Sniffing Out Rogue Wireless Lans

With the price of 802.11b wireless access points dropping fast, it's not surprising that unsanctioned WLAN connections are popping up like weeds on corporate networks.

With the price of 802.11b wireless access points dropping fast, its not surprising that unsanctioned WLAN connections are popping up like weeds on corporate networks.

Thats a problem for network managers because most wireless LANs that are based on the 802.11x standard lack built-in security, leaving corporate networks open to potential hacking.

As a result, many IT managers are spending just as much time and effort trying to keep WLAN technology out of the enterprise as they are figuring out when, why and how to deploy it for internal use. For many organizations, that means using security tools such as sniffers and technologies such as VPNs (virtual private networks) to locate "rogue" WLAN connections and keep them off the corporate network. In the long run, many see no alternative but to adopt, communicate and enforce a WLAN security policy even if management has no official plans to use the technology.

Many enterprises are in danger of spending millions of dollars securing their wired network only to risk exposing sensitive data via rogue WLANs, experts say. In fact, Gartner Inc. recently estimated that at least 20 percent of enterprises already have rogue WLANs attached to their networks. In addition, Gartner predicts that by the end of this year, 30 percent of enterprises will suffer serious exposures from deploying WLANs without implementing the proper security.

For many organizations, the first step in controlling rogue WLAN users is to find them. To do that, many network managers are employing sniffer tools to track WLANs. These include WildPackets Inc.s AiroPeek NX, Network Instruments LLCs Observer and AirMagnet Inc.s AirMagnet. These tools can be used to check wireless security by identifying unauthorized clients or access points and verifying encryption usage. And many IT managers swear by shareware products such as NetStumbler ( that let them hunt down unauthorized wireless access points. Like the proprietary tools, NetStumbler enables an IT manager (or hacker, for that matter) using a laptop and a wireless Ethernet PC Card to locate wireless access points while driving around town or walking around a building or campus. The practice is sometimes known as war driving. The software also provides information on whether or not the access point has encryption turned on, what its media access control address is, the name of the network or vendor, and signal strength.

At the University of Akron, IT managers are using an arsenal of tools to find and lock down wireless and wired LANs. Last year, the Ohio university began installing 1,200 Aironet 350 Series access points from Cisco Systems Inc. in classrooms, residence halls, libraries and sports centers. All transmissions are secured using 128-bit encryption and IP Security VPNs from Cisco.

But having an authorized WLAN doesnt mean users wont try to tap into the universitys network from their own rogue access points. This is why the University of Akron also uses a variety of sniffer tools to hunt down unauthorized wireless access points. IT managers there have also deployed management software from Cisco and from IBM subsidiary Tivoli Systems Inc. that sets off alarms when an unregistered client jumps on the network and shuts down routers until the activity can be investigated.

"Universities are doubly damned in that we are notoriously known for maintaining open access to systems," said Thomas Gaylord, vice president and CIO at the university. "We cant have our computers being used to attack other organizations. This is why we vigilantly hunt down rogue access points."

In the face of mounting rogue wireless access points, many IT managers are also dusting off security policies and adding rules on WLAN access, even though they may not have immediate plans to officially deploy 802.11x technologies. At Gannett Co. Inc., Gary Gunnerson, IT architect and an eWeek Corporate Partner, said employees are reminded that rogue deployments are against company policy.

"Were not actively pursuing violators at this point and have no plans to run around the company with a wireless sniffer," said Gunnerson, in Alexandria, Va. "But all employees throughout the management chain understand rogue access points of any sort are a violation of our corporate security policy."

Gannett isnt actively sniffing out violators because the company is relatively protected by its VPN technology, which provides encryption and enables IT managers to monitor clients trying to access the network, Gunnerson said. If Gannett does officially deploy WLAN technology, the company will follow its existing security policies and tie wireless access into its VPN strategy. (For more on using VPN technology to secure wireless networks, see story on Page 45.)

"If we ever go into production, we will treat the wireless network as if it was outside the company and secure it as such," Gunnerson said.

Related Stories:

  • Wireless LAN Security Crackdown
  • 802.11a and 802.11g Evolve the WLAN Space
  • Review: AirMagnet 1.2 Reveals WLAN Trouble Spots
  • Review: VPN Tools Aid WLAN Security