Wireless Security Wars
The Defense Commissary Agency (DeCA) within the Department of Defense (DoD) uses 802.11 wireless technology to manage business in 270 grocery stores on U.S. military bases in 17 countries. At the same time, the agency is waging a war to defeat electronic intruders.
Store personnel use wireless devices to receive, inventory, store and order goods. “Wireless technology enables us to manage store operations efficiently,” says Kendra S. Warren, DeCA’s chief information officer and director of information technology.
But wireless networks also threaten security. Anyone with a computer or handheld device capable of wireless communications can log onto an unsecured wireless network.
DeCA has always employed basic security techniques, such as password protection and encryption, to prevent intrusions. In 2002, the agency upgraded to a third level of protection provided by AirDefense Inc., Atlanta, with a system that pinpoints intrusion attempts and disables them.
In evaluating a half dozen intrusion protection products, DeCA considered DoD standards, compatibility with DeCA infrastructure and scalability — the ability to grow along with wireless installations. “The wireless systems we were using in 2002 were a fraction of what we are using today. And we’ll soon have even more wireless components,” Warren says.
Most importantly, DeCA sought suppliers that could handle the research and development costs necessary to keep wireless security ahead of intruders. “You need continuous technological evolution,” Warren says.
Wireless systems provide wireless access points or antennas that authorized devices use to log onto networks. Hackers also use access points to attempt intrusions.
In many organizations, a shocking number of access points have not been equipped with basic security, often because no one knows about them. Recently, for example, Spencer Parker, a product line manager with AirDefense, demonstrated the company’s technology to a potential customer. The customer did not see the point since company policy had banned wireless networks. “We don’t have any wireless access points,” the customer said.
For the sake of argument, Parker scanned the company’s system with AirDefense and found 150 unsecured, rogue access points. Turns out, 150 new wireless printers had been plugged into the company network. “The printers were unsecured access points,” Parker says.
No one blundered. The company did not order wireless printers. The manufacturer had provided them free, as a way of cementing the business relationship. But no one noticed.
Wireless access points often pop up unexpectedly. Employees, in an effort to do a better job, sometimes set them up. No matter how they get into a network, unsecured access points compromise wireless security by affording access to people with malicious intent.
Hackers also have techniques to compromise access points controlled by passwords. Upon finding a password-protected access point, a hacker may, for example, mount a dictionary attack and fire all the words in a dictionary at the node, hoping that one will unlock the door.
To battle innocent and malicious security breaches, AirDefense uses a network of sensors to record activity at wireless access points. “The sensors gather information and pass it to a server with software that can make sense of it,” Parker says. “AirDefense identifies unauthorized access points and detects attempts to gain unauthorized access. The system uses wireless jamming techniques to remove the threats.”
DeCA has equipped its worldwide network with 2,700 sensors. “We frequently find unauthorized devices trying to connect to our network,” Warren says. “We track this activity. If an intrusion is internal, we work the issue here. In the case of external hackers, we advise an investigative group that can find the IP address of the intruding machine. We take any attempt at unauthorized access seriously.”
Since installing AirDefense, Warren estimates that thousands of unauthorized access attempts have been foiled. Actual intrusions number in the single digits. DeCA is winning the war for wireless security and preserving the business benefits of its wireless network.