Night of the Living Wi-Fi's (A Security Parable for Our Times)
Ed Skoudis' true-to-life scenario sends chills up the spine of any business with employees using unsecured wireless access.
Ed Skoudis is the author of Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses (Prentice Hall PTR, 2001, ISBN 0-13-033273-9) and is VP, Ethical Hacking, Incident Response, and Digital Forensics at Predictive Systems.
In most organizations today, the phrase wireless security is an oxymoron. Companies spend big bucks building walls around their enterprises with elaborate firewalls and DMZs, often not realizing that a careless wireless LAN user is opening them up to major attacks.
Known in some circles as "Wi-Fi," which is a shortened form of "Wireless Fidelity," the family of IEEE 802.11 wireless standards is a deployed reality in most companies today. While the vast majority of these organizations don't have a defined, carefully constructed corporate wireless infrastructure, individual employees have taken the liberty of buying and installing access points, extending corporate LANs and WANs into the wireless realm.
The rapid adoption of wireless LANs has taken many companies by surprise, as they don't realize that employees can spend less than $200 to buy a wireless access point and $100 for a wireless card. Perhaps Hank from marketing, Suzie from finance, and Olaf from engineering decide they can all be more productive if they just install their own personal access points in a cubicle, office, or conference room. That way, these employees can access email, surf the web, or utilize networked corporate applications while "participating" in meetings or just wandering the halls. Unfortunately, these ad hoc wireless networks are almost always completely unsecured, as the employees setting them up are focused purely on access and productivity, and don't understand the security implications of what they're doing. By trespassing through an unsecured wireless access point, an attacker can often get complete, unfiltered access to the target's network.