How Can You Protect Yourself?

Despite the risks and vulnerabilities that are associated with wireless networking, certain circumstances do demand their use. As with everything we do, we can take steps to minimize the risks and make hacking into a WLAN a more difficult exercise for potential intruders.

If the use of wireless technology is in the corporate environment, be sure it include it in all of the overall network security policy, procedures, and best practices. Wireless networks need to be treated under the same rules as wired networks. Extra care should be taken in implementing wireless networks because, as we saw, they are even more vulnerable than wired ones.

Be sure to include your wireless networks in the next security vulnerability assessment you perform on your wired networks. A vulnerability assessment can help to identify any weak points that intruders could exploit. This includes poorly configured components, weak or missing passwords, unauthorized access points, and the absence of strong encryption protocols.

Treat your wireless network like the Internet; in other words, remember that it is untrusted. Some situations might even warrant a firewall in place between your wireless network and your wired network. That way, a successful break-in on the wireless network can't easily penetrate to your entire network.

Changing Default Settings

Just like we need to change default settings and passwords on PCs, we also need to change them on APs. The SSID on many APs does not get changed. Because the SSID is broadcast to provide clients a list of networks to be accessed, that information is also available to let potential intruders identify the network they want to attack.

If the SSID is set to the default manufacturer setting, it is frequently a sign that the additional configuration settings (such as passwords) are at their defaults as well. When an administrator has taken steps to change one default setting, he has probably changed others as well.

Good security policy is to disable SSID broadcasting entirely. If a network listing is a requirement for network users, then changing the SSID to something other than the default that does not identify the company or location is a must. Be sure to change all other default settings as well to reduce the risk of a successful attack.

Simply using encryption keys and SSIDs is not the optimal solution. If someone were to leave a company on bad terms but keep his wireless network card, he could drive up to the outside of the building and capture all of the network data that he wants to. One possible solution to this is the use of MAC address filters. APs would only allow connectivity for MAC addresses that are in its filter. In many cases, this is not particularly useful because of the administrative headaches associated with it. If you are administering a network of many wireless cards that turn over from one employee to another, keeping track of ownership and MAC addresses could be daunting task. This is, in most cases, the limit of today's wireless infrastructure.

Strong passwords should also be used on your access points. You should perform periodic checks to see if the password is being stored on your clients. You can do this by performing keyword searches for your password. Some passwords are stored in clear text in the Windows Registry and are vulnerable to discovery if a client is compromised. Take steps to correct this if possible. Every client needs to know the password to communicate through an access point, so this gives you many points for a potential loss of security. Change the password on your access points regularly. Another tip is not to use the same password on all devices. If a password is compromised on one machine and you use different passwords across all machines, the attacker would not be able to log into all your machines with the same password. Having different passwords requires users to log on again as they move around, and it provides an extra layer of security.

Some access points and clients use Simple Network Management Protocol (SNMP) agents that are shipped from the vendor with weak or widely known passwords for both read and write access. If you are running SNMP agents, be sure to use strong passwords in place of the defaults.

Enabling WEP

One line of defense against hackers is encryption. As mentioned previously, WEP is disabled by default on many wireless network devices. Despite WEP's known flaws, enabling it is better protection than nothing at all. It adds an additional barrier against the casual war driver or curious sniffer. A program that is available for cracking WEP keys is Airsnort (http://airsnort.sourceforge.net/). This Linux-based program passively monitors wireless transmission and computes the encryption key when enough packets have been captured.

Using VPNs

Virtual Private Networks (VPNs) should be used to augment what 802.11b provides in the way of encryption and authentication. VPNs normally make use of encryption, user authentication protocols, and tunneling to allow secure end-to-end communications across the Internet (third-party network). In this case, your wireless network would be considered the third-party network. IP Security (IPSec) protocols are often used in conjunction with VPNs to provide secure communications. IPSec is attractive because it can encrypt or authenticate traffic at the IP layer, thus making it transparent to the end users. (That is, no training is necessary, and it doesn't affect other applications.)

Access Point Placement

The physical placement of the AP is also important. Consideration should be given to placing the equipment toward the center of the building or house to minimize the strength of wireless signals emanating to the outside world. However, this depends on the physical structure and layout of each building or house in question. Avoid placing equipment near windows, which allow the signal to travel farther and possibly reach unintended receivers. As with your normal wired home or office network, test the security of your wireless network. Use one of the packet sniffing products and walk around your house as if you were a stranger and see if you can break into your wireless network, get a connection, or capture traffic. Some access points allow you to control access based on the MAC address of the NIC.

Proactive Network Sniffing

Just as you would perform periodic vulnerability assessments against your network to gauge its security, you might also want to deploy network sniffers on a regular basis for the purpose of monitoring your wireless network. This action help to identify rogue APs that might be providing unauthorized access to the network. As an additional precaution, it is also good practice to take measurements external to a facility in areas that an intruder might be likely to attempt an attack. It is helpful to know just how far wireless network signals are traveling outside the intended boundaries of a building.