When Motorola March 12 publicly announced its 802.11n initiative and rolled out equipment for enterprise customers, this meant all of the biggest names in the wireless LAN space in terms of market share were now offering the products based on the draft standard.
This blanket availability shows that these companies have paid heed to their customers’ hunger for 802.11n’s improvements in throughput, coverage area and client density performance.
However, these hungry customers should also save a little room for security. The 802.11n threat and protection landscapes have not yet evolved at the pace set by the access market, and there are current problems to be solved as well as the potential for greater issues down the road to which customers should pay attention.
Everyone with whom I have spoken agrees there are no known vulnerabilities or attacks specific to 802.11n now, and one school of thought is there won’t be the kind of vulnerabilities we’ve seen in the past. For example, there were no new 802.11a vulnerabilities when that specification first came to market.
However, Amit Sinha, CTO for wireless intrusion prevention vendor AirDefense, said 802.11n adds enough layer of complexity to the wireless MAC and PHY so that there may be opportunities for attack down the road.
Sinha said, “802.11n does significantly complicate the MAC layer with the inclusion of mechanisms such as block acknowledgements and spoofed duration fields that could be exploit candidates. 802.11a did not change the MAC or the basic OFDM modulation used in the physical layer. The physical layer of 802.11n is also dramatically different. The inclusion of 40MHz modes and complex legacy protection mechanisms will lend itself to slightly modified denial-of-service attacks that at the very least could cripple the sought-after benefits of 802.11n.”
Rogue Access Points Problematic
However, for now, the near-term security problems with 802.11n implementations will be a cream-and-clear amplified version of those that wireless administrators have been battling for years.
For instance, the problem of employees installing rogue access points could again become a bone of contention. It will be increasingly difficult to buy a laptop without an integrated 802.11n-capable network adapter during the next few years, so even if a company stalls on moving the infrastructure to 802.11n, enterprising users may instead decide to put their client connection to work by installing a cheap consumer-grade 802.11n access point on the corporate network.
In addition, with 802.11n’s significantly improved range performance, network administrators will need to rethink the edges of their Wi-Fi deployment (or an 802.11n rogue for that matter). Whereas an older 802.11 a/b/g network may have extended usefully only to the middle of the parking lot, an 802.11n-enabled network may extend across the street and into another building. Leveraging a modern wireless privacy standard like WPA2 [Wi-Fi Protected Access 2] will therefore be an absolute must moving forward with 802.11n to keep out both the bandwidth leeches and those with more malicious intent.
With the standard still somewhat in a state of flux, and the 802.11n vulnerability landscape immature, wireless security and overlay vendors such as AirDefense, AirMagnet or AirTight have yet to formally announce plans and products for 802.11n. While this lack of availability may change in the next few months-perhaps around Interop time frame-I anticipate that the vendors’ 802.11n functionality will be geared more toward performance analysis rather than security. The limited security functionality also will likely consist mostly of finding new-generation rogues and being able to sniff their payload, if it’s unencrypted.
In the meantime, wireless LAN customers investigating 802.11n for the enterprise should talk to their preferred Wi-Fi access vendor to find out what kind 802.11n-oriented detections, alarms and analyses their products are capable of.