IT managers ready defenses against flaw in WLANs

Information technology managers claim said a denial-of-service vulnerability that affects some Wi-Fi wireless LANs could force companies to develop new skills and rethink the way their networks are set up. But, they added, it should be relatively easy to defend WLANs against attacks seeking to exploit the flaw.

For example, an attacker would need to be within the typical 200- to 300-ft. range of a WLAN to shut down data transmissions, according to security researchers and wireless vendors. Corporate WLANs that are well shielded within buildings or fenced-off areas should be safe from attacks, they said.

Companies that operate multiple access points on their WLANs could also switch network traffic to other access points if one or more were attacked, although doing so would require radio frequency management skills and tools.

Defensive measures

The denial-of-service risks were outlined on May 13 by the Australian Computer Emergency Response Team and amplified by its U.S. counterpart. The problem affects WLANs based on the 802.11b protocol, as well as the original 802.11 protocol and low-speed 802.11g wireless devices operating at rates below 20Mbit/sec., the two groups said.

They added that networks built around 802.11a or high-speed 802.11g technology aren't affected by the vulnerability, which involves an access-control function used by WLANs that support the Direct Sequence Spread Spectrum (DSSS) modulation scheme. No technology fix is available, so users must take other steps to protect their networks from attacks.

Mike Taylor, CIO at Todd Shipyards Corp. in Seattle, said he thinks geography serves as his best defense. Todd Shipyards runs its WLAN over 40 access points spread across its 44-acre shipyard, Taylor said. That means attackers would have to surround the shipyard and then try to take out every one of its widely scattered access points to stop traffic, he added.

Geography also works in FedEx's favor, said Ken Pasley, director of wireless business development at the Memphis-based company.

FedEx runs extensive WLANs at its package-delivery hubs to connect wireless bar-code scanners used in package sorting. But the hubs are located within the fenced periphery of airports, which should make it difficult for an attacker to get within range, Pasley said.

FedEx also uses radio frequency scanning tools in an effort to detect potential attacks and protect its wireless networks, Pasley said.

The flaw was discovered by a team of graduate students at Queensland University of Technology in Brisbane, Australia. Mark Looi, a professor there, suggested that one defense against attacks would be to replace all 802.11b access points with 802.11a technology, which uses a different form of modulation than DSSS.

But a spokeswoman for United Parcel Service Inc., which operates one of the largest 802.11b networks in the world, said the Atlanta-based company views a move to 802.11a as unacceptable because of the money it has invested in its existing WLAN deployment. She added that UPS is waiting for input from its WLAN vendor, Symbol Technologies Inc., on safeguarding its network.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark