Support our Troops!

Send me E-Mail at:

I'm still working on this article.  Please give it time.  I hope to have some nice stuff compiled in one place for you!

This article will attempt to cover what I've learned experimenting with Wireless Networking using Wi-Fi, or 802.11b technology.  I will more specifically cover the security issues present with all forms of 802.11b.

Wireless equipment is now very affordable, and many people with technology in their homes and businesses are going out and purchasing equipment to build wireless networks.  Are the majority of the people installing this equipment aware of the security risks with plugging it in without exploring your security options?  The answer is absolutely NOT!  Many "wardrivers" find that it's very easy to simply take a laptop with a wireless network card, and use somebody's Internet access --- because 75% of wireless networks don't use even the most basic security features offered.

Click here for a News Special in RealVideo format that can get your attention, you won't want to miss it!

Wardriving

I define Wardriving as the mobile roaming around a geographic area with a computer and Ethernet-compatible wireless networking equipment to determine available access points, or points where access to a wired network can be gained.

More simply, wardrivers drive around in cars with a laptop with a wireless network card and try to find places that use wireless technology.

If you've ever watched the movie "Wargames" with Matthew Broderick in the 80s, or were actively involved in hacking or even cracking 10 years ago, you may be acquainted with software to dial a range of phone numbers with your MODEM to find computers to "login" to.  When the Internet wasn't as popular as it is today, "wardialer" software was usually the first step to find computers to "play" with.  The term "wardriving" was chosen because it describes the "roaming" to find networks, and a good number of "wardrivers" will attempt to gain access to these resources.

My Security Advice

Please be aware that this is only my opinion, and that I'm not responsible for any accidents or damages by following it.  If you want a more tailored, custom solution for your residence or business, please contact me directly.

1. Fully understand your coverage areas.  KNOW how far your wireless network reaches.
   
   
2. Enable WEP.  I know, I know, it's not a perfect solution, but the encryption offered by WEP will keep the script-kiddies away, and the vast majority of "crackers" will not attempt to play with your network if you are encrypting it.  Did you know that the MAJORITY of wireless networks don't enable encryption AT ALL?  Simply put, it takes a lot of traffic on your network and a wardriver within constant radio range of your wireless network to break your WEP codes.  If your access point and wireless network cards support 128-bit encryption, enable it.  If not, then enable the 64-bit/40-bit encryption.  Don't use cards without encryption!  Oh, and please pick a key that will be difficult to guess.
   
3. Change the default passwords on your access points!  Do this as soon as you get it online!  Lists of default passwords for many brands of access points are easily available from the Internet, and you could have your encryption disabled or your access control lists changed even from clients on your internal network!
   
   
4. Disable DHCP on your network segment with your access point.  If a wardriver that has the intent on accessing your network is in your coverage area, and you're not running encryption (or your key has been hacked, a pretty rare occurrence), they can simply release their current IP Address, and renew a lease with your DHCP Server, giving them an IP Address on your private network.  Yes, that's right, your PRIVATE network.  If you have a firewall device or NAT device on your network, it will be INEFFECTIVE against this kind of attack.
   
   
5. Enable Access Control, whenever possible.  Access control allows you to DENY access to your wireless network to all computers, except those in a specific list of MAC addresses that you choose.  Even if your WEP encryption is compromised, "crackers" will need to know a MAC address of an allowed client to gain access.  They'll need to capture packets moving back-and-forth from your wireless clients, run a denial-of-service attack to shut down one of them, and poison the ARP Cache of your router to be successful.  Not for your run-of-the-mill "cracker".
   
   
6. Don't broadcast your SSID.  If your access point has an option to shut off SSID Broadcasting, use it.  You'll have to make sure the SSID set on both your access point and wireless clients match, but this should be the case already!
   
   
7. For an even higher level of security, consider giving your wireless users no access to your private network at all, without connecting and authenticating through a virtual private network (VPN).

Software

NetStumbler -- The Most Popular freeware for Wardriving hands down.  Works with Windows 95, Windows 98, and Windows 2000.  Support for Windows ME and XP is coming.  Their forum is an awesome resource, but please, read the FAQs and do searches before posting!  Many of the members have participated in DefCon 10's Wardriving Contest, and are probably among the most knowledgeable on 802.11 security that I know.

Ethereal -- This is a freeware Packet Sniffer utility.  You need a Wireless NIC that works in promiscuous mode (Sorry Orinoco Users).

Other Links

External Antennas with a D-Link DWL-1000AP Access Point (a work in progress)

The Cantenna, 802.11b Networking with a Coffee Can (this REALLY works)!