The bane of the Wifi Internet provider is a threat known as the denial of service or a DoS attack. The concept is simple: Create massive interference to the Wifi infrastructure or public access gateway until the network crumbles and users are totally denied access. With today’s insatiable desire for universal mobile connectivity fueling public venues ubiquitously sporting Wifi, there is ample opportunity for hackers to cause a major service disruption while hiding anonymously behind the crowd. As such, Wifi can be extremely vulnerable to a DoS attack. With today’s dependence on wireless as the primary mode of access, the consequences can be costly.
There are two major scenarios for a Wifi DoS attack. The first is the least sophisticated, taking a “brute force” approach by blanketing the entire Wifi radio frequency (RF) spectrum with strong RF signals that literally over power all radio communications within that spectrum. Such an approach denies both the Wifi Access Point and its associated Wifi clients from communicating with one another.
The second approach attempts to flood the network with so much traffic that intended communications is slowed to a crawl or blocked entirely. Dummy packets are generated by the hacker in such volume and at such a high rate that the the Wifi Internet provider infrastructure and public access gateway become saturated, stopping the flow of all intended traffic. This threat may not only come from within the local Wifi infrastructure but can be created or controlled from the Internet outside the public access gateway.
The only way to completely eliminate DoS attacks is put all the people who want to communicate in an “RF sealed” room and deny any access to the Internet. Not a very practical approach for a highly mobile society desiring ubiquitous mobile connectivity. Fortunately, there are several things that can be done to mitigate the threat of a Wifi DoS attack. The public access gateway can be steeled against attack from the Internet by deploying behavioral detection algorithms in addition to common firewall methodology. This approach searches for patterns or behavior of the traffic outside the norm then blocks that traffic from entering. These same algorithms can be applied inside the Wifi infrastructure to detect rogue machines controlled from the Internet then block their access to the WLAN. In addition, diligence in updating client and Wifi infrastructure with security patches will go a long way towards minimizing any potential “holes” through which hackers may enter.
To thwart RF threats, the following steps can be taken to lessen their impact:
- If interior walls are using metal studs, make sure they are grounded.
- Install thermally insulated copper or metallic film-based windows and /or use metallic window tint instead of blinds or curtains.
- Metallic-based paint can be used on walls and doors to block unwanted RF penetration.
- Use directive antennas on Wifi access points to minimize access from outside the room or building.
Ubiquitous mobile connectivity is a wonderful thing. Don’t let it be denied!