Hacking

CASE STUDY

Going Wireless on Campus

Wireless networking continues to make inroads in metropolitan and rural areas across the U.S. as the development of 802.1x technologies and associated standards forges ahead. Wireless broadband and VoIP (Voice over Internet Protocol) have both gained momentum and are moving inexorably forward. It’s now possible to connect to the Internet and a variety of voice and data networks in spaces large and small, public and private.

On the one hand, big telecoms have sought to block the growth of 802.1x networks — witness the ongoing political battles over public-private muni wireless networks. On the other hand, however, they have become converts.

The major telcos have moved rapidly to acquire wireless technology start-ups, as well as to incorporate 802.1x into their business development strategies. Perhaps nothing demonstrates how far the use of wireless technology has come as well as their growing adoption of IMS (IP Multimedia Subsystem) technology, which promises to seamlessly integrate and switch between wireless 3G+ and digital IP-based wireless networks and services.

Along with municipal wireless networks, colleges and universities have been at the forefront of 802.1x adoption. With sizable populations of technophiles, academics and researchers, they have served as test beds for the rollout of relatively large-scale, heavily used wireless networks.

Along with all the benefits wireless access brings comes the heightened threat of cybercrime.

“The only thing we’ll mention here is that although there are a number of vulnerabilities in the wireless protocols for mobile devices, virus writers have not yet started to exploit them. However, we have no doubt that they will be exploited in the very near future,” writes Aleks Gostev in a recent report on the evolution of mobile malware. Gostev is a senior virus analyst inKaspersky Lab’s Moscow headquarters.

Wireless on Campus: Colby-Sawyer

According to the Campus Computing Project, 51.2 percent of college classrooms now have wireless network access, compared to 42.7 percent in 2005 and 31.1 percent in 2004. Furthermore, 68.8 percent of campuses surveyed have put together a strategic plan for wireless network deployment. Thirty percent of respondents chose network and data security as their single most important IT issue.

That being the case, college and university IT staff are confronting the challenges of quickly moving up the wireless network learning curve while taking care to secure their institutions’ most vital assets: their knowledge and communications.

Colby-Sawyer College in New London, N.H., is one of many institutions of higher education that have put campus-wide wireless networking to the test.

As an information security analyst at the college, Scott Brown has become very familiar with the threats and challenges, as well as the potential benefits, surrounding such a project.

“Students want to explore all that the Internet has to offer,” Brown notes in a 2004 comparison of vendor security software packages. “The problem is that the Internet is not always the best place to be curious. As a result, I’ve seen malware infections as high as 8,000 viruses on one computer.

“I was able to use my unique situation to acquire 10 zero-day viruses/trojans and two exploits in one night,” he relates. “These could all be considered zero-day infections, as most were not detected by antivirus software, but all were confirmed by two or more companies after submission.”

Describing Colby-Sawyer’s network, Brown told TechNewsWorld, “We have a subnetted environment with identity based V-LAN (virtual local area network) switching with fiber gigabit legs including about 22 buildings.”

Based on initial project results and feedback, the college is now hatching plans to convert its entire network to a wireless 802.1x platform and to introduce VoIP telephony on its wired network next year.

“We have re-subnetted our network in preparation to turn our wired network totally 802.1x (Extensible Authentication Protocol-Transport Layer Security, or EAP-TLS). Our wireless currently is 802.11i (Wifi Protected Access 2, EAP-TLS) and our NAC (network access control) uses CAT (client assessment tool), a compliancy scanner that configures the 802.1x clients on the fly, [which is] to say it issues the [security-ID] certificate.”

Don’t Tread on Me

Installing and configuring the college’s wireless network has been a relatively straightforward task, according to Brown.

Along with improved access and lower equipment and maintenance costs, Colby-Sawyer’s team has seen a sharp increase in the number of security threats, however. “We are seeing malware threats increase tenfold — last year’s detections were well over 1 million,” Brown reported.

“Social engineering has been a big problem, [and even] legitimate companies, like AOL-Netscape, are packaging more spyware.”

The growing use of spyware is a “very hot topic of discussion for all schools,” Dave Feligno, education sales manager at security systems providerESET, told TechNewsWorld. “As the motivation for making malware has shifted from fame to fortune, ESET has noticed a significant increase in the samples we receive.”

“A lot of research has been done on 802.1x, and we all know of the insecurities of the first few implementations,” added Shane Coursen, senior technical consultant at Kaspersky Labs.

“As the protocol matures, it will become more secure,” he told TechNewsWorld. “Until then, it seems a lot of people know that it is insecure to a certain degree — [moreso] than TCP/IP (Transmission Control Protocol /Internet Protocol), for example — and are somewhat shy in adapting the technology [for] their critical infrastructure.”

In addition to upgrading and reconfiguring its 802.1x network and adopting the latest WPA2 encryption standard, Colby-Sawyer’s IT security team has installed a complement of vendor-supplied security software.

They use a network access control system that has been integrated with their intrusion prevention system, Coursen said, along with firewalls, bandwidth shapers, and ESET’s NOD32 spyware and malware solution.

While the WPA and WPA2 approach improves on the older wireless encryption protocol (WEP), “as with nearly every other ‘secure’ network communications method, it is not foolproof and can be attacked,” Coursen pointed out. “However, we aren’t seeing those kinds of attacks yet. Today, it is more often the case of an attacker taking advantage of a misconfigured router or other wireless device.”

Continually updated and enhanced security software applications, along with the development of better heuristics to detect unknown threats, have been critical aspects of the IT security department’s success to date. “Better detection and central management has been a key for us, as we do not have the staff to address this on a machine by machine basis,” Brown said.

From his discussions with administrators at schools of all sizes, Feligno said it has become clear that everywhere on campus, they are looking for a better way to protect their desktops and servers.

“Even with gateway- and network-based protection in numerous forms — such as IPS systems, mail scanners, Internet filters and packet shapers — it is still a cause for alarm that malware is getting through to the end point,” he said.

“A part of this is attributed to internal attacks, meaning someone from the inside is trying to penetrate their systems with crafted malware,” Feligno explained. “Taking that into consideration, schools are now looking at other solutions besides the traditional top three malware scanners in the market (by revenue generation), and are focusing their efforts on finding more granular heuristic detection with vendors they may not have had experience with in the past, like ESET.”

Having decided to take the initiative and on their own bolster Web browser security, Brown said he and his colleagues have also adopted active directory policies to control Internet Explorer.

In addition, “[we are] implementing better detection in our IPS by running antivirus and anti-spyware side by side,” he commented. “The harder we work at cleaning up student computers, the more our own support calls and labor have gone down — and overall protection and computer user satisfaction is up.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels