Another Wireless Security Problem

For years now, information security professionals have worried about the security of wireless connectivity to our organizational networks.  “Wireless” has typically been defined, informally at least, as Wi-Fi.  We have tended to discount security concerns about Bluetooth because of its supposedly short range – officially stated as approximately 1 to 100 meters, depending upon class of the device.  That is in spite of the known threat of so-called Bluesniping.  (See, for example, “Rifle’ Sniffs Out Vulnerability in Bluetooth Devices”.)

Because most WI-FI WAPs (wireless access points) have very limited processing and storage capabilities, authentication to WAPs is generally handled as a shared secret by the WAP itself, or through the external interface of a firewall connecting to an internal RADIUS server for more robust / granular authentication.  The later provides not only individual user authentication credentials, but also the connecting device’s MAC address (and, of course, the dynamically assigned IP address).

More robust security is available for wireless networks, but that requires additional capabilities.  For example, WIPS (wireless intrusion protection system) capabilities are available, which provide more robust logical protection to WAPs themselves, but also are capable of logging wireless device information on all such devices within the WIPS’ range.  However, most WAPs do not have integrated WIPS capabilities, so WIPS generally requires a ‘secondary’ deployment, which may be expensive in terms of effort and cost.

More robust security is also available for wireless networks in terms of more robust device authentication, such as 802.1x.  While 802.1x deployment is increasingly common for devices on wired networks, its utilization on wireless networks is far less common.  Certainly one reason for such is the lack of non-proprietary supplicants available for Android and iOS operating systems.

So practical challenges remain to fully securing wireless networks.  And now, the Department of Defense is attempting to effectively change the commonly acknowledged definition of wireless networks to also include wired networks.  According to C4ISR Journal,

The Army’s Intelligence and Information Warfare Directorate, known as I2WD, hosted a classified planning day Nov. 28….The roughly half-dozen objectives of the Tactical Electromagnetic Cyber Warfare Demonstrator program are classified….The source said the program is designed to demonstrate ready-made systems…that can perform a variety of tasks….among the objectives are these: inserting and extracting data from sealed, wired networks [through wireless means].

While this effort may seem ‘radical’ to some, it is in fact a logical extension of known security issues. In the 1980s, there was a great deal of concern about spurious or unwanted emanations from computer equipment possibly being captured by hostile intelligence services (TEMPEST).  (Remember Van Eck antennas?)  While the threat may have been real, unfortunately, the cost of countering these emanations was all too real – both monetary and performance.  (TEMPEST shielding severely hindered heat dissipation.)  Finally, NSA effectively gave up on shielding individual pieces of equipment, and moved to shielding entire buildings.  That provided far greater flexibility for equipment used, and yet still provided protection.

So, if unwanted emanations was / is a problem for us, why not turn that against our adversary’s wireless transmissions?  And, that is exactly what the U.S. military has done with Suter.  According to Aviation Week:

“Suter 1 allowed U.S. operators to monitor what enemy radars could see. The capability enables U.S. forces to assess the effectiveness of their stealth systems or terrain-masking tactics. Suter 2 permits U.S. operators to take control of enemy networks as system managers and actually manipulate the sensors, steering them away from penetrating U.S. aircraft. Suter 3 was tested last summer [2010] to add the ability to invade the links to time-critical targets, such as battlefield ballistic missile launchers or mobile surface-to-air missile launchers.”

Suter is a powerful wireless non-kinetic weapon for use against wireless targets,  Now with the Army’s Tactical Electromagnetic Cyber Warfare Demonstrator program, network security, both wireless and wired, looks to get even more difficult going forward.  That just means that it is all the more important to monitor, in real-time, what devices are on your network, as well as how and where those devices are connected to your networks (e.g., feeding your Active Directory and WAP information into Splunk, so that you can detect in real-time unknown attempts to access your wireless and wired networks from accounts and MAC addresses that are not recognized).

Posted by