InfoSecurity India's First Magazine on Comprehensive IT Security
Menu Bar
InfoSecurity June 2010
Cover Story
Is Wireless (In)Security Affecting the Indian Digital Nervous System?

Like it or not, Wireless technologies such as Wi-Fi are here to stay. However, Wi-Fi introduces new security challenges which, if not addressed thoroughly, can affect the digital nervous system of any organization, or even, a country. This article examines the current wireless security posture, challenges and recommended solutions in the context of Indian IT space.

Wireless has already made its presence felt in major Indian metros, enterprises, educational institutions, homes and even, government. Further, there have been multiple initiatives, to take technologies such as Wi-Fi to rural India. Increased productivity, unlicensed band and the relatively low-cost are the key enabling factors for wireless proliferation. Although this is a great development per se, improper wireless deployment comes associated with a heavy cost – security. Due to their very nature, wireless signals can not be controlled by physical boundaries such as building walls and doors – they can spill outside into streets and parking lots. Hence, they can potentially be exploited by attackers for unauthorized purposes. An incident related to the inhuman terror attacks (2008) on India is a testimony to this fact. People claiming to be from one of the terror outfits advertised their terror act using insecure Wi-Fi infrastructure of a university. As one can expect, it was not possible to trace the actual people that sent the mail, but, the innocent university came under some bad press.

State of Wireless Deployments in India

So, is Wi-Fi proliferation increasing the security risk to the Indian digital nervous system in general? To answer this question, let us look at sample results from a survey that was conducted by a leading Indian wireless security company in 2009. Figure 1 represents results from an over-the-air scan performed in 3 major Indian cities (year 2009) – Mumbai, Pune & Bengaluru. The scan included various portions of the cities and covered areas with high-tech establishments, high-end restaurants/cafes and residential locations.

From the results, the good news is that there are certain APs with strong cryptographic security configuration – WPA/WPA2. WPA2 is the strongest available Wireless LAN (WLAN) security framework today. It uses IEEE 802.1X based authentication. 802.1X is just a bearer and supports a wide range of authentication schemes such as Transport Layer Security (TLS), Tunneled Transport Layer Security (TTLS), Protected Extensible Authentication Protocol (PEAP), Microsoft Challenge-Handshake Authentication Protocol Version 2 (MSCHAPv2), Generic Token Card (GTC) and Subscriber Identity Module (SIM). WPA2 uses CCMP (Counter mode with Cipher block chaining Message authentication code Protocol) encryption which is based on the Advanced Encryption Standard (AES) algorithm. Unauthorized users cannot connect to such WPA2 APs. Similarly, traffic from such WPA2 based APs cannot be decoded by a 3rd party.

However, the bad news is that only a small percentage (e.g., as low as 18%, Mumbai) of APs support WPA or WPA2 in all the 3 considered cities. A large portion of the deployments (e.g., 82% in Mumbai) support completely insecure configurations such as “Open” or WEP. Such insecure wireless devices can be exploited by an attacker in multiple ways as mentioned below.

  1. IIT Madras Wireless Project http://www.tenet.res.in/Activities/Products/doc/802.11b/index.php

  2. IIT Kanpur DGP http://www.cse.iitk.ac.in/users/braman/dgp.html

  3. Khalsa college terror email http://www.expressindia.com/latest-news/Latest-terror-email-sent-from-WiFi-at-Khalsa-College/352813/

  4. 802.1X authentication schemes http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol

An unauthorized user can passively sniff all traffic via such an “Open” AP. Tools such as Ethereal are freely available on the Internet for this purpose. He can potentially access sensitive information such as usernames and passwords. Further, an unauthorized user can connect and communicate with such an AP. He can try to access your wired network resources (e.g., servers, routers) via the same. Alternately, he can disrupt your wired network by launching attacks such as ARP (Address Resolution Protocol) poisoning and DHCP (Dynamic Host Configuration Protocol) spoofing. Worse, he can exploit this connection for initiating illegitimate communication (e.g., Email or Web) – which seems to be the case with the university incident mentioned in the beginning of this article. If you are using Wired Equivalent Privacy (WEP), you are no better off. WEP was, is and will remain broken. WEP uses a single shared secret (key) for AP and all of its clients. WEP authentication can be circumvented very easily. An attacker needs to monitor certain packets of a successful authentication (i.e., sniff some packets). Once he does this, he can construct packet sequences using which he can trick the AP to successfully authenticate him. On the encryption side, multiple attacks (e.g., KoreK, PTW) can be used to crack the WEP encryption key. The public domain tool Aircrack implements several of these attacks. Using such tools, even novice attackers can sniff wireless traffic and crack WEP keys in minutes. Once the key is cracked, WEP is rendered completely useless and all the attacks mentioned above against an Open AP are easy.

Given the large percentage of Open and WEP APs detected in our survey, it is clear that wireless insecurity is a pertinent threat to Indian IT scenario.

Key challenges in improving the Indian wireless security posture

Now, let us look at what are the key challenges involved in improving the wireless security posture in India? As with any other country, the foremost challenge is to create an awareness related to the security risks of wireless. People seem to have a reasonably good understanding of security threats originating from the wired world – the big-bad Internet, worms and viruses, spam mails and phishing. However, given the relatively new nature of wireless, people are yet to clearly understand that wireless can lead to leakage of sensitive information. The second challenge is related to the lack of control in Wi-Fi deployment in any deployment (e.g., enterprise, education). Our scan results clearly show multiple instances where “Open” Wi-Fi devices have been deployed by users in an adhoc manner (e.g., APs that advertise a student or a professor’s name in their Service Set Identifiers (SSID)). Such insecure APs are mostly deployed without the knowledge or consent of the network administrator and this is a huge problem. The third challenge is related to the lack of familiarity of tools to combat wireless security issues. In the wired security world, technologies such as firewalls and intrusion detection systems have become the norm. However, unfortunately, it is not the case yet in the wireless world. There is still a lot of confusion as to how to deal with wireless specific threats.

Possible steps to improve Indian wireless security posture

What steps can be taken to overcome the above challenges and mitigate the wireless security risks? Like it or not, Wi-Fi is here to stay. Banning Wi-Fi is not going to work. The intentions behind the recent (year 2009) announcement from the Indian Ministry of Home Affairs (MHA) to ban Wi-Fi in key government establishments may be good. However, in a vast and diverse country such as India, ban is definitely not practical. Wi-Fi security risks need to be acknowledged and fought. Educating network security folks and users on wireless security issues will be a good first step in this direction. Indian police and federal government have taken some good initiatives in this direction – e.g., creating a public awareness program, asking the ISPs to tighten the security in Wi-Fi hotspots. Second, mandate the use of wireless security best practices in your organization. Examples include changing default SSIDs & passwords, keeping AP/client firmware up to date, use of VPN for remote users. Third, periodic wireless scans/audits to ascertain the security posture of airspace is definitely required. This will help isolate any unauthorized wireless activity in your premises. Finally, consider the deployment of automated tools such as wireless intrusion detection and prevention systems to provide 24x7 monitoring and protection of your premises.

  1. Wireless Security Myths 2010, June 2010, Network World http://www.networkworld.com/news/tech/2010/062110-tech-update.html?page=2

Figure – 1

Brief Bio: K N Gopinath (Gopi) has more than 12 years of experience that spans across multiple domains – systems, networks and security. He is an acknowledged expert in the Wi-Fi domain and educates technical community about network security issues. He is an author and a speaker. Gopi holds several patents to his credit, has published technical papers and popular online tutorials.

  1. Securing Wi-Fi in India http://www.networkworld.com/news/2008/091708-india-wants-to-secure-wi-fi.html

  2. Wireless Security Best Practices http://www.airtightnetworks.com/fileadmin/pdf/resources/WiFi_Security_Best_Practices.pdf

—By: Gopinath K N, Director, Engineering, AirTight Networks, Gopinath.kn@airtightnetworks.com


Home   |   Current Issue   |   Archives   |   Subscription   |   Advertisement   |   Contacts

© 2006-07 'InfoSecurity' magazine. All rights reserved.
Website designed, developed and maintained by Fanatic Media