Wireless networking is fast becoming a service expected by
most enterprises. Being able to undock a laptop, walk around the office (for
meetings, impromptu brainstorms, etc.) and still have instant access to files
and data sources is seen as vital. For an IT department, the implementation of
wireless networking is relatively simple and inexpensive. The transfer speed
offered by wireless hardware is constantly increasing, making it a viable alternative
to wired LAN in some situations such as small offices with solid floors and
This all sound great, but there has to be a catch doesnt
there? Well yes, the catch is security.
We go to great lengths to protect our wired networks from the
outside world. What would you think if you started working for a company and
found that they had no firewall protecting their internet facing services? Well,
the same should apply to wireless services as these face the outside world and
are more vulnerable than you may think. A report put together by RSA Security in 2004 gives some horrific figures on the use of unencrypted wireless networks;
this was as high as 72% in Milan! A newer report
shows that the situation is still not under control–26% of access points in
the factory default settings. I decided to take my own survey and drove around
a local town for 20 minutes. I picked up 372 individual access points! A
massive 39% of these were open, 47% WEP encrypted, and 14% WPA protected. Most
of these were obviously home broadband networks, however a notable number were
clearly advertising their location, including some businesses.
There are, of course, simple measures which can be taken to
protect your network. 128-bit WEP encryption is available on almost all wifi
equipment. This is as simple as generating a suitable encryption key (there are
many utilities on the internet like this one)
and then entering it in your AP’s web interface. This will be enough to stop
the guy in a coffee shop next-door from connecting to the Internet via your
network (rather than paying for the local hotspot access–who doesnt like a
free lunch?). Thats all very well but will it protect your network from more
shady characters? No is the simple answer; WEP encryption is easily crackable for
those in the know. Hackers will be less interested in simply gaining free Internet
access; they could have much more sinister intentions. First, don’t advertise
your network to the world. Hide your network SSID (some hardware offers this
feature), and failing that you should at least use a random SSID rather than
MyCompany. I know that sounds silly, but you would be amazed how often this
is the case.
If possible, use WPA encryption. While this is still not
impregnable, it is a vast improvement over WEP, and most new equipment will
allow the use of WPA. Another precaution you can take is to separate your
wireless and wired networks on to different subnets, placing a firewall between
them (much as you would with your Internet connection).
One thing which all network administrators should do on a
regular basis is check the strength of their own networks. Scan your firewall
and systems for the latest vulnerabilities or exploits, because you can be sure
that someone else is doing this for you! The same applies for your wireless
network–do you know how easy or difficult someone would find it to penetrate? A
set of tools I have found very useful are those put together by the security group
You can boot from the Auditor LiveCD without the need for installation. You
dont need a dedicated notebook–just pick one with compatible hardware, pop in
the CD, and you’re off (I use my IBM ThinkPad). It seems this set of tools is
so complete that even the FBI uses it!
Explaining the theory behind testing WEP encryption is
beyond the scope of this blog; however, here are several references which will
explain things. Note that most of them refer to the Auditor LiveCD previously
This article from Toms Networking describes how FBI agents demonstrated WEP-cracking
techniques using the Auditor distribution. There are also some suggestions for
strengthening your wireless configuration.
This column from SecurityFocus goes more in-depth on the subject of WEP
cracking with some interesting background information on the tools used in the
- Finally, this video shows how shockingly easy it actually is to hack into a
WEP-encrypted network. I followed this tutorial and audited my own home
network; needless to say, I have now moved over to WPA encryption!
If you don’t already follow security-related press and learn
about so called ‘underground’ techniques being used by hackers today, I can
only urge you to do so. The only way to keep your networks secure is to fully
understand the threats being faced and techniques used.