Google Search


Wednesday, May 23, 2007

Confounding Wireless Attacks with Cryptography

When the majority of people logged on to networks via modems, hackers created software that automatically had their computer dial thousands of phone numbers in a series; looking for a modem to answer. These software programs were called war dialers. Taking a page from that book, hackers and freeloaders looking for wireless access points now engage in war driving, war walking, and war chalking.

War driving and war walking are simply moving from place to place (like a city's business district) with a laptop equipped with a wireless network card, a strong antenna, and wireless hacking software. They use their laptops to look for corporate and private wireless networks they can log on to. When wireless networks are found, the hackers sometimes leave some war-chalking marks on the sidewalk or the building to indicate the location of a wireless network and other useful information. War chalking is just as it sounds: The hacker uses everyday chalk that can be found in any toy store. The marks are coded symbols. Most people on the streets never notice them and, if they did, have no idea what the symbols mean.

Wireless networks do have some security capabilities, and one of them currently in use is WEP (Wired Equivalent Privacy). Don't stake your life on WEP, though, because it's only an equivalent of security; it isn't real security. WEP encrypts the packets going out over the air. It doesn't encrypt them particularly well, though, and much of the information about the network is sent in the clear. There are many hacker programs available that can crack the basic configurations of WEP, too. AirSnort and WEPCrack are two popular programs. Of course, WEP is much better than using nothing!

Here's a quick and dirty listing of some of the important (and fairly easy) things you can do to make your network less visible to war drivers and to implement WEP or other encryption schemes.
Look for rogue access points

Because wireless access points are very cheap, the temptation for employees to install their own access point is very high. In fact, they may be sitting right on top of the CPU box and you haven't even noticed them. Rogue access points can expose your network to outsiders and circumvent security measures such as firewalls and intrusion detection systems. This is the sort of problem that makes war chalking symbols appear outside buildings.

First, make it a policy that unauthorized access points are a big no-no and installing them is grounds for termination. That lets your staff know that you mean business.

Second, get a war-driving software program and use it yourself to find rogue access points. There are even programs you can easily run on a PDA. One that has received good reports is called WaveRunner. Walking around the office with a PDA is a lot less obtrusive than walking around with a laptop. With a PDA device, your staff may not realize what you're up to. Otherwise they may turn off their access points so you won't find them.
Change the default SSIDs

Although this isn't strictly an encryption technique, changing the default SSIDs can help "hide" your network from casual lookers. The SSID is basically the network name that the wireless access point broadcasts. It's a well-known fact (among hackers, anyway) that vendors often use their company name as the SSID. For example, the company LinkSys uses the SSID of "linksys." It doesn't take a brain surgeon to find networks using the default names. You'll need the access point's manual for instructions on how to change the SSID.

In addition to changing the default SSID you can also disable the "broadcasting" feature of the SSID. The broadcast feature means that the access point is sending out the name of the network to any wireless card that is trying to log on. If you disable this feature, a user will have to manually enter the name of the network and the network card won't find it automatically. The various wireless access point vendors have different methods of accomplishing this task, so you'll have to refer to your user's manual to see how to make these changes.
Turn on WEP

You have to do more than just turn on WEP; you also have to check a box that says something like "make WEP required." That ensures that WEP must be enabled on all desktop and laptop computers, too. Again, refer to your user's manual to figure out how your system handles this.

It's important to change the default keys for WEP on your system. You'll need to refer to your manual again. In any case, when you've changed the keys, you have to go around to all the desktop and laptop computers and manually enter those same keys into those computers.

Always use the strongest encryption possible. As of this writing it's 128-bit encryption. You'll have to make sure that all the wireless network cards in your computers are able to handle that level of encryption as some of the older ones were limited to a using a much smaller key size. If your systems can handle it, it doesn't cost you anything to use the strongest encryption, so why waste your time with weaker encryption? Even with WEP cracking tools, it would take a hacker quite a bit longer to figure out 128-bit keys. He may just move on to an easier target and leave your system alone.
Position your access points well

If you install your access points near windows and walls, you can be sure that the wireless signals "leak" to the outside and can be found by others. The best thing to do is to locate the access points as close to the center of the building as possible. Position your access points so people outside the building can't find the signals; however, your staff inside the office do need to be able to find the signals. If you place the access point too securely (like behind steel doors), no one will be able to log on.
Buy special antennas

Yes! You can buy special antennas that will shield and/or shape the wireless signals. With these antennas on your access points, you can direct the signals, limit them to certain areas, and shield them from walls, windows, and doors. Check with your local electronics store and try talking to some of your local ham radio enthusiasts. Ham radio operators usually know more about radio waves and tuning antennas than you ever thought possible.
Use a VPN for wireless networks

VPNs are much better at authentication and encryption than WEP. If you already have VPNs set up for the rest of your network, it's not much of a chore to set it up for wireless networks. Just make sure your access points are all behind your firewall and then set up your VPN scheme. You can be guaranteed of better authentication and much better encryption that way.

Have any queries feel free to mail me

No comments: