Question: When is a Wi-Fi vulnerability not a vulnerability?
Answer: When the vulnerability plays into defenses against attacks.
That may be the case with an advisory issued this week by AusCERT, Australias national computer emergency response team.
The advisory described how a protocol characteristic of wireless networks can be exploited to stage a denial-of-service (DoS) attack.
For a moment when the news hit on Thursday, it looked like déjà vu all over again. It seems like only yesterday that, with great relief, we said “goodbye” to the vulnerabilities of Wired Equivalent Privacy security in the original 802.11 spec and “hello” to the strong encryption and enterprise authentication in Wi-Fi Protected Access (WPA), the mechanism that replaced it. Finally, we had the wired equivalent security that WEP promised but never delivered.
Now, here comes the AusCERT advisory and something new for WLAN administrators to worry about?
Its cause for caution. But if youre already enforcing good security policies, dont lose too much sleep just yet. On the scale of attacks that merit insomnia, this one is on the low side.
There are two major classes of network attacks—passive and active. A DoS attacker must be actively involved in the attack so it naturally falls into the active category. On the Internet the attackers presence is hard to detect due to the international and anonymous nature of the Net. But in the Wi-Fi world, where a radio signal is involved, its relatively easy if you have the right equipment.
The nature of the beast, when it goes wireless, is that its trackable and its effect is limited—confined to 802.11b devices within its range.
An attack of short enough duration to avoid detection is not likely to cause serious disruption. That means less disruption, fewer kicks and a potential jail sentence for the attacker.
Enforcing strong security policies across the WLAN will minimize this and other vulnerabilities.
That should go without saying, shouldnt it? But as news reports testify, every time a reporter goes on a war-driving expedition to identify WLAN vulnerabilities, there are network managers that havent got religion.
There are still companies that havent deployed WLAN intrusion detection, havent graduated to WPA and havent even enabled WEP.
Oh when will they ever learn…