IT managers say a denial-of-service vulnerability that affects some wireless LANs could force companies to develop new skills and rethink the way their networks are set up. But, they added, it should be relatively easy to defend WLANs against attacks seeking to exploit the flaw.
For example, an attacker would need to be within the typical 200 to 300-foot range of a WLAN to shut down data transmissions, according to security researchers and wireless vendors. Corporate WLANs that are well shielded within buildings or fenced-off areas should therefore be safe from attacks.
Companies that operate multiple access points on their WLANs could also switch network traffic to other access points if one or more were attacked, although doing so would require radio frequency management skills and tools.
The denial-of-service risks were outlined on 13 May by the Australian Computer Emergency Response Team and amplified by its US counterpart. The problem affects WLANs based on 802.11b, as well as the original 802.11 protocol and low-speed 802.11g wireless devices operating at rates below 20Mbit/s, the two groups said.
They added that networks built around 802.11a or high-speed 802.11g technology aren't affected by the vulnerability, which involves an access-control function used by WLANs that support the Direct Sequence Spread Spectrum (DSSS) modulation scheme. No technology fix is available, so users must take other steps to protect their networks from attacks.
Mike Taylor, CIO at Todd Shipyards in Seattle, said he thinks geography serves as his best defence. Todd Shipyards runs its WLAN over 40 access points spread across its 44-acre shipyard, Taylor said. That means attackers would have to surround the shipyard and then try to take out every one of its widely scattered access points to stop traffic, he added.
Geography also works in FedEx's favor, said Ken Pasley, director of wireless business development at the company. FedEx runs extensive WLANs at its package-delivery hubs to connect wireless bar-code scanners used in package sorting. But the hubs are located within the fenced periphery of airports, which should make it difficult for an attacker to get within range, Pasley said. FedEx also uses radio frequency scanning tools in an effort to detect potential attacks and protect its wireless networks, Pasley said.
The flaw was discovered by a team of graduate students at Queensland University of Technology in Brisbane, Australia. Mark Looi, a professor there, suggested that one defence against attacks would be to replace all 802.11b access points with 802.11a technology, which uses a different form of modulation than DSSS.
But a spokeswoman for UPS, which operates one of the largest 802.11b networks in the world, said it views a move to 802.11a as unacceptable because of the money it has invested in its existing WLAN deployment. She added that UPS is waiting for input from its WLAN vendor, Symbol Technologies, on safeguarding its network.