The soap boxNetwork security: A practical approach by Ilan Meller

Published 8 February 2007

Location-based and time-based measures breach physical and logical security of organizational networks

In the 1970s, a hacker who wanted to access network resources had to steal into the organizational campus, breach the physical access control system, find a free terminal, and then gain entry to the network using the user name and password of a legitimate user.

With the invention of the Internet, the same hacker could gain access to the organizational LAN from outside the campus, through the logical entry control system — the authorization system — which is actually an imitation of the physical access control system.

Here, too, the hacker was faced with the need to identify himself or herself using the name and password of one of the legitimate users of the LAN. In that period, however, dozens of free software hacking programs sprung up, programs designed to access usernames and passwords. Today it is no problem to get dozens of passwords during the time it takes to drink a cup of coffee.

When the wireless network arrived, it brought with it new dangers which lie ready to ambush the development of the WAN. Today, hackers no longer have to pass through the physical access control system or even through logical access control. They may just sit outside the organizational campus and hijack the wireless signal, which they use as a bypass road to circumvent access control. Even so, hackers still have to get through the last hurdle of user’s credentials. As we have seen, however, this is not an insurmountable obstacle, and can be overcome easily.

There are organizations which are aware of the dangers and take steps to minimize exposure from WiFi. Some of them even proclaimed a “wired network only” policy, with no wireless element permitted. Even these organizations, however, are not immune to the dangers of wireless networks. The reason: They cannot control those employees who synchronize their WiFi-enabled smart phones with their computers while the WiFi option of the telephone is active. This is all the hacker needs to realize his criminal intent.

Even without smart phones, every laptop connected to its home base station while the WiFi option is operating, is a potential hot-spot entry point to the Internet. Furthermore, any employee who can enter the network from home and whose home has a WiFi network which is not fully protected, inadvertantly allows his neighbor to leech on to it, impersonate the employee, and hack the organizational LAN.

All those possibilities of hacking an organizational LAN are joined by