VARs: 'Wardriving' Highlights Need To Secure WLANs

Today the word "wardriving," a term derived from the hit flick, refers to using a laptop, an antenna and other equipment to cruise around by car in highly networked areas and look for open access points to "borrow" and use, or worse, to gain access to sensitive information.

Solution providers say wardriving is a significant problem that underscores the need to secure WLANs.

"We had done some wardriving just to see what is out there, but not to do anything with [the access points located]," said Anish Bhimani, a senior associate at Booz Allen Hamilton's commercial information assurance group. "We found a couple hundred access points, 40 percent of which were wide open."

The surge in WLANs in the past 18 months has likely set the stage for more people to randomly seek access to those networks, Bhimani said. "Wi-Fi lets people set up wireless LANs for $200 and a plug. By default, [these LANs] are set up without security built in," he said. "The devices broadcast information, looking to make a connection."

Caston Thomas, a principal at Auburn Hills, Mich.-based solution provider Interworks Technology, said he used wardriving once to illustrate for a client how vulnerable his wireless networks were. He took a company representative along for the ride and almost immediately gained access to the customer's network.

Later, an executive at the company "got pretty hot-headed" about the breach, Thomas said. "[But] they needed to know in no uncertain terms that I [was] trying to help them."

Although Interworks loaded NetStumbler,a Windows utility that finds open access points on a wireless network,on some Interworks employees' PCs, company policy restricts its use, Caston said. "We don't let any of our people go out with NetStumbler [and tools like it]," he said. Even though the software picks up only publicly available header packets, Caston said, he doesn't want to collect data that might get cached away on a hard disk.

Wardriving most often detects when security built into 802.11b is not turned on or is configured improperly, said Fred Owsley, a senior security engineer at Security Management Partners, Arlington, Mass.

"Usually, a third-party solution like a VPN [is required to close the gaps]," Owsley said. "The VPN [built] between the access point and the network is a separate encrypted tunnel,one that's not crackable."

So, if a relatively straightforward procedure such as installing a VPN can make a wireless network less vulnerable to wardrivers, why don't more companies secure their WLANs? Because security often falls to the bottom of the priority list or because customers can't imagine anyone wanting factory-floor data or other information deemed non-mission-critical, solution providers said.

"There are clients so pressed with tactical issues that networks go up without the [necessary] diligence," Thomas said. "Others know that the risk is out there, and they hope that the access points will be suitably protected."

One Interworks customer said he wasn't worried about wardrivers viewing unclassified data, Thomas said. "But those same wireless networks are connected to your backbone, so this isn't about sniffing," he said. "This person couldn't see the issue of the wireless networks being opened up. We're still talking to them, but he put [the wardriving threat] two levels down."

Thomas and other solution providers said they would never consider trying to win new business by wardriving, since that would be akin to extortion. Bhimani, in fact, likens the practice to cable-splitting.

A customer with a network secured behind a firewall, but with its WLAN exposed to everybody with four wheels and a copy of NetStumbler, is like "putting huge locks on the front door and leaving the window open," Bhimani said.