This month, I am writing an article on Wireless Network Security.  After working with 802.11b Wireless over the past few months, it is simply amazing how many simply keep their wireless network open for anybody that passes by!

Wireless equipment is now very affordable, and many people with technology in their homes and businesses are going out and purchasing equipment to build wireless networks.  Are the majority of the people installing this equipment aware of the security risks with plugging it in without exploring your security options?  The answer is absolutely NOT!  Many “wardrivers” find that it’s very easy to simply take a laptop with a wireless network card, and use somebody’s Internet access — because 75% of wireless networks don’t use even the most basic security features offered.

Wardriving

I define Wardriving as the mobile roaming around a geographic area with a computer and Ethernet-compatible wireless networking equipment to determine available access points, or points where access to a wired network can be gained.

More simply, wardrivers drive around in cars with a laptop with a wireless network card and try to find places that use wireless technology.

If you’ve ever watched the movie “Wargames” with Matthew Broderick in the 80s, or were actively involved in hacking or even cracking 10 years ago, you may be acquainted with software to dial a range of phone numbers with your MODEM to find computers to “login” to.  When the Internet wasn’t as popular as it is today, “wardialer” software was usually the first step to find computers to “play” with.  The term “wardriving” was chosen because it describes the “roaming” to find networks, and a good number of “wardrivers” will attempt to gain access to these resources.

Evaluating your own Wireless Network

(coming)

My Security Advice

Please be aware that this is only my opinion, and that I’m not responsible for any accidents or damages by following it.  If you want a more tailored, custom solution for your residence or business, please contact me directly.

1. Fully understand your coverage areas.  KNOW how far your wireless network reaches.
2. Enable WAP.  I know, I know, it’s not a perfect solution, but the encryption offered by WAP will keep the script-kiddies away, and the vast majority of “crackers” will not attempt to play with your network if you are encrypting it.  Did you know that the MAJORITY of wireless networks don’t enable encryption AT ALL?  Simply put, it takes a lot of traffic on your network and a wardriver within constant radio range of your wireless network to break your WEP codes.  If your access point and wireless network cards support 128-bit encryption, enable it.  If not, then enable the 64-bit/40-bit encryption.  Don’t use cards without encryption!  Oh, and please pick a key that will be difficult to guess.
3. Change the default passwords on your access points!  Do this as soon as you get it online!  Lists of default passwords for many brands of access points are easily available from the Internet, and you could have your encryption disabled or your access control lists changed even from clients on your internal network!
4. Disable DHCP on your network segment with your access point.  If a wardriver that has the intent on accessing your network is in your coverage area, and you’re not running encryption (or your key has been hacked, a pretty rare occurrence), they can simply release their current IP Address, and renew a lease with your DHCP Server, giving them an IP Address on your private network.  Yes, that’s right, your PRIVATE network.  If you have a firewall device or NAT device on your network, it will be INEFFECTIVE against this kind of attack.
5. Enable Access Control, whenever possible.  Access control allows you to DENY access to your wireless network to all computers, except those in a specific list of MAC addresses that you choose.  Even if your WEP encryption is compromised, “crackers” will need to know a MAC address of an allowed client to gain access.  It’s very possible they’ll have to pull a “Kevin Mitnick”, or capture packets moving back-and-forth from your wireless clients, run a denial-of-service attack to shut down one of them, and poison the ARP Cache of your router to be successful.  Not for your run-of-the-mill “cracker”.
6. Don’t broadcast your SSID.  If your access point has an option to shut off SSID Broadcasting, use it.  You’ll have to make sure the SSID set on both your access point and wireless clients match, but this should be the case already!
7. For an even higher level of security, consider giving your wireless users no access to your private network at all, without connecting and authenticating through a virtual private network (VPN).

Software

NetStumbler — The Most Popular freeware for Wardriving hands down.  Works with Windows 95, Windows 98, and Windows 2000.  Support for Windows ME and XP is coming.  Their forum is an awesome resource, but please, read the FAQs and do searches before posting!  Many of the members have participated in DefCon 10’s Wardriving Contest, and are probably among the most knowledgeable on 802.11 security that I know.

Ethereal — This is a freeware Packet Sniffer utility.  You need a Wireless NIC that works in promiscuous mode (Sorry Orinoco Users).

Other Links

External Antennas with a D-Link DWL-1000AP Access Point (a work in progress)

The Cantenna, 802.11b Networking with a Coffee Can (this REALLY works)!

I respond to a gentleman who is looking for a hardware router, and I respond with a free software solution that would accomplish the same goal.

Date: June 22, 2001 01:02 PM
Subject: Re: broadband router recommendation

> Hey all,
>
> Currently I’m using an evaluation
> copy of Microsoft ISA Server, but when that runs
> out I’m probably going to want to switch to a
> hardware solution to connect my LAN to the
> Internet over DSL. I know the Linksys routers are
> the most popular, but they also were the first
> ones on the market. Has anyone looked at the SMC
> or other broadband routers and compared them to
> the Linksys? Any
> opinions?
>
> _–Will–_ http://www.inside-corner.
> com http://www.mp3.com/hypnoticsuggestion

Will,

How many users are you supporting on your LAN? Is this an “in-home” LAN, or a business LAN?

If it’s an “in-home” LAN with a small amount of users, may I suggest trying Internet Connection Sharing, which is built into Windows 98SE, Windows ME, and Windows 2000? I am currently using an evaluation copy of Windows 2000 Advanced Server on my server, and I have Internet Connection Sharing setup to share the Cable connection. This piece of software uses an IP masquerade to make computers on your LAN appear as one computer to the remote network, as far as TCP/IP addressing is concerned…

And best of all? Internet Connection Sharing is a free solution. I have been very happy with it so far, with a total of 4 computers accessing the Internet. Can’t beat the bang for the buck!

Brian Klier
Forum Pro
http://kliernetwork.net

(http://www.connectedhomemag.com/Forums/thread.cfm?CFApp=80&Message_ID=186415)

Today we respond to someone concerned about legacy parallel devices on Windows XP.

Date: June 22, 2001 12:58 PM
Subject: Re: Windows XP and old thingys

> I’ve spent forever getting my old Ditto Max Pro
> tape drive (Iomega) to be nice to the other
> devices on the sacred LPT 1, which no one wants
> to share. What will be the fate of this, and
> other devices no longer under warrenty when XP
> comes out in fall? I would like to get a new
> computer at that time, but I’m really worried
> about my peripherals. In addition to my scanner,
> three printers and a digital camera, I have an
> external ZIP drive (100) Will this stuff work on
> the new operating system?

Hi Charlotte!

Unfortunately, there is no easy answer to your question. I’m pretty positive Microsoft will continue to support the parallel port in Windows XP, however, the more difficult question is, “Will the manufacturers of my peripherals support Windows XP?”

Users of the Apple Macintosh faced a similar dilemma after Apple discontinued producing the actual hardware Serial Port. All of a sudden, Apple users who purchased a new iMac found themselves not able to use any of the legacy peripherals they had purchased. Other companies eventually discovered this out, and provided USB-to-serial interface boxes for sale. These boxes work most of the time, but as always, some experience problems with them.

Fortunately for the PC users, most motherboard manufacturers today still incorporate an on-board parallel port to support these legacy devices. Some computer manufacturers are building what are known as “Legacy-Free” PCs, and these computers usually do away with connectors that most new equipment do not need to take advantage of, such as the serial and parallel ports. Most of the industry has already moved the direction of USB, and I think it’s safe to assume that this trend will continue.

My recommendation to you would be to contact the manufacturers of the devices you own, and ask them if they intend on releasing drivers that function on Windows XP. I’ve found companies that are very good at supporting their legacy products, and others that drop support quickly for products over a year old. Embrace those companies that give a long useful life to your peripheral by supporting them. For those that don’t, new peripherals may be the only option.

Brian Klier
Forum Pro
http://kliernetwork.net

(http://www.connectedhomemag.com/Forums/thread.cfm?CFApp=80&Message_ID=186414)

I’ve been selected as an online Forum Pro for the new “Connected Home” magazine. Connected Home Media is dedicated to helping IT professionals and technically savvy users implement, maintain, and secure home networks for telecommuting, working at home, and integrating all home technology into their lives. The premiere issue of this magazine will be on the newsstand January of 2002.