Networking

Is your wireless network secure?

In a recent tour of San Francisco, Oakland, and Palo Alto, a leading security expert discovered over 2600 networks, nearly a third of which were not using any encryption at all.

A leading security guru is making the rounds trying to increase awareness of wireless security, or rather the severe lack of such security. In a recent tour of San Francisco, Oakland, and Palo Alto, he discovered over 2,600 networks, nearly a third of which were not using any encryption at all. This effort did not uncover all the security flaws as the researcher did not want to cross the fuzzy line between legally detecting these networks and potentially breaking the law by trying to connect to them. The line is not clear because the courts have yet to weigh in on the topic of connecting to networks where the administrators have taken no precautions to secure their infrastructure.

A Road Map to Wardriving in These Times (San Francisco Chronicle)

A site map is a good place to start when assessing the potential signal leaks, and when done properly it can be a huge benefit to security personnel. These surveys are about to get far easier with technology from Airwave that promises to make spectrum analysis much easier as it runs on standard Intel Centrino 2 processors. Further security can be obtained with paint-and-window film that attenuate wireless signals to the point that they are extremely hard to detect outside the building.

How to: Conduct a Wireless Site Survey (Wi-Fi Planet)

AirMagnet and Intel® Demonstrate New Technology That Vastly Simplifies Wireless RF Troubleshooting (BusinessWire)

How to: Prevent Parking Lot Attacks (Wi-Fi planet)

Though I do not handle the wireless security for my organization, I do handle it in my home. At work, since I am in education, there are huge potential holes that could be exploited as a result of the university's desire to maintain open systems that anyone can connect to. These risks are mitigated with various technologies used to encrypt information between the clients and WAPs, but they are risks nonetheless. How focused is your organization when it comes to wireless security?

31 comments
jneilson
jneilson

At work our wifi is open, the computer are secure. At home my wifi is secure, plus if someone can see it their in "range".

Neon Samurai
Neon Samurai

I've considered doing that at home; leave the wifi open and manage all security by VPNing the nodes together. A black network running over the clear network. I can't bring myself to do it. In your case, if that's a business network, it needs to be secured right quick. I don't care if you've nothing of interest or VPN tunneling between each workstation and your servers, it's a problem. If only to keep the neibourhood from running out your network for free interenet; unless that is your intent of course.

VikingCoder
VikingCoder

Our is very secure... we don't have one! We're still running 9/10 of our business on mainframes. At the rate we adopt new technology, we'll get wifi about the time we start networking with warp field technology.

Neon Samurai
Neon Samurai

If a wired network has a loop left in the open and I splice into it or tap the coax with a clip; it's not ethical or legal without owner's consent. If a house is left unlocked and I wonder in and look through the firdge; it's not ethical or legal without owner's consent. If a car is left unlocked and I jump in to get out of the rain or borrow the lighter; it's not ethical or legal without owner's consent. If a neibour is sunbathing in the back yard with the presumption of privacy and I get an obscured vantage point through the trees; it's not ethical and potentially not legal without owner's consent (if only in civil court). If I grab the neibour's hose and water down my garden or move the sprinkler so it also covers part of my own yard; it's not ethical and questionably legal (again, in civil court if your neibour is a shmuck). If I grab follen apples from the neibour's tree off my lawn then fine but if I reac across and pull a branch over to pluck the fruite off or insure that it lands on my property with a few shakes; it's not ethical and also opens the potential for a civil case if the neibour is like that. What's the question with wireless? It's a crime that can be commited from your couch so it's ok? The law already exists; Theift of Services. Unless the router is named "free internet" or something equally obvious; stay the F off it. It's really that simple; no explicit owner's consent, no access. Also, do you really want to be connecting to an unknown wireless router without knowing how many sniffers the person has watching your webbanking between the AP and there ISP connection?

Michael Kassner
Michael Kassner

I agree with your points, but I'd thought I would mention that RF is considered differently. As an amateur radio op, I'm acutely aware of this too. RF that's intercepted in public spaces is considered public by .gov regulations. Where it get's sticky and where the .govs need to catch up is when that same RF is used to manipulate the devices that are emanating the RF.

Neon Samurai
Neon Samurai

I hear the ham folks have been hooking modems into the radio shack rigs for years. Is there any prsident there already for jacking into someone's ham BBS unauthorized? The problem I see is having .gov catch up in there usual seldge-hammer-to-drive-a-furniture-nail way like they've done by crippling the valid security reasearchers with DMCA nonesense.

Michael Kassner
Michael Kassner

No, it's not that glamorous. I just contact the FCC and they issue a cease and desist order. I has to be pretty bad for me to do that. Some times the sats are close to the horizon and I do get interference. If you are interested here is the AmSat web site: http://www.amsat.org/amsat-new/index.php http://en.wikipedia.org/wiki/OSCAR If I ever get mad enough I could just aim my dish at their house and it all over. Just kidding. As for chatting on radio, I seldom do that. My area of interest is mainly computer-based now. Us hams had email way before the Internet and we are proud to say the the entire infrastructure could fold and we would still be able to communicate. My main effort besides sat comms is called packet radio: http://www.14567.org/ Sorry the web site being a bit cryptic, but it's chuck full of very cool information. Can you tell that I'm very proud of my amateur radio roots (43 years now).

Neon Samurai
Neon Samurai

I kept my old 2.4 ghz cordless phone just so I'd have a cheap interference generator handy should it be of use on a job/project. That thing used to blow me off my own wireless router constantly untill we replaced it. ;) By "I have just cause to shut them down" do you mean walk over to your neibour's radio shack and unplug the antena or something even more interesting? I've a hardware friend who got started in ham and keeps his gear handy still including an inch thick meter log antenna. It may be time for another radio chat on the couch. I'm not much for talking to people by voice though so it'd be more personal interest at this point. With the reuse of old tachnology as new because it's a new box, I often find myself looking back at how it was done before. Cybercrime; psh.. it's wire-fraud, we don't really need new laws for that even if it's trendy again. Admins misusing access to systems; how do accountants manage the same risks? In this case my first thought was; it's radio, how do the radio guys deal with this already? At the moment, I do retain a license for radio as part of obtaining my pilot's license. I've heard tell that marine radio now requires a license around these parts. Even requiring a license to operate a boat was under discussion though I never heard how that turned out.

Michael Kassner
Michael Kassner

Hams are the primary licensee on the lower half of the 2.4 GHz frequency range that 's shared with the Wi-Fi ISM band and if someone is interfering with my equipment I have just cause to shut them down. I've never had to do that though as my sat and ISS comm system uses 100 watts as I said before. It's a bit unsettling, but I had to take several tests and am required to use due diligence to retain that privilege. If you're interested the Technician's test is 0nly 30 questions and you can get the entire question/answer pool at the link below: http://www.arrl.org/arrlvec/pools.html

Neon Samurai
Neon Samurai

I believe one of the excuses wireless NIC vendors (cough, broadcom, cough) are FCC regulartions; "but we can't provide open drivers because they could be modified to make the hardware do stuff like broadcast with more strength". I'm a bit surprised to hear that the FCC bans the use of security mechanisms in transmission. I'd have thought that by now with everything passed by computer network being encrypted or trying to become so that the pure radio bands would allow it. Boooo! I hadn't even thought of that, I originally meant in just breaking into someone else's connection to a HAM BBs and pilfering there credentials or messing with someone's gear by jacking into there reciever.

Michael Kassner
Michael Kassner

The FCC doesn't even allow amateurs to use encryption. That's why we have to be really careful when playing with WiFi gear. Amateurs are allowed up to 100 watts on almost half of the 2.4GHz ISM frequency band. Its used a lot for satellite comms. If we use some off the shelf gear we have to be careful about encryption and make sure to have an ID beacon every 10 minutes.

Neon Samurai
Neon Samurai

Hehe.. was that aproximate figure plucked from thin air? hm.. me thinks that looks familiar for some reason..

Andy J. Moon
Andy J. Moon

Like I said, my environment is only secure to a degree. Since the powers that be want to allow students to easily connect wirelessly, there is an account that anyone can use and that even a script kiddie could guess in ten minutes or less. However, there are measures in place to assure that only people who enter appropriate credentials can access the interior portions of the network. How far do you go when it comes to wi-fi security?

Dumphrey
Dumphrey

but is segregated from the production network, as its only point is to provide casual internet to visiting sales and such. Risky I know, but it was not my decision =\ At home I use wpa2 tkip with a 32 bit random password (created 8 64 bit and "matrixed" them to get 8 32 bit passwords).

richa.mittal
richa.mittal

The key factor is that Wi-Fi devices function in a dynamic environment where IP addresses to the user PCs are allotted dynamically as the machine accesses Wi-Fi. Hence, users cannot be identified through the IP address. But with Cyberoam which is the only identity-based security solution, users are identified by their username and access policies can be set by the username. Hence when an intruder accesses the Wi-Fi, he or she still cannot access the corporate Internet since Cyberoam would not recognize the user identity. This is because the Cyberoam treats the user identity as the fundamental basis of corporate security.

Neon Samurai
Neon Samurai

What is the potential for discovering a username from passive network traffic capture? Once a username is discovered, what other authentication mechanisms are in place to keep the intruder from simply borrowing a MAC and username? How does this product differ from a radius server setup? How is this product stronger than useing certificate based authentication? (honest questions as it's an area of interest for me)

pgit
pgit

I have a humongous pass phrase, with alpha-numeric substitutions, special characters etc. Interestingly it's quite easy to remember. But my son's girlfriend had a device that's basically an iphone without the phone, and with only a touch screen keyboard it took her an hour to get it right and get connected. I read an article about the amount of processor time it would take to crack certain kinds of passwords. I can't find it now, but I recall thinking the router would burn out long before the phrase could be cracked. (and I be 6 feet under as well)

Neon Samurai
Neon Samurai

I believe that is the iPod Touch; iPhone without the phone radio. With Skype, it basically becomes a phone in range of any wifi. I'd have tried a bluetooth keyboard but I'm not sure if it has a BT radio let alone keyboard support without hacking in third party apps. I remember reading a short writeup on how to make a program to decrypt data on a winCE or PalmOS device (when WinCE was still the brand name, so a while back). The best part was that if you made the bit strength too high, the device would drain the battery really quickly. Of course, my mind thought hm.. DOS'd device ending in dead battery.. interesting.. With my wifi, I've actually been considering pulling a random 8 character string from my password generator and using it as the SSID rather than a meaningful string. It has the added advantage of saying "this is my SSID, you really think my pass phrase is going to crack in a remotely reasonable time?" (I know, it would only present a puzzle to the really interested parties within signal range.)

Dumphrey
Dumphrey

mine atm is just Bananna12. No story there, it was just random.

jawwad.ahmed
jawwad.ahmed

Dear Andy, When it comes to wifi security then I believe in MAC filtering and few security measuers in access points which definitely secure network traffic and restrict unwanted interferences. Regards Jawwad A Katiyar

rwtodd2007
rwtodd2007

MAC addresses are easy to spoof. Better off with ACL.

Neon Samurai
Neon Samurai

I use MAC filtering also though purely to cut down on the radio noise my router cares about processing. There is no security advantage to filtered vs unfiltered MAC with the ease of which anyone jacking wireless networks can walk past it. The WPA/WPA2 encryption is the security mechanism that keeps unwanted visitors out of the wireless signal. I thought it was worth clarifying encase you where relying on MAC filtering as a security mechanism.

Neon Samurai
Neon Samurai

Teach the students all the good habits for life; like posting the wireless network passphrase on public walls. If you couldn't remember the wifi password, you just walked down the hall past the computer labs and there it was in big bristol board backed letters. Oh, but they had MAC filtering so everything is just tickity-boo. My own wireless? I'm confident with it at the moment but due to the small number of wireless nodes and my habit of watching the router's list of connected client IPs. Also, it's not like WPA2 can't be cracked but it won't be in time to be usable before the regular passphrase change. Now if only it was legally acceptable to jump into all the OPN and WEP routers near me and change them to "fix me" or my contact information for contract visits. ;)

NaughtyMonkey
NaughtyMonkey

considered a public service.

Neon Samurai
Neon Samurai

Setup a little apache box Open your router wifi up redirect all router traffic to the apache box wait.. hehe.. I hadn't thoguht of that before.. If you where really feeling evil and unethical, you could even jack the power on your router and hijack wifi within the area so suddenly everyone's network seems to point at "the ineternet is down, please hold".. hehe (there's a tool to help with that but it's a different discussion then.)

Dumphrey
Dumphrey

the web end, but I would assume it was just a default route to 127.

Neon Samurai
Neon Samurai

I thought I had a weekend's worth of amusement when I was planning to setup my secondary router with "hackmebtch" and an army of sniffers to watch he was dumb enough, or playfull enough, to jump on it. That's fantastic though.. I have a few people that story of yours is getting told too.

Dumphrey
Dumphrey

Another funny one downtown was an open AP leading to a single non-web attached apache server that had one page set as the default gateway: 404: The internet is down for maintenance. It got 12000 hits in 2 weeks.

Neon Samurai
Neon Samurai

My ethics keep me from doing just that but it is so tempting when I see a network wide open. I was at a friends and had a look at the air; "jerry loves anal" (the name wasn't jerry but the SSID made me laugh)

Dumphrey
Dumphrey

lives in the "downtown" are here in an apartment building. There is an unecrypted wifi network in the building with an ssid of "EncryptyourD@mnWireless".

Neon Samurai
Neon Samurai

Problem is, I rarely meet the owner of the networks and it can be hard to explain your presense when you nock on a door holding a wifi scanner and gps. ;)

Editor's Picks