Security issues with pre-802.11n wireless gear

Are there any security risks associated with pre-802.11n networks?

After much debate and contention in the IEEE 802.11n working group (task group N), several consumer-grade products have started to ship. While we don't often think of a new physical-layer standard such as 802.11n as introducing security risks to wireless networks, organizations should consider three risks associated with the deployment of Pre-N networks:

Range Threat. The nature of Pre-N networks with the use of multiple-input, multiple-output (MIMO) technology increases the network data rate, but also increases the range of these networks. With some vendors claiming range up to 1400 feet in products, the deployment of Pre-N access points can leave some organizations exposed to a wider range of attackers than previous 802.11 networks with a more typical range of 300 feet.

Availability Threat. One feature in Pre-N networks is the use of 40 MHz channels, doubling the amount of radio spectrum used for a single AP. The use of 40 MHz transmitters in the 2.4 GHz band threatens to significantly interfere with existing 802.11b and 802.11g networks. A Pre-N AP deployed on channel 1 (2.412 GHz) with a 40 MHz channel can significantly threaten the availability of nearby networks on channels 1 and 6.

Rogue Threat. In order to support legacy 802.11a, b or g devices, a backward compatibility operating mode is supported on Pre-N APs known as mixed-mode operation. In this mode, a legacy wireless card can identify and connect to a Pre-N AP, at the cost of some throughput. In addition, a high throughput mode known as Green Field mode is also specified that offers throughput benefits at the cost of backward compatibility. The use of Green Field mode on APs can expose organizations to rogue threats however, as legacy 802.11a, b and g detection systems will be unable to identify Pre-N Green Field transmitters, allowing attackers to evade existing monitoring systems.

In order to remediate these threats, organizations can take several actions:

Don't rely on network range for security, use alternate security mechanisms;

Avoid deploying Pre-N networks with 40 MHz channels in the 2.4 GHz band;

Work with vendors to identify techniques to protect against rogue Pre-N APs in Green Field mode.

Pre-N APs are readily available through many commercial resellers. Organizations should carefully consider the impact of deploying Pre-N APs, as well as the risks of rogue Pre-N APs.

Joshua Wright is a senior security researcher for Aruba Networks, an editorial board member of the Wireless Vulnerabilities and Exploits project and an expert in the art of Koi pond maintenance.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.