|
Systems
Make wireless security truly secure
Hemant Chaskar writes about how hoteliers can protect
their guests, themselves and their revenues by using the right technology for
wireless security.
Hemant Chaskar |
These days, a large number of hotel guests carry laptop computers
with them - whether for business, entertainment or just to stay connected with
friends and family on email and instant messenger when travelling. These laptops
almost invariably include a way to access wireless connections (Wi-Fi) in them.
The hotels also offer internet connectivity to their guests
over Wi-Fi. In fact, many customers now demand it. While Wi-Fi affords the convenience
of staying connected to the network without the tangle of wires, it also creates
security risks. And get this - the network firewall is completely helpless in
the face of these threats. Both Wi-Fi providers and users need to be aware of
these risks, and how to protect themselves and keep their Wi-Fi communications
secure.
Imagine a scenario where a hotel guest connects to hotel Wi-Fi while sipping
hot coffee in the breakfast lobby. The guest thinks he is connected to the hotel
Wi-Fi - the splash page looks and feels just like the real thing - he is in
fact connected to an attacker sitting in the nearby street who has lured the
guest's laptop away from the hotel Wi-Fi access point to what is known as an
Evil Twin.
This guest does not have a whiff of anything insidious as the connection through
Wi-Fi is working fine, albeit through the attacker's access point. This guest
is now at the mercy of the attacker who can steal passwords, insert himself
as man in the middle of the guest's communication, modify data sent and received
by the guest's laptop, or download a virus or a Trojan onto that laptop.
Evil Twin attack
 The
above scenario is not a scene from a Die Hard movie. It happens all too frequently;
it is very easy for a hacker to launch an Evil Twin attack. Tools such as 'Karma',
'Delegated', 'Hotspotter', etc are freely available on the internet to create
Evil Twin attack toolset.
Combine that with the omnipresent holes in hotel Wi-Fi coverage, which actually
make the job of luring a guest's laptop a cakewalk for the Evil Twin attacker.
When the guest gets hacked while staying in a hotel, it loses a frequent visitor
forever.
Hotels need to understand how to secure their wireless networks in order to
protect their guests. Ironically, they also need to protect themselves from
the guests. For example, guests often have the habit of carrying their personal
wireless access points and plugging them in their rooms, in hotel lobbies, and
in meeting rooms for personal Wi-Fi access to avoid relying on often unpredictable,
and at times very costly, hotel Wi-Fi.
The signal spillage from these access points opens up hotel network to outsiders
as long as the radio waves travel through walls, windows and thin air. Then,
don't expect that these personal unauthorised access points will have any security
access control configured on them similar to what you would like hotel access
points to be - usually they are free for all.
Therein lies the problem for the hotel. The attackers can penetrate the hotel
network using signal spillage from these access points. Such personal unauthorised
access points also cause loss of Wi-Fi subscription revenue to the hotel. The
bottomline - hoteliers don't want guests to plug in unauthorised access points
in the hotel network but need an enforcement mechanism for that.
Technical challenges
There are also ample technical challenges in operating the hotel's authorised
Wi-Fi infrastructure from the security standpoint. Just consider the hotel's
authorised Wi-Fi infrastructure itself. It is typical to have the infrastructure
access points mis-configured opening up backdoors for hackers to get in.
For example, due to the complexity of configuring, managing, and using advanced
wireless security protocols, a large number of installations in the hospitality
industry often do not use or properly install the wireless security controls,
or use an outdated and easily-cracked Wi-Fi security protocol called WEP, just
because it is easy to configure and manage.
Even if the access points were configured correctly to start with, many access
point models in fact forget their earlier configuration when they reboot due
to power glitch or outage and default back to factory settings. That opens doors
for attackers.
Then there are denials of service attacks (called DOS attacks) which are not
so much about data theft as they are about disruption. The Wi-Fi protocol is
known to be vulnerable to variety of DOS attacks that can be launched from outside
the premises and can bring down the entire Wi-Fi network. Surely, it is not
good for guest relations if a hotel has promised customers availability of Wi-Fi
when in fact it is not.
Launching DOS attack on Wi-Fi is child's play, as the DOS attack toolsets are
freely distributed over internet. Examples are DOS software such as AirJack,
void11 (the name itself sends a spike through the spine, for benefit of everyone,
the technical name for Wi-Fi protocol is 802.11 protocol), wlanjack, and so
on.
Ways out...
Security systems called WIPS (Wireless Intrusion Prevention Systems) are available
that can help hoteliers to keep 24x7 watch on airwaves in your premises, alert
on threats including all those mentioned above, block those threats, and even
physically locate where they are coming from.
There are companies that provide a suite of products for small to large hospitality
businesses. These products are deployed in Wi-Fi infrastructure to detect, prevent,
and locate attackers in and around the hotel facility. They also provide protection
by running on a user laptop and ensure that it is free from engaging in any
threatening activity.
The writer is director (Technology) at AirTight Networks
and is a technologist in the field of networking, security, and wireless communications.
He can be reached at hemant.chaskar@airtightnetworks.net
|
