Tales of a White Hat War Driver
Pages: 1, 2
Responses from Owners of Insecure Networks
I realized what I was finding was not a failure of the technology, but a human failure. Sure, WEP isn't great and it can be broken, we all know that, but it is at least a good "front door." The process of cracking the WEP keys is much more time consuming, especially on a slow network, than most hackers are willing to hang around for (unless they live next door). After studying my logs, tracking down owners of these networks was relatively easy. In hopes of aiding some of these folks, I called them, introduced myself, and told them what I had found.
I got a variety of responses. Many people were simply not aware of this security issue, and admitted they just took the device out of the box and plugged it in. Also, many smaller shops had "professionals" come in and install their equipment, but security was never discussed.
One IT manager, shocked that I had found him from so far away, admitted that they chose not to use WEP because of the overhead involved. True, you can expect to reduce your throughput about 1 Mb/sec using WEP, but I think the trade off is worth it.
Some said they were just in a "test" mode and not really being used. Others were upset simply because I had found them. The Federal Courthouse's original response was that the AP I discovered was for lawyers accessing the Internet and they didn't care if others could tap into it (Yikes!). Then they called back the next day with a different story. Finally, they called a third time and said it was no longer being used. Obviously, in this age of heightened security, some feathers were ruffled by this discovery.
I realize that many IT departments are under-staffed and over-worked, and that many smaller businesses don't even have an IT department. But users need to realize when they deploy a wireless network that they are basically giving up some control of the physical access of their network. I have heard others compare it to laying a network cable out on the sidewalk and seeing who will connect to it.
Considerations for Implementing a Wireless LAN
Deploying a wireless network needs to be carefully evaluated. Below, I have outlined items to consider both before and after implementing a wireless LAN.
- What will you use your wireless network for? Just don't deploy it because it's the cool thing to do and everyone else is doing it.
- What will your security model be? What types of information do you deal with, and what would the consequences be if your network was compromised?
- Think about using tools such as a VPN (Virtual Private Network) to your access point, or place a firewall between the access point and your network. Or place your wireless LAN in its own VLAN (Virtual LAN) to separate it from your internal network. Or use end-to-end encryption, such as IPsec.
- Use the free, built-in security features that come with the wireless access point, such as WEP. Unless they really want in to your network, it's enough to cause the casual hacker to go somewhere else. On a small network, you may want to also invoke ACLs (Access Control Lists), giving access only to certain MAC addresses.
- If you require high security, you should invest in a more secure access point that authenticates with a RADIUS server or has other secure features built in. The Lucent AP-500 is moderately priced, but includes features found on their enterprise class product, such as a Closed System Mode that doesn't broadcast its SSID and supports 128-bit WEP. And at this writing, access points with dynamic WEP key generation have become available.
- Unless you purposely want to have outdoor users on your network, try to locate access points in the middle of the building and away from glass windows. Or use a concentrated (unidirectional) antenna system so the radio pattern will be focused in a known area.
- If you have a large business, you may want to write a policy on how the company controls the airspace. WLANs have become so popular that many companies find individual departments are setting them up with no permission from central IT departments. This can interfere with and degrade the corporate WLAN, since they can use the same radio channels. Some of the APs I discovered, once traced back to the business, were found to be unauthorized by the network administrators.
- Use the built-in security on your network switches or hubs. For instance, with 3COM switches, I have used DUD (Disconnect Unauthorized Device) on ports, or SNMP "MAC Address Change" warnings, insuring that new devices aren't plugged into the network without authorization.
- If you are working with a VAR or some other installer, obtain a written agreement as to the type of wireless configuration they are responsible for installing. Make sure they leave proper documentation as to what they've done.
- Don't be too descriptive in naming your WLAN.
- Because most wireless end-users work with laptops and PDAs (Personal Digital Assistants), these devices are more prone to be stolen or misplaced. Take precautions to prevent this and have a plan in place in case it does happen, such as system level passwords so someone cannot gain access to the computer's hard drive. In some systems, WEP keys are stored as plain text in the Windows registry, making it easy for someone to retrieve. Have a plan in place to change WEP keys also. Although this should be done on a periodic basis anyway.
- Do a site survey!!! I can't stress this step enough. Most people have no idea where their radio waves are traveling. Walk or drive around the perimeter of your site and document where your coverage areas are. Most access points use omnidirectional antennas, so their pattern consists of a large circle.
|
Related Articles
Easy 802.11b Wireless for Small Businesses NoCatAuth: Authentication for Wireless Networks An 802.11 ISP on Maine's Rocky Coast |
One last observation: it appears wireless is quickly gaining momentum in the home market, as I found many residential access points. Ironically, when I figured out the percent rate, home users appear to be better at securing their networks than many of the businesses I found. Two access points I remember coming across were residential units, WEP-enabled, with network names of "DONTUWISH" and "NOWAYDUDE." War drivers hate stuff like that!
Alan Rothberg has worked in the computer field for over fifteen years in a variety of network environments.
Return to the Wireless DevCenter.
-
this guy sucks
2002-10-05 21:40:20 anonymous2 [View]
-
this guy sucks
2003-07-29 21:34:31 anonymous2 [View]
-
80.11 and wardriving
2002-09-16 15:32:52 anonymous2 [View]
-
Win2k Security Suggestions
2002-04-14 11:46:59 henrygguzman [View]
-
Authenticating Firewalls
2002-04-02 21:02:07 Schuyler Erle |
[View]
-
Netstumbler isn't silent
2002-04-01 11:37:44 jpetry [View]
-
Response to Colorado Springs
2002-03-30 16:29:21 alanr [View]
-
Just as open in Colorado Springs?
2002-03-30 07:20:04 kgrr [View]
-
Just as open in Colorado Springs?
2006-07-08 00:38:09 dawncq [View]
Related to this Article
Take Control of Your 802.11n AirPort Network
August 2012
$20.00 USD
Kindle Fire: Out of the Box
by Brian Sawyer
November 2011
$2.99 USD
© 2013, O’Reilly Media, Inc.
(707) 827-7019 (800) 889-8969
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.