Wireless Network Security Sneak Attack: Ad-Hoc Networks
You are probably reading this in the comfort of your office chair secure in the belief that all is well on your wireless network and everything is secure… Wrong!!!
Unless you have deployed a wireless network security solution that has integrated wireless intrusion detection & prevention features you are probably wide open for some hurt.
The Threat: A threat that is not very publicized or well known is called Ad-Hoc wireless networks. This is a feature built into Windows and is available as a third party application in other operating systems. Essentially it is a way for client machines to connect to each other wirelessly so they can communicate between themselves in a peer to peer network.
Back before wireless was a ubiquitous medium for networking, client machines could network with each other peer to peer over a simple cross over cable. Now this can be done without wires and thus we have our threat.
With the introduction of Windows 7 we are presented with yet another Ad-Hoc type threat called Virtual WiFi.
This feature built into Windows 7 is a “soft AP” that allows a user to turn their laptop into an access point. Clients can connect through this virtual AP and are NAT’ed through the wireless or wired network the laptop is connected to.
The clients are given private IP addresses by the application so to any Network Access Control solution or other security application the traffic appears as though it is coming from the laptop IP rendering the solution ineffective. There are ways to control this feature in Group Policy but only from Windows Server 2008 R2.
Anyone with some creativity has the ability with a laptop to scan for other client machines offering Ad-Hoc or Virtual WiFi connectivity. Picture this if you will, a devious hacker sits outside a Hospital or Medical Clinic and scans wireless networks looking for an Ad-Hoc or Virtual WiFi connection to join. When he finds one he connects and now has communication with that client PC.
If that client PC offering the Ad-Hoc or Virtual WiFi connection is connected to the physical wired LAN or to a wireless access point of the Hospital or Clinic that hacker now has access to the network and no one is the wiser.
The Solution: With the correct IDS/IPS system in place as part of your medical wireless network security you have the ability to deny Ad-Hoc networks on your network and also have the privilege of slamming the back door on potential hackers.
Michael is the Practice Manager of Security and Mobility at SecurEdge Networks. A true Wi-Fi “Guru”, he has an incredible ability at solving the most challenging wireless mess and then helping you understand it all.