Table of Contents
- Web Application Security
- Operating System Security
- Network Security
- Hardening Your System
- Wireless Basics
- Frequency and Data
- Using the Spectrum
- Why is Wireless Security Important?
- Wired Equivalent Privacy (WEP)
- MAC Filtering
- Radiation Zone
- Demilitarized Zone (DMZ)
- Virtual Private Network (VPN)
- Remote Authentication Dial-In User Service (RADIUS)
- Setting Up Windows 2003 for PEAP
- Setting Up Windows 2003 for PEAP, Part 2
- Setting Up Windows 2003 for PEAP, Part 3
- Temporal Key Integrity Protocol (TKIP)
- Advanced Encryption Standard (AES)
- Secure Sockets Layer (SSL)
- Intrusion-Detection System (IDS)
- Wireless Intrusion Detection Solutions
- Practical SOHO Public WLAN Setup
- ZoneCD: The Secure Way to Share Your Internet Connection
- ZoneCD, Part 2: Online Configuration Options
- ZoneCD, Part 3: Gateway Options
- Natural Wi-Fi Jamming
- Wi-Fi Protected Access (WPA)
- WPA Part 2: Weak IV's
- WPA Part 3: WPA Fixes
- Securing Your Wireless PDA Connection
- Securing Your Wireless PDA Connection, Part 2
- Wireless Intrusion Detection Tools
- Wireless Intrusion Detection Tools, Part 2
- Wireless Intrusion Detection Tools, Part 3
- Handheld/PDA/Smartphone Wireless Sniffing
- Airpwn: Owning the Airwaves
- Wireless Denial of Service Attacks
- Wireless RF Audits
- Professional RF Analyzers
- Open Source Tools: ntop
- War-Driving Exposed
- Wireless Karma
- Handheld War-driving
- Byte-Sized Decryption of WEP with Chopchop, Part 1
- Byte-Sized Decryption of WEP with Chopchop, Part 2
- Fragmentation Attacks
- WEP Fragmentation Attack in Detail
- Windows Wireless Sniffers
- Penetration Testing with SILICA
- Owning the Auditors: WPA-PSK and USB Sticks
- Owning the Auditors: Cain and Abel
- The 10 Minute Wireless VPN: iPIG
- Informit Articles and Sample Chapters
- Mobile Security
- Data Forensics
- Legal and Ethical Issues of Security
- Home User Security
- Job Security for the IT Security Industry
- A Biased Book Review: Chained Exploits: Advanced Hacking Attacks from Start to Finish
- Security of Mechanical Locks
- Information Security in Academics
- Holiday Security: Hackers Don’t Take Holidays
- Gary McGraw on Building Secure Software
- Gary McGraw on Exploiting Online Games
- A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
- The Collegiate Cyber Defense Competition Year 3: Revenge of the Red Cell
- Questions from RSA 2007
- How to Steal 80,000 Identities in One Day
Why is Wireless Security Important?
Last updated May 23, 2003.
Every day there are hundreds, if not thousands of new wireless networks installed in businesses and homes. Unfortunately for most of these new wireless users, security is an after thought... if it's a thought at all. The reason for this is that most wireless users do not understand the risks associated with using or setting up an insecure and open network. Therefore, in this section we will provide several real and factual illustrations of what can happen when a wireless network is left open. Feel free to share these stories with those who doubt the dangers.
My interest in wireless networking started with the release of Netstumbler. This program basically sends out requests into the airwaves that cause any listening wireless access point to respond with various bits of information. I remember thinking that this was the neatest thing since sliced bread; I had to give it a try.
After waiting for a few days for my first wireless network card, a Dell TrueMobile 1180, I was ready to start war driving. I did the initial sweep of the local area near my office, but after finding nothing I decided to jump in my card and drive down the road a bit. It wasn't long before I heard that 'booonnng' noise that I will forever associate with Netstumbler.
After a few minutes of this, and several more wireless networks had been added to my list in Netstumbler, I decided to turn around in a parking lot of a business that had an open wireless network of their own. Much to my surprise, it was about that time that my email program indicated it had received a new message.
What happened? Well, to make a long story short, my computer had automatically authenticated and associated to the open wireless network. I then received an IP address from the DHCP service on the network, at which point my email program automatically connected to my email server online and downloaded my email.
Unfortunately, this could be considered hacking by some. However, in my own defense I had done nothing on my own to initiate the connection. Windows did all of it without my knowledge. In addition, I had passed my email credentials through an unprotected link and into a network I did not control. Obviously, this type of situation is not one I wanted to happen again.
Instead of expecting Windows to keep me secure, I should have closed all third party programs and disabled TCP/IP. This would have prevented my computer from connecting to the open wireless network.
Sensitive Information Theft
An open and insecure wireless network is a prime target for an attacker. There are two main reasons for this. First, all data that passes over the air can be captured and viewed by anyone with the right software. Second, an open access point is a perfect way for an attacker to get into an unprotected network without having to step foot inside the target network, and without having to find a way through a firewall.
To illustrate, back in 2002 it was discovered that Best Buy (and others) were using wireless point of sale systems (http://www.msnbc.msn.com/id/3078572/). The problem with this is that all the credit card information was being passed unencrypted over the airwaves. Unfortunately, this is all too common, and even if there is encryption, it is generally limited to WEP, which is easy to crack.
A second illustration can be seen in this story that made headlines in late 2003. In this case, several hackers had infiltrated Lowe's internal network (http://www.theregister.co.uk/2003/11/13/wireless_hacking_bust_in_michigan/) via an insecure wireless access point. By the time they were caught, the hackers had installed a credit card capturing program inside the network, killed the POS system at least once, and had gained access to at least six networks. All of this was made possible because someone failed to secure the wireless network.
Anonymous Connection Abuse
While gaining access to sensitive information is a serious issue, most home owners do not care or refuse to acknowledge the threat of an attacker gaining access to their data. On more than one occasion, I have heard the words, "I don't care if someone wants to use my network." If you are ever given this as an excuse, then consider the possibility that someone might be using your network to commit a crime.
To illustrate, in late 2003 a man was watching a streaming child porn video while in a car naked from the waist down while connected to an open wireless network (http://news.com.com/Wi-Fi+arrest+highlights+security+dangers/2100-1039_3-5112000.html?tag=nl). Why was he using an unprotected network? Well, he didn't want anyone to trace back the child pornography activities to his home computer. The problem with this is that the owner of the wireless connection could have been targeted by an FBI investigation, even though they never did anything wrong.
If this isn't enough, what if a spammer borrowed your wireless network (http://news.com.com/Wardriving+conviction+is+first+under+Can-Spam/2100-7351_3-5390722.html), or a hacker used it for illegal activities such as to release a virus or attack someone? Or, imagine the embarrassment if an attacker specifically targeted a Senator's wireless network and used it to attack the opposing party's website. The types of abuse are really only limited by the creativity of the attacker.
One area of concern that many business are failing to realize is the threat of a denial of service attack against their wireless network. For example, inventory management systems and medical offices are well known for using wireless gear to allow employees to maintain a mobile link to the network. But what would happen if an attacker performed a denial of service attack? The link would drop and all data flow would stop. This type of activity would be very disruptive and possibly even life-threatening.
The last issue that we would like to address is the possibility of a neighbor borrowing your wireless connection for no other reason than to steal bandwidth. While this may not worry you, think about the consequences you might face if your neighbor used your wireless connection to share their music library. It is quite possible that the RIAA might track that sharing back to you and stick you with the $100,000 bill. In addition, any type of file sharing will have a significant impact on your internet speed, and if you are on a plan that limits your download speed, you could find your connection seriously degraded as a result.
The point to this section is to highlight the many dangers associated with having an open and insecure wireless network. I can't count the number of times I have heard people tell me that they have 4-5-10 open wireless networks available to them from their apartment. If you are one of these people with an open network, please consider the possible problems you might face down the road if someone does borrow your bandwidth for less than honorable reasons.