Strategien


WLAN-Sicherheit

Cheap, Cool and Dangerous

Sarah Scalet ist Senior Editor unserer US-Schwesterpublikation CSO Online.

Look, Ma! No Privacy!

What are these WLANs that everyone is talking about? Governed by the802.11 set of standards created by the Institute of Electronic andElectrical Engineers (IEEE) in New York City, WLANs transmit data notby wires but by radio waves, in frequencies that don't require alicense (2.4GHz and 5GHz). Setting up a WLAN is a little like plugginga cordless phone base into the telephone jack in a home office, thenplacing several cordless phones around your house to share that onejack. In WLAN parlance, the base is called an access point (and costsfrom $200 to $1,000), and the receiver is a wireless network card(which costs as little as $70). The end result is just plain neat.(Look, Ma! No cords!) But the signal can also be picked up by aneighbor using nothing more than a similar $100 wirelessnetwork card.

For that reason, security experts have always been leery of WLANs.Anyone with the right hardware can eavesdrop on network traffic orfreeload Internet access. More seriously, a hacker could gain networkaccess not just to the Internet connection but also to networkresources. (Best Buy, for example, stopped using its 802.11b wirelesscash registers this past spring after a hacker claimed to have stolencredit card information from the systems.)

The IEEE tried to solve those problems by building security into the802.11b standard (also known as Wi-Fi), with an optional encryptioncapability known as wired equivalent privacy (WEP). The first problemwas that the majority of WLAN users didn't bother to even turn on WEP.Then, last February, three researchers from the University ofCalifornia at Berkeley announced that even when used properly, WEP wasinsecure because the security algorithm had weaknesses. A hacker whocaptured as little as 10 to 20 minutes of network traffic could decodethe encryption scheme. That done, he could read all the networktraffic he had captured and, until the next time the WLAN user changedthe WEP key, he could also gain network access.

After the announcement, organizations with high security stakes - theArmy, for example - banned WLANs without additional security, andeverybody expected WLAN sales to collapse, at least until the IEEEhammered out new security protocols. But sales didn't drop off. Infact, quite the opposite has happened. The Meta Group predicts that bythe end of 2002, 75 percent of Global 2000 companies will have trialWLANs.

Zur Startseite