• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
Introduction
Please seeHow to Crack WEP...Reloadedfor the most up-to-date WEP cracking how to.
After demonstrating in
How To Crack WEP - Part 1
and
Part 2
that WEP cracking is easier than you mayhave thought, I will now switch gears. In this last part of the WEP Crack How To, I will show you how to take acommon sense approach to protecting your wireless network.As any security professional knows, there is no such thing as perfect security. A good security plan takes intoaccount the value of what needs to be protected, the cost of implementing the protection and the nature andskillset of the potential intruder in order to formulate an effective security plan. In other words, rather thanimplementing every defensive measure known to man, a more prudent (and cost-effective) approach may be totailor your defense to the threats that you most likely face.For example, wireless networks located in cities generally face more possible intrusions than those located insparsely-populated areas. During the course of a day in a city, dozens, maybe hundreds of people may pass byyour  
wireless LAN
. And a car could also be parked outside your home for hours, without attracting notice. But awireless AP located in a home on a ten-acre farm would be unlikely to see any client but its owner's and anyunfamiliar vehicles would be noticed and investigated in short order.
Why Bother?
For some people, setting up a
secure wireless network
is so daunting, they give up and run it wide open, ie.unsecured. I also hear people say, "I just surf the web and have nothing valuable on my computer. Why should I bother with security?" Good question, but here are some equally good answers.Running your WLAN wide open entails three major risks:
1) Your network resources are exposed to unknown users
Once someone wirelessly connects to your LAN, they have the same access as users directly connected intoyour LAN's
Ethernet switch
.Unless you have taken precautions to limit access to network resources and shares,intruders can do anything trusted, known users can do.Files, directories, or entire hard drives can be copied, changed or entirely deleted. Or worse, keystroke loggers,Trojans, zombie clients or other programs can be installed and left to work for their unknown masters.
2) All of your network traffic can be captured and examined
With the right tools, web pages can be reconstructed in real-time, URLs of websites you are visiting captured,and most importantly passwords you enter stolen and logged for future mis-use, most notably
identify theft
.
 
3) Your Internet connection can be used for illegal, immoral or objectionable activities
If your open WLAN is used to transfer bootleg movies or music, you could possibly be the recipient of alawsuit notice from the RIAA. In a more extreme case, if your Internet connection were used to upload child pornography to an FTP site, or used to host the
server
itself, you could face more serious trouble. Your Internetconnection could also be used by spammers, DoS extortionists and purveyors of malware, viruses and their like.It may be a noble sentiment to give
free Internet access
to anyone within range of your wireless LAN. Butunless you put some serious protection between your "open" LAN and the one you use, you are exposing your data, and perhaps more, to serious risk.The approach I'll take in formulating WLAN security recommendations is based on the expected skill level of  potential 
wireless
intruders. I'll then provide recommended security countermeasures for each skill level.
NOTE:
I will generally use "AP" (Access Point) throughout this article, but this should be read as meaning"Access Point or wireless router".
Skill Level 0: Anyone with a wireless computer
It doesn't take special skills to "hack" an unprotected 
wireless LAN
- anyone with a wireless-enabled computer and the ability to turn it on is a potential intruder. Ease of use is often touted as a selling point of wireless
networking products
, but this often is a double-edged sword. In many cases, people innocently turning on their wireless computers will either automatically connect to your access point or see it in a list of "available" access points.The following countermeasures should help in securing your 
network
against casual access, but
offer no realprotection against more skilled intruders
. These are listed in relative order of importance. But most of themare so easy to do that I recommend doing them all if your equipment allows.
Countermeasure 1: Change Your Default Settings
At minimum, change the
administration password
(and username if your equipment allows), and
defaultSSID
on your AP or wireless router. Admin passwords for most consumer 
wireless
gear are
widely available
.So if you don't change yours, you could find yourself locked out of being able to control your own WLAN(until you regain control via a factory reset)!Changing the default SSID is especially necessary when you are operating in proximity of other APs. If multiple APs from the same manufacturer are in the area, they will have the same SSID and client PCs willhave a good chance of "accidentally" connecting to APs other than their own. When you change the SSID,
don't use personal information in your SSID
! During my Netstumbler sessions, I have seen the following asSSIDs:
First and Last names
Street Addresses with apartment numbers
Social Security Numbers
Phone NumbersChanging the default channel of your AP might help you avoid interference from nearby wireless LANs, but ithas little value as a security precaution since wireless clients generally automatically scan all available channelsfor potential connections.
Countermeasure 2: Upgrade Your Firmware, and maybe Hardware
Having the most current firmware installed on your AP can sometimes help improve security. Updatedfirmware often includes
security bug
fixes and sometimes adds new security features. With some newer 
 
consumer APs, a single click will check for and install new firmware. This is in contrast to older APs whichrequired the user to look up, download and install the latest firmware from a sometimes difficult-to-navigatesupport site.APs that are more than a few years old have often reached their end of support lifecycle, meaning that no newfirmware upgrades will be made available. If you find that your AP's latest firmware doesn't support at least theimproved security of 
WPA
(Wi-Fi Protected Access), and preferably the latest version called
WPA2
, youshould seriously consider upgrading to new gear. The same goes for your wireless clients!Virtually all currently-available 802.11g gear supports at least WPA and is technically capable of beingupgraded to WPA2. But manufacturers are not always diligent in their support of older products, so if you wantto be sure that your gear supports WPA2, either check the 
Wi-Fi Alliance's certification database
, or do someGoogling in both the Web and Groups.
Countermeasure 3: Disable SSID broadcast
Most APs allow users to disable SSID broadcasting, which will thwart a
Netstumbler
scan. This will also stopWindows XP users using XP's built-in Wireless Zero Configuration utility and other client applications frominitially seeing the
wireless network
.
Figure 1
shows the control labeled "Hide ESSID" that will do the trick on aParkerVision access point. ("SSID" and "ESSID" both refer to the same thing.)
Figure 1: Disabling SSID Broadcast on a Parkervision AP(click image to enlarge)
NOTE:
Disabling SSID broadcast will not prevent a potential intruder using
Kismet
or other wirelesssurvey tools such as 
AirMagnet
from seeing your wireless network. These tools don't rely on SSID broadcastfor available network detection.
Skill Level 0 Countermeasures - more
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...