NAI sheds light on wireless vulnerability

Corporations have a long road ahead of them in terms of network security, according to Network Associates Inc., and the company warns that extra attention needs to be paid to wireless networks in particular.

During a roundtable discussion last month at the Showcase Ontario trade show in Toronto, NAI representatives exposed network vulnerabilities and displayed the relative simplicity of gaining access to networks – wireless networks in particular.

“People want the flexibility to be able to take their machines into a boardroom,” said Gus Malezis, vice-president of sales for NAI. “What they have failed to do is tell IT departments what they are doing. Instead they run into Future Shop, buy a little access point; plug it in and roam. Information security goes right out the window.”

Mark McArdle, vice-president for PGP Engineering, a division of NAI, and other PGP engineers demonstrated to showgoers that by using simple tools, finding wireless access points within the show floor took no more than 20 minutes. Although McArdle admitted that network conditions were likely temporary during the trade show, his team was nevertheless able to find network holes.

“(To gain access) all you need is a notebook and a very effective tool that will do decodes on all protocols, such as the Wireless Sniffer from Network Associates,” he said. “The same tool that is used to manage networks gives visibility into all the wireless traffic as well. If you are a wandering hacker and you don’t want to have to worry about paying for network bandwidth, (using those devices) you can just look where (there seems to be) a pretty good concentration in any given area and pick a hotel that is close to that.”

McArdle added that there is awareness, but also a casual dismissal of wireless network security, something that he said is a big concern.

“A lot of data now has the potential to be compromised,” McArdle said. “This is a pretty serious situation. We tell our customers that if we are able to do it, it’s not going to take much more for a hacker to get into your network.”

In the wired world, bugs like Melissa, Love Letter, and Code Red are likely household names now to many unlucky and unsuspecting Internet users who were infected by these aforementioned viruses throughout the last two years.

According to Vincent Gullotto, senior director for McAfee AVERT (Anti-Virus Emergency Response Team), another division of NAI, the virus numbers seen in previous years appear to be slightly diminishing. Gullotto cited a slowdown in the writing of macro viruses as being a related cause of the virus decrease. Macro viruses are viruses that are encoded as a macro embedded in a document. Applications such as Microsoft Word and Excel support powerful macro languages and allow a hacker to embed a macro in a document and have the macro execute each time the document is opened.

“Most of (the viruses) we are seeing today are Windows 92 infectors, Windows 95 infectors or some type of Trojan or worm or what we call a cocktail,” Gullotto said. “You could have a virus cocktail of choice depending on what the virus writer is into that day. We estimate tens of thousands of backdoor Trojans out in the world today. In many cases they are not being used because the PCs are not being found. That is going to probably change as we see the numbers in broadband (usage) begin to go up.”

Gullotto added that end users sitting at home will likely be the ones affected by this. He said that if users of broadband – cable and DSL – do not have adequate security or do not thoroughly understand their security features, at the end of every session users should immediately shut down their machines. Gullotto said that while computers remain idle, there is a good chance that a hacker can gain access to the machine and plant a zombie, which can then be controlled by a master PC in another location. Zombies can also create subtle denial of service (DoS) attacks every time the machine is booted up.

“What we have seen through history is that viruses that make a big splash have a tendency to do damage quickly,” he said. “Melissa did it, Love Letter did it and Code Red did it. Other viruses that have strength, meaning they can live for a long time, are the ones that don’t get too much attention until we raise the alert awareness or somebody gets infected.”