is just as it sounds, the physical theft of the device by an attacker. Fortu-nately, this is not a concept new or unique to wireless devices or systems, so the needfor protection of wireless devices and systems against physical theft is intuitive todevice and system manufacturers. Unfortunately, devising devices or systems resistantto theft is very difﬁcult.Several mitigations can be employed to minimize the threat. We will not spendmuch time stating the obvious, such as locking and alarming rooms that houseequipment.
The Man in the Middle
The attacker, by interjecting herself between the user and the server, accomplishes the well-known man-in-the-middle network attack. This interjection is done by gainingphysical access to the logical or physical path between the user and the server, such assitting at the user or server’s access point to the network. Alternatively, this can beused to spoof the user to the server and the server to the user. In both scenarios, theattacker has complete access to the communications between the user and the server.
In the 1980s, malicious types began
calling phone numbers at random inan attempt to locate unprotected modems and gain access to networks. The early 2000s version of war dialing is
roaming around with a laptop, wirelessNIC, and an antenna and attempting to gain access to wireless networks. As we havediscussed, the vast majority of wireless networks deployed do not use WEP or use WEP without implementing RSA’s Fast Packet Keying solution to (more or less) secu-rity. With a $100–150 wireless NIC set in promiscuous mode and a cheap parabolicgrid antenna from Radio Shack, hackers have gained access to thousands of wirelessnetworks across the United States. In populated areas, war drivers have used simpleGPS applications in combination with the wireless NIC and antennae and have suc-cessfully mapped the location of thousands of wireless networks to which they cangain access. No esoteric software or hardware is required. A software applicationcalled
has the ability to analyze the intercepted WEP trafﬁc and, after collect-ing enough data, even determine the root password for the wireless system.
Denial of Service
Denial of service
is a class of attacks that take many forms, from subtle to obvious. Anobvious denial of service attack against a wireless system would be to sever the coaxcable on the tower between the transceiver and the antenna. This deﬁnitely woulddeny service to anyone wanting to use that particular tower. A more subtle attack
ANALYZE ATTACKS AND VULNERABILITIES