Meru attempts to stop wardriving/parking lot attacks

By Alan Harten

Meru Networks has introduced RF Barrier, the first IEEE 802.11-based technology for proactively defending wireless networks against eavesdroppers and so called “parking lot” attackers, who attempt to record and observe network traffic from outside a building’s perimeter in order to steal sensitive and valuable information.

What many individuals and business’s do not appreciate is that a wireless system is not some kind of magic transmitter it is very basic radio signals just like a walkie-talkie sending out and receiving radio waves.

And without proper security, just like just like any radio station, anyone with the know-how can listen in. Often this simply involves someone using someone else’s signal to get a free internet connection, but sometimes they are professional criminals searching for valuable information that they can use or sell.

RF Barrier uses wireless LAN technology to block the radio-frequency (RF) signals from the corporate network as they exit the building, without disrupting internal WLAN operation. This limits an attacker’s ability to eavesdrop on data and perform offline analysis.

“Parking lot” attacks take advantage of wireless propagation, or bleed-through, from within a building through the perimeter and out to a parking lot or other surrounding area. These attacks are entirely passive in nature, generating no network traffic or other sign they are occurring, and are therefore undetectable by conventional wireless intrusion prevention systems (WIPS).

In an activity known as “wardriving,” attackers drive around the perimeters of enterprises and retail sites, looking for vulnerable or exposed networks. A number of successful and costly parking lot attacks have been perpetrated, one of the most notable involving the theft of millions of users’ credit-card records.

Wardriving is a term stolen from the 1983 Mathew Broderick movie WarGames in which Broderick used a system called Wardialing which involved software that dialled numbers sequentially to see which ones were connected to a fax machine or computer.

Wardriving is a simple process, a small antenna is placed on the car and connected to a laptop then using a piece of software like Network Stumbler your wireless network card records all the wireless network details it finds.

That in its self is not a problem; the concern comes from the fact that somewhere around 70% of private and small business wireless routers have absolutely no security of any kind attached to them allowing easy access to anyone with a little knowledge who wants to snoop around your private information.

RF Barrier is the first solution using 802.11 technologies to offer wireless perimeter protection for organizations with regulatory requirements or policies regarding data privacy, such as retailers, financial and government institutions, manufacturers and health-care organizations.

RF Barrier protects clients with legacy security mechanisms, such as handhelds and scanners equipped only with WEP or WPA/TKIP, as well as modern WPA2- and EAP-based networks, where it helps prevent the exposure of potentially exploitable information such as user identities.

Furthermore, it provides physical wireless security in remote branch offices where no IT personnel are present to detect or stop an attack from outside the site’s physical boundaries.

RF Barrier mounts a defence by blocking signals from the designated wireless network from being effectively decoded outside the perimeter. For example, the ‘bleeding’ of financial data beyond the walls of the building from legacy devices that don’t support the newest and most advanced security standards.

How RF Barrier Works

RF Barrier is installed by mounting a wireless access point along the inside perimeter of a building, and an advanced external antenna outside the perimeter.

RF Barrier inspects the traffic in real time to determine which part belongs to the WLAN (and is therefore designated as sensitive) and uses the external antenna to block outbound traffic at the RF layer. Would-be attackers are limited in their ability to see useful packet information about the internal network.

Because RF Barrier uses directional antennas and selective enforcement technology, it has no impact on signals within the building or from other networks. Internal clients connect normally, with enterprise access points serving them at full speed. RF Barrier can be turned on and off as needed, giving enterprises the flexibility to allow access at certain times of day while restricting it at others.