- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Joanie Wexler looks at how enterprises can take advantage of wireless LANs and WANs.
Along with the potential performance and coverage benefits of 802.11n come a few new security risks, says industry security guru Joshua Wright. Wright presented a Webinar last week that outlined several new vulnerabilities that high-speed 802.11n networks introduce.
Wright, who has spent a decade ferreting out wireless security attacks (Compare WLAN Security products), is an instructor for the SANS Institute, an information technology watchdog organization that offers information security training, certification and information resources. He’s also a senior security researcher at Aruba Networks.
Here are a few 802.11n vulnerabilities he highlighted:
* Wireless intrusion detection system (WIDS) gap.
If using channel bonding to transmit across 40MHz channels (recommended primarily for the channel-abundant 5GHz band), it
will take WIDSs twice as long to scan the frequencies for malicious patterns as it did to scan earlier 20MHz channels. The
situation effectively doubles the time a hacker has to penetrate a given frequency until the scanner makes its way around
to that frequency again – from about 4 seconds to about 8 seconds, Wright says.
Viewed another way, in a 20MHz channel, an attack must last about 4 seconds to be detected; in a 40MHz channel, it has to last 8 seconds. What kind of attack could be mounted in 4 to 8 seconds? “Mostly driver exploits [see below], which are 1- or 2-packet attacks,” says Wright.
* Driver exploits.
Wright says there is “lots of vulnerable code out there driven by the [industry] frenzy to get 802.11n into the hands of users.
When you have a driver vulnerability, a hacker can gain administrative access.”
Of possible help here is a free tool from Aruba called the WiFi Driver Enumerator (WiFiDEnum). Using a database of known wireless vulnerabilities, WiFiDEnum assesses the versions of installed drivers and produces a vulnerability report, identifying systems and specific drivers that are at risk to wireless driver exploit attacks.
* No protection yet for “block” acknowledgements (ACK).
IEEE 802.11n introduces a mechanism to acknowledge a block of packets, instead of individual packets, identified by a beginning
and ending sequence identifier. “This block ACK mechanism is not protected; any attacker can spoof one of these messages and
create an obscenely large window within which frames can be sent with no ACK,” thereby creating an 802.11n denial-of-service
vulnerability, says Wright. At this juncture, “There is no fix for this mechanism,” he says.
Joanie Wexler is an independent networking technology writer/editor in Silicon Valley.
Comments (8)
11n risksBy Joanie M. Wexler on July 21, 2008, 6:47 pmThanks, Joshua and others Thanks, Joshua, for all the followup comments, clarification and explanations. And to all who want longer articles with more issues...
Reply | Read entire comment
Not left out - that he works for Aruba is stated in a couple of By Anonymous on July 21, 2008, 12:38 pmNot left out - that he works for Aruba is stated in a couple of places.
Reply | Read entire comment
Doesn't Joshua work for a Wi-Fi vendor?By Anon on July 16, 2008, 11:44 pmJoanie : Did you accidentally leave out the fact that Joshua works for a Wi-Fi vendor?
Reply | Read entire comment
Interesting, but wanted more ...By psiphon on July 16, 2008, 4:29 pmAs usual, your article was very informative. I only wish that it were a bit longer. I felt like it lacked a conclusion and I would have liked to have seen more...
Reply | Read entire comment
Impact of 802.11n RisksBy joswr1ght on July 16, 2008, 3:28 pmAnother great set of comments, and I thank this poster for his insight. He/She makes a great point in that I did not spend a lot of time helping listeners apply...
Reply | Read entire comment
View all comments