Air Pollution: Securing Wi-Fi Networks Is No Walk In the Park

The day is quickly approaching when during a leisurely stroll through the park you will see throngs of people sending e-mail, surfing the Net and making online business transactions. Others will be launching their Web browsers from the backs of taxis, on cafe terraces and from marina docks.

According to industry estimates, more than 200 municipalities large and small are planning to implement some kind of wireless network in 2006. Large cities such as Philadelphia and San Francisco have projects in the works. Each aims to provide residents ubiquitous access to online resources and information.

Built mostly through public-private partnerships, the bulk of the new municipal Wi-Fi networks will be maintained by private service providers and support a mixture of government, public safety and public access. But even as the model has matured, security has remained largely an afterthought.

According to analyst firm Gartner, 80 percent of all WLANs remain vulnerable to intrusion. Meanwhile, the latest Computer Security Institute/FBI Computer Crime and Security Survey shows abuse of wireless networks to be the only growing cybercrime trend.

In the planning stages for municipal Wi-Fi networks, "most have not even thought about proper security,"says Richard Rushing, chief security officer at AirDefense, a wireless security vendor in Alpharetta, Ga. "You hear talk about the service providers providing antivirus or security monitoring, but it's not happening. Security is not part of the RFP. They are missing the boat. You really only hear concerns when they experience trouble."

That trouble, according to Rushing, comes in the form of attacks that take advantage of the open communications and unprotected clients typically populating municipal Wi-Fi systems, especially the free-for-all, advertiser-driven networks popular with cities and their service providers.

While bad news for the network owners and their users, it's an opportunity for government solution providers who can step in to correct those deficiencies and upsell their prospects on more secure Wi-Fi infrastructures.

Surf Safely

Security requirements vary widely depending on the nature, use and location of each Wi-Fi network, but security experts and vendors involved in municipal wireless suggest a basic list of considerations during network planning. The list includes encryption and authentication capabilities throughout the network, ways to ensure client isolation, systemwide monitoring for malware and unauthorized equipment, and traffic-rate limiting for suspicious activity.

For municipal entities looking to provide access to more sensitive data, or for those willing to endure increased administrative expense and overhead, additional measures could include requiring VPN connections for each client, using a tiered access system, employing a systemwide intrusion-detection system, and enabling more robust wireless security and encryption protocols, such as WPA2 across the network.

Here's the threat: Hackers can unleash so-called "evil-twin" attacks on unsuspecting users by setting up rogue access points that overpower the legitimate Wi-Fi signals and connect clients to fake networks where password and personal information can be captured. DNS cache-poisoning adds the element of fake Web sites posing as trusted, secure sites in the attacks, also known as "air snarfing."

Another attack, known as Wi-Phishing, involves similar rogue access along with duplicate client and network names that give hackers access to client machines and certain networks.

AirDefense's Rushing suggests that, at a minimum, government officials planning municipal wireless networks include elements such as client isolation, authentication and encryption. AirDefense is conducting an 11-city tour this month, holding free wireless intrusion-detection and prevention seminars for enterprises, health-care organizations, financial-services firms and government agencies.

"They can't make ease of use more important than security," Rushing says. "Municipalities need to take an enterprise approach to be certain the network is safe."

Lay It On Thick

For their part, many wireless providers see a layered approach to security as the best fit for the mixed-use networks they are increasingly asked to support.

"We do see value in securing the networks," says Chuck Haas, CEO and co-founder of MetroFi in Mountain View, Calif. "But it's important to know what goes where."

MetroFi, which operates municipal wireless in Cupertino, Santa Clara and Sunnyvale, Calif., typically uses a strong authentication and encryption framework--such as 802.1x--along with VPNs when handling public-safety and internal government communications. But on the free public-access portions of the network, "the hassle of security can be daunting for a lot of users," Haas says. "These networks are supposed to be open and available."

As a result, a lot of the security has been left to content providers or individual users, he adds.

Haas says MetroFi--a finalist to provide municipal wireless in Portland, Ore., and Plano, Texas--does a fair bit of educating municipal clients on the need for security services. That and the development of less complicated security technology, such as client hardware that incorporates 802.1x, should mean more secure networks and more opportunities to sell security and performance-related services.

Still, security can be a tough sell...

Still, security can be a tough sell when it is seen as more of a hindrance than a benefit. In its proposal for an ambitious municipal wireless rollout, Philadelphia officials noted that security for its network could include authentication, client isolation and "secure network configuration and management." But the officials concluded that "the more secure the network is, the more complicated the provisioning process can become." And that would defeat the purpose of the public network.

The Wireless Philadelphia officials, who have contracted with EarthLink to build, operate and maintain the 135-square-mile network, opted to limit security in the open-access parts of the network to "an acceptable use policy and disclaimer." EarthLink officials in Atlanta declined to comment.

Tropos Networks, which through its systems integrators and reseller partners supplies the infrastructure for dozens of municipal wireless mesh networks worldwide, takes a distinctly tiered approach to security. The vendor's initial deployment for the San Mateo, Calif., police department in 2003 required what at the time was state-of-the-art security to access state and national criminal databases and to meet Department of Justice requirements.

"We've always been extremely security-conscious," says Bert Williams, Tropos' senior director of marketing, who added that current deployments incorporate WPA2 with AES encryption within the network for all governmental communications.

Security is admittedly less stringent for users of the free-access portion of Tropos' Wi-Fi networks. "For open access, things are more relaxed," Williams says. "But even if you may not want to use WEP or WPA, there are still things that can be done to control the client in the pay-per-use environment."

Tropos suggests filtering permitted clients and using layered VPNs along with intrusion detection in the network to bolster defenses. More important, according to Williams, is the addition of safeguards against viral and Trojan infections from unprotected customers.

"Infection is the biggest issue," he says. "If you don't take the right precautions, you'll soon have infected clients spewing data on the network."

Tropos is including embedded software tools in its newest products so that service providers can isolate viruses and infected clients and employ rate-limiting on specific suspect activity such as pings. As more municipal networks blend sensitive government and public-safety use with free public access, service providers will need to configure the full range of security features available and add that to the cost of their maintenance agreements, Williams says.

"In a multiuse network, it's a choice of whether to use or not use," Williams says. "When it comes to securing these municipal networks, our advice is to use."

Baking In Security

One of Tropos' key hardware partners, Motorola, offers an easier, albeit more expensive, way for systems integrators to segregate users on multiuse networks, a key to keeping the systems both secure and manageable.

Deployments of Motorola's MotoMesh gear for municipal wireless networks, made generally available last month, have begun in earnest, notably at Super Bowl XL in Detroit. MotoMesh integrates secure public safety and public works along with unsecured public access by using multiple radios in both licensed and unlicensed frequency bands.

But not everyone agrees with the dire predictions associated with vulnerabilities in public hotspots. At the Gartner IT Security Summit in Washington last summer, analysts Lawrence Orans and John Pescatore said concerns about attacks such as the "evil twin" had been overhyped and that basic security measures would suffice to keep users safe and networks secure.

Still, Orans does recommend using passwords and VPNs, as well as disabling print- and file-sharing for clients. As for the network operators, he suggested deploying software to monitor rogue access points and the application of best practices for mobile endpoints.