Addressing the Security of Wireless Technology

What is wireless technology, and how has it evolved over the years? 

From a Wireless network perspective, 802.11 (Wi-Fi) has grown from a technology often scoffed at by industry leaders in the late nineties as something that was never going to take off. However, today it is now the primary connectivity method for almost all devices connecting at the edge of all modern home, mid-market and enterprise networks. It’s been an amazing evolution, as it has created the world without wires that we enjoy today.

Why has the security of wireless technology been generally overlooked?

In general, wireless standards don’t account for a high level of security. While there are more secure encryption methods today, many weaker versions such as WPA and WEP are still being used internationally. This is mainly because certain older devices don’t support the newer methods that are far more secure.

Take WPA2-PSK (Wi-Fi Protected Access 2 - Pre-Shared Key) for example, which uses CCMP/AES – this is a 128bit encryption process and is very secure. Even with this better system, everyone is still sharing the same Pre-Shared Key (PSK), a security mechanism used to authenticate and validate users on a wireless connection, which opens other doors to vulnerabilities. So, despite the raised levels of encryption, if everyone uses the same PSK, and one device is breached, they all could be vulnerable.

For example, when someone leaves a business, if you don’t update your PSK (which many businesses fail to do) then you have left the door open for a potential revenge attack.

The same can happen when the PSK is the same for all devices. A user who knows the PSK can capture the 4-Way handshake that occurs when a wireless device is connecting and use this to look at anyone else’s data going over the air on the same wireless network. The 4-Way handshake becomes somewhat easy to capture if the wireless network is vulnerable to de-authentication attacks, which unfortunately, most are. This is because the method to prevent this from occurring, known as Protected Management Frames (PMF), is not supported by many wireless devices.

What wireless security issues can result in a breach of confidential data and how can an individual or business mitigate this risk?

The range of security issues related to wireless technology is significant.

Firstly, many businesses still deploy their wireless networks using weak or obsolete encryption methods such as WEP/WPA-TKIP due to backward compatibility with older devices. These methods are relatively easy to compromise and, even worse, can significantly impact the performance of your Wi-Fi network due to a max data rate of 54Mbps.

Secondly, as previously mentioned, using a single PSK for all devices can leave your devices exposed to an internal attack. This means that someone can set up an Access Point (AP) that is broadcasting the same wireless network name (‘SSID’) as another trusted source, which creates what is known as a virtual honeypot or fake AP. You may think you are connecting to, say, the airport’s wireless network, or McDonald’s free wireless, when in fact you’re connecting to a third party pretending to be that wireless network. The best defense against this is to utilise wireless intrusion detection tools (WIDS) that are built into most enterprise-grade wireless platforms.

Most free Wi-Fi networks are open, hence no encryption of traffic is performed. Therefore, anyone using an air packet capturing tool can view and see all of your unencrypted data. If you are using an open network, it’s recommended to use a secure access method such as a SSL-VPN to protect against eaves-droppers, especially when accessing websites starting with HTTP where no encryption is used (as opposed to HTTPS).

Finally, it’s also important to note that even if your business is using WPA2-Enterprise security methods, that these can also potentially be vulnerable to dictionary style and/or man-in-the-middle attacks. Whilst highly secure, authentication methods such as PEAP/EAP-TTLS-based authentication could result in a third party accessing the wireless network if the business has weak password policies or the password policy is overly complex (resulting in the user writing it down and sticking it on their monitor for all to see).

Further, if insecure authentication methods are used, such as LEAP/MD5 where the password is sent via clear text or in an easily decryptable hash, it is almost inevitable that a breach will occur.

The best countermeasure to these attacks is to use certificate based authentication methods, which removes the human password factor and enforces the client to validate the certificate during the authentication phase.

Australia is generally considered to be at the forefront of wireless technology, given our geographical distance and the need to rely more heavily on it—are we leading in Wi-Fi security as well?

It is well known that the Australian CSIRO and electrical engineer, John O’Sullivan, is credited as the inventor of WiFi as we know it. But while we use this technology heavily in our day-to-day lives, from long reach point-to-point communications networks to checking our bank balances, I don’t believe we are leading the way in security on this front.

Instead, the main research into wireless technology security is happening in places such as China and India, which is where much of the current development for the 802.11 standard and security methods now occurs.

What should we be doing to educate the general public about the risks associated with this technology?

I’m not sure this is possible. The only way to reach a mass audience is via marketing. Unfortunately, many marketing models create misunderstanding for the general public, because while they explain broad concepts around how wireless security works, they often contain a lot of arcane information that only applies to specific cases and is often not easy for the general public to implement.

While we can teach technical staff best security practises around wireless networking and hope they pass this knowledge on, the best method would be to resolve the risks via new wireless security methods. For example, with the introduction of WPA3 and Enhanced Open security methods, many improvements have been made to increase wireless security without end-user interaction.

How would you recommend businesses address these issues in the short and long-term?

This really needs to happen from the top down. Implementing the best wireless security methods is often not easy. However, training internal IT staff with the relevant knowledge and skills via industry training courses, such as those offered through the Fortinet NSE Training Institute, is probably still the best solution for businesses looking to work with 802.11 wireless networks. These courses provide an in-depth understanding of the fundamentals combined with best practices to use when implementing wireless networks, especially when it comes to choosing the best security methods.

If a business doesn’t have sufficiently qualified IT staff, they should reach out to industry professionals for assistance rather than assuming that just because they know how to set up their home wireless router, they can also set up a business or enterprise-grade network.

What’s next for wireless?

The next real steps in the wireless space are founded by what the new 802.11ax standard, WPA3 and Enhanced Open security methods are bringing to the table.

802.11ax is designed to address many common issues with wireless networks, ultimately improving efficiency and throughput using methods such as BSS Colouring and a multi-user version of the OFDM (modulation scheme) being OFDMA, which is a technology currently used in 4G/LTE mobile networks. This will improve the user experience and further embed Wi-Fi as the primary network access medium.

From a security standpoint, the introduction of WPA3—the successor to WPA2 - was meant to disallow outdated legacy protocols, require use of Protected Management Frames (in order to prevent de-authentication attacks) and add features to both the personal and enterprise authentication methods to further enhance wireless. On ne side, WPA3-Personal includes a secure key establishment protocol between devices, the Simultaneous Authentication of Equals (SAE), which provides stronger protections for users against the use of weak password and password guessing attempts by third parties. And on the other side, WPA3-Enterprise will introduce stronger encryption methods with a 192-bit security suite.

There is also the “Enhanced Open” feature which allows supported devices to be able to dynamically set up encryption over the air even on an open network. This is based on Opportunistic Wireless Encryption (OWE) which was initially planned to be part of WPA3.

How does Fortinet help businesses get the most out of their wireless networks?

Fortinet has added a whole new layer of security using our advanced threat protection automation capabilities, which act as a layer of Artificial Intelligence for your wireless network. Fortinet’s wireless networks are capable of detecting when a wirelessly connected client is compromised (i.e. malicious websites have been accessed) and then taking a defined set of actions, such as blocking or quarantining the client’s IP and/or MAC address, or even sending an email to someone who can take action to resolve the issue. A message can also be displayed on the user’s device via their web browser explaining that their device has been compromised and is now quarantined. Yet, the quarantined device will still be able to access sites such as their antivirus vendor in order to remediate the issue. This functionality is unique to Fortinet.

We also offer a means to protect IoT devices. Using our Multiple Pre-Shared Key feature (MPSK), we are able to provide each and every device or user with their own passphrase to access the wireless network. To date, we support 16,000 individual PSKs per wireless controller, which is far more than any other vendor currently offers.

Learn how Fortinet helps secure the wireless LAN Edge with Security-driven Wi-Fi.