Want wireless security? Hack yourself
- By John McCormick
- Jul 27, 2005
Wireless networks can be a nearly magical budget-saving wonder. Look how much data you can pump through inexpensive wireless routers while networking entire offices, including those laptops in the conference room'all without the headache of network cabling
But you no doubt know that wireless security is a serious concern'and it may be a bigger problem than you think. Time to start thinking like a hacker. In the 1990s, when wired networks and the Internet were gaining prominence, security experts started publishing software and manuals to help expose vulnerabilities in the technology. Their goal: to show admins how their networks could be exploited so they could tighten security.
Wireless security is subject to two main variables, the first being range. If no one outside a controlled access area can pick up the signal, they can't hack it. That's a good thing, because traditional ways of securing a wireless network'authentication/authorization and encryption'have their weaknesses.
Most wireless networks have a very limited range, so a fundamental security question is 'What's the maximum range of your 802.11x network?' Have you relied on the vendor's stated range for defining a perimeter outside of which people can't attack your network? Or have you taken the extra step of walking around with a laptop to see what the range really is?
These are important questions, but even they don't take into account all eventualities. There's an inexpensive antenna that gives an Apple Airport network a 10-mile line-of-sight range. What kind of range such an antenna would give a hacker who's wardriving your network isn't certain, but if you can find the design online (and you can by going to www.gcn.com and entering 454 in the GCN.com/box) anyone can.
The design was posted by a professor of electrical engineering, but it could be used by any kid with access to a Leatherman multitool. It shows how to build a cheap wireless network antenna with a 22dB gain. There are specific details for 802.11a/b, but it wouldn't take much to alter the plans for other frequencies.
By comparison, mobile laptop antennas generally have a 5dB gain, so if you only used a notebook to test your network's vulnerable perimeter, you could be way off. People sitting a mile or more outside your fenced and secure parking lot could be monitoring your network using surplus junk.
And remember, teleworkers, by extension, pose a whole other threat. Anyone logging onto your agency network remotely must not have a wireless access point.Tools of the trade
The second variable in WLAN security is, of course, the strength of the security technologies you put in place. To assess that, you should think like a hacker. Hackers need software to locate and penetrate your wireless network, but there is no shortage of it online. Get some and start hacking.
Airsnort is the well-known Wired Equivalent Privacy encryption key recovery tool available at airsnort.shmoo.com
(but if you're relying on WEP, you have bigger problems than I thought). Kismet (www.kismetwireless.net) is a good wireless network sniffer and packet collector. And you can find a decent BSD Unix 802.11b auditing tool at www.dachb0den.com/projects/bsd-airtools.html. Some downloads don't even require you to run Unix or compile code to use them, making them ideal for script kiddies, or unskilled hackers.
I'm not telling hackers anything they don't already know. But I hope I'm telling you what they know. I've spoken at hacker conventions and know how good some of these people are. Wardriving contests to see how many wireless access points the attendees can find are a fixture and nothing brings out innovation like competition between geeks.
You simply can't depend for security on the fact that your Gateway Tablet PC drops the wireless network signal when you are halfway across your secure-access parking lot. You need to test for vulnerabilities using the sort of tools a hacker would use. White-hat 'hackers' (i.e. you) should check out the cheap antenna design to improve the chances of catching bad people without waiting for special budget authorization.
Wireless network technology is still maturing. Today, if you want to fight hackers, it helps to think like them.John McCormick is a freelance writer and computer consultant. E-mail him at firstname.lastname@example.org.