial products or home-brew devices crafted from, say, Pringles potato-chip cans or coffee cans – they can pick up 802.11b signals from 1,000 to 2,000 feet away.

These serious hackers could be exploiting what analysts call “malicious” APs that are secretly installed in an Ethernet network by people who have easy access to property, such as maintenance personnel. Thor Sigvaldson, director of the advanced technology group at PwC Consulting in New York, says it’s an easy form of industrial espionage. “You just stick one [wireless AP] into a network. It doesn’t even need maintenance,” he says.

Sigvaldson estimates that any U.S. enterprise, branch office, plant or store with more than 50 employees probably has one or more rogue APs.

Bray says IT managers should adopt policies that welcome the wireless LAN technology but protect networks at the same time.

“We don’t want to inhibit the technology, but we do want it installed in a secure fashion,” he says. “We now have a policy against installing wireless LANs without corporate IT approval.”

IT managers also have to engage in a time-consuming wireless AP “discovery process” to hunt down unauthorized installations, says Bray.

ADC initially sent staffers to walk around the company’s 100-plus facilities worldwide with wireless LAN-equipped laptops and “sniffer” software to detect rogue APs. The staffers found an unspecified number of rogue APs in manufacturing facilities, but none in office operations, Bray says.

Vendors take various approaches to automating this process. AirDefense Inc. in Alpharetta, Ga., provides a suite of tools that make it easy to pinpoint the electronic signatures of the majority of wireless LAN APs and access cards on the market. The AirDefense tool set includes sniffers that can detect 802.11b transmissions, so that signatures of unknown APs can be compared to a database of authorized gear.

Finisar Corp. in Sunnyvale, Calif., recently introduced a wireless LAN spectrum analyzer that can help pinpoint unauthorized APs. IBM Corp. last month introduced the Distributed Wireless Security Auditor, which uses authorized wireless clients as sensors to detect rogue APs.

The Sniffer, from Network Associates Inc. in Santa Clara, Calif., works from the wired side of the network, using tools such as Simple Network Management Protocol to determine the IP address of all wireless devices.

Securing wireless LANs against rogue APs and hackers can be costly, says Chris Kozup, an analyst at Meta Group Inc. in Stamford, Conn.

“The cost of truly securing a wireless LAN will run anywhere from 10 per cent to 100 per cent of the hardware cost,” Kozup says. “Once we walk customers through this, they sometimes decide wireless is too expensive.”