Wireless Network Security

This month, I am writing an article on Wireless Network Security.  After working with 802.11b Wireless over the past few months, it is simply amazing how many simply keep their wireless network open for anybody that passes by!

Wireless equipment is now very affordable, and many people with technology in their homes and businesses are going out and purchasing equipment to build wireless networks.  Are the majority of the people installing this equipment aware of the security risks with plugging it in without exploring your security options?  The answer is absolutely NOT!  Many “wardrivers” find that it’s very easy to simply take a laptop with a wireless network card, and use somebody’s Internet access — because 75% of wireless networks don’t use even the most basic security features offered.

Wardriving

I define Wardriving as the mobile roaming around a geographic area with a computer and Ethernet-compatible wireless networking equipment to determine available access points, or points where access to a wired network can be gained.

More simply, wardrivers drive around in cars with a laptop with a wireless network card and try to find places that use wireless technology.

If you’ve ever watched the movie “Wargames” with Matthew Broderick in the 80s, or were actively involved in hacking or even cracking 10 years ago, you may be acquainted with software to dial a range of phone numbers with your MODEM to find computers to “login” to.  When the Internet wasn’t as popular as it is today, “wardialer” software was usually the first step to find computers to “play” with.  The term “wardriving” was chosen because it describes the “roaming” to find networks, and a good number of “wardrivers” will attempt to gain access to these resources.

Evaluating your own Wireless Network

(coming)

My Security Advice

Please be aware that this is only my opinion, and that I’m not responsible for any accidents or damages by following it.  If you want a more tailored, custom solution for your residence or business, please contact me directly.

  1. Fully understand your coverage areas.  KNOW how far your wireless network reaches.
  2. Enable WAP.  I know, I know, it’s not a perfect solution, but the encryption offered by WAP will keep the script-kiddies away, and the vast majority of “crackers” will not attempt to play with your network if you are encrypting it.  Did you know that the MAJORITY of wireless networks don’t enable encryption AT ALL?  Simply put, it takes a lot of traffic on your network and a wardriver within constant radio range of your wireless network to break your WEP codes.  If your access point and wireless network cards support 128-bit encryption, enable it.  If not, then enable the 64-bit/40-bit encryption.  Don’t use cards without encryption!  Oh, and please pick a key that will be difficult to guess.
  3. Change the default passwords on your access points!  Do this as soon as you get it online!  Lists of default passwords for many brands of access points are easily available from the Internet, and you could have your encryption disabled or your access control lists changed even from clients on your internal network!
  4. Disable DHCP on your network segment with your access point.  If a wardriver that has the intent on accessing your network is in your coverage area, and you’re not running encryption (or your key has been hacked, a pretty rare occurrence), they can simply release their current IP Address, and renew a lease with your DHCP Server, giving them an IP Address on your private network.  Yes, that’s right, your PRIVATE network.  If you have a firewall device or NAT device on your network, it will be INEFFECTIVE against this kind of attack.
  5. Enable Access Control, whenever possible.  Access control allows you to DENY access to your wireless network to all computers, except those in a specific list of MAC addresses that you choose.  Even if your WEP encryption is compromised, “crackers” will need to know a MAC address of an allowed client to gain access.  It’s very possible they’ll have to pull a “Kevin Mitnick”, or capture packets moving back-and-forth from your wireless clients, run a denial-of-service attack to shut down one of them, and poison the ARP Cache of your router to be successful.  Not for your run-of-the-mill “cracker”.
  6. Don’t broadcast your SSID.  If your access point has an option to shut off SSID Broadcasting, use it.  You’ll have to make sure the SSID set on both your access point and wireless clients match, but this should be the case already!
  7. For an even higher level of security, consider giving your wireless users no access to your private network at all, without connecting and authenticating through a virtual private network (VPN).

Software

NetStumbler — The Most Popular freeware for Wardriving hands down.  Works with Windows 95, Windows 98, and Windows 2000.  Support for Windows ME and XP is coming.  Their forum is an awesome resource, but please, read the FAQs and do searches before posting!  Many of the members have participated in DefCon 10’s Wardriving Contest, and are probably among the most knowledgeable on 802.11 security that I know.

Ethereal — This is a freeware Packet Sniffer utility.  You need a Wireless NIC that works in promiscuous mode (Sorry Orinoco Users).

Other Links

External Antennas with a D-Link DWL-1000AP Access Point (a work in progress)

The Cantenna, 802.11b Networking with a Coffee Can (this REALLY works)!

Posted in Blog, Technology Insights.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.