Securing Ad-Hoc WLANs

Wireless LAN security has come a long way in the past few years. 802.11’s initial, flawed encryption standard, WEP, has been replaced by WPA and 802.11i, and a slew of new wireless security products have recently entered the market.

The problem is that most of these products, such as WLAN switches and rogue access point (AP) monitors, target the large enterprise market, while the majority of new wireless users actually fall into the SOHO (small office, home office) category.

For the enterprise, this category also includes employees who set up unofficial APs in their offices, and remote branch and regional offices who take it upon themselves to go wireless.

According to market-research firm Synergy Research Group, the SOHO/Home WLAN segment represents more than 57% of the total WLAN market. Likewise, the Dell’Oro Group notes that the SOHO WLAN shipments are expanding at a year-over-year rate of 73%.

Clearly, there is a disconnect here.

“Despite the fact that there are seven million or so business with 250 or fewer employees, WLAN security vendors are still ignoring the SMB and SOHO markets, said Mike Klein, CEO of Interlink Networks, a provider of WLAN security products for small businesses.

“Because of this many of the resellers we talk to advise small businesses to avoid wireless altogether. With limited IT resources, small businesses don’t have the resources to secure and manage wireless deployments.” And neither do your employees.

Interlink Networks believes it has the answer to this problem, offering automated security software that is meant to abstract the many security configuration features that typically trip up non-technical users. But what about technically savvy SOHO users? Can’t they secure their own small wireless deployments?

“Perhaps,” Klein said, “but managing a user base is an issue. For instance, if an employee leaves your company and you’re using an encryption scheme with pre-shared keys (such as WEP or WPA), then you have to manually re-key all of your client devices. Who has time for that?”

Conversely, companies can opt for something like RADIUS authentication, but that usually falls beyond the means and technical capabilities of SOHO and casual users.

Five Sparrows, a marketing and Web development company in Michigan, attempted to manage user authentication with Microsoft PEAP and a RADIUS server but balked at managing RADIUS across the company’s three different locations. Instead they chose to rely on RADIUS authentication for the central network and WEP for the others.

“I knew WEP was not strong protection,” said VP of Product Development, Don Holland, who has significant experience with wireless security, “so we strictly enforced a process of keeping all sensitive data at our central location.

“The other sites weren’t as secure, but with the complexity and equipment requirements of a RADIUS solution, even with my experience I didn’t want to implement that three times. It just wasn’t worth the effort.”

Holland notes that RADIUS requires the coordination of numerous network and client devices and the management of hundreds of configuration decisions. Thus making it unworkable for non-experts.

However, aren’t small-business networks at less risk than large enterprises? A big company is obviously a hacker target, but who bothers with SMB networks?

“You’d be surprised,” Klein said. “Check out a war-driving site like, and you’ll see that they add about 100,000 new wireless networks a month. If your network is listed, do you want to risk having minimal security?” often posts more than a network’s location, often including access point SSIDs (or network names) as well.

“If those SSIDs are factory presets, then your password is probably a default as well, and just about anyone can figure out how to get on your network,” said Rich Mironov, VP of Marketing for AirMagnet, a provider of WLAN security, scanning, and troubleshooting products.

Mironov argues that configuration failures are the No.1 issue facing small and large businesses alike. Besides leaving SSIDs and password set at their defaults, encryption is usually turned off when APs ship. Small business owners and your employees don’t always have the savvy to realize that they need to turn the encryption on.

Besides the access points, user’s client devices must be configured properly as well. “If you have an employee who travels, he could return to the office with his laptop set in ad-hoc mode,” Mironov said.

In other words, that client device is now essentially a rogue AP and susceptible to hacking.

“Beyond acting as a rogue AP, ad-hoc mode essentially turns your laptop into server,” he added, “giving intruders unfettered access to your hard drive if you don’t have a personal firewall.”

Mironov offered several tips for securing a SOHO WLAN. The first step is the most basic: changing the factory default settings. Hackers and war-drivers know all of these defaults, and when they see a common SSID, then they’ll also know the password to enter your network.

The other major points that Mironov stressed were choosing an encryption standard, such as WEP or WPA, and making sure all of your employees’ laptops have personal firewalls on them.

Savvy networking professionals will balk at even the mention of WEP, an easily cracked encryption standard, but Mironov stressed that weak encryption is better than none at all.

“If a hacker is sitting in the parking lot of an office suite and intercepting wireless signals, he’ll home in on the least secured networks,” Mironov said.

Six Steps for Securing SOHO WLANs:

  • Change default AP settings.
  • Pick an encryption standard.
  • Repetitively remind the people in company to not bring in their own wireless gear.
  • Help employees configure their laptops correctly (and reconfigure those laptops for employees who travel).
  • Make sure everyone has a personal firewall.
  • Periodically scan and audit your WLAN.
  • Most of these steps sound basic, but it’s the simple things that tend to be overlook when it comes to wireless security.

    “Those of us immersed in wireless security know the risks that rogue access points pose, but does your CFO know this?” Mironov asked. “What happens when he buys his own access point and connects it to your network?”

    The answer? Your security has been broken.