Exploiting and Protecting 802.11b Networks

iforgotmyfirstlogon writes: "A couple of guys from Extreme Tech drove around New York, New Jersey, Boston, and Silicon Valley with a high gain antenna to see how many (secure and) unsecure wireless networks they could tap into. They used NetStumbler and Linux AirSnort to help them search. Results? They came across over 800 networks and less than 40% had any sort of security."

Thats nothing

[Jeff+Knox]

Peter Shipley did that in San Fransisco and found smaling like 2500 access points. The only way this will ever be fixed is if companies realize that you cannot depend on protocol level security. WEP is not the answer. Tunneled SSL, or some sort of VPN end to end security is the only way to protect your connect.

Any How-to Doc on how to secure your wireless LANS

[mgpeter]

Does anyone know of any good Documentation on how to secure wireless communications ?? I know we have 2 wireless connections between 3 building using SMC's Wireless routers, and the only security that was built in other than the 64 and 128 bit encryption (which is apparently crackable), and only allowing certain MAC addresses to communicate (which is also easy to crack).

So instead of writing articles on how bad wireless tech is to crack, (4th article I've read in a week) why not write a how-to on how to implement security on your wireless LANs.

Re:Any How-to Doc on how to secure your wireless L

[tagplazen]

Why is this guys comment a 0? A "how to" may not be as sexy as driving around for open networks, (and if you think that's sexy, you've been way toooo into Final Fantasy jpegs), but it's definitely needed.

However, in a brief spiel before I have to run, ensure end-to-end encryption. Approach it just like you would a normal WAN. Disable telnet and ftp on your servers, use SSH and SCP instead. Harden your hosts. Look into using FreeSwan or the BSD's IPSec solutions for vpns. Switch over to DJDNS. In short, do everything that people should be doing on their 'normal' wired networks. It never ceases to amaze me that just because WEP is easy to break, everything else must be totally secure by default.

Hope that helps.

Thoughts on 802.11b 'privacy'

[jwkane]

It comes down to speed vs. privacy. You can ignore WEP and use IPsec or a VPN. You'll take a speed hit, but you'll have reasonable privacy.

If you don't mind exchanging some privacy for additional speed, 128 bit WEP isn't a bad choice. It hasn't lived up to it's "Wired Equivalent" name but sniffing and decrypting is a non-trivial operation.

For more speed with minimal privacy, 80 bit WEP doesn't cost much bandwidth (2%) and you're still only going to be sniffed and decrypted by folks with a clue.

In some situations, speed is most important and privacy is meaningless. Suppose you're downloading Debian ISO's over a wireless link. There are times (one might argue the majority of internet traffic) when privacy just doesn't matter. If you can use reliable encrypted protocols for the exceptions then open mode 802.11b is fine. What are you trying to hide?

As long as we're able to encrypt those transactions that require privacy none of the WEP "stuff" matters. How secure is your wired network internet traffic after it gets to your ISP?

Re:Thoughts on 802.11b 'privacy'

Ah, just about any modern computer can do 11Mbps (insert favorite RC* number here) fairly readily. If your'e using a protocol that does compression to boot, you may actually experience faster speeds, but possibly higher latencies. Of course, you have to have machines on both sides of this hypothetical VPN that can cope with the increaced loads, but with most modern machines, this is hardly a concern, unless one is consistently pumping out max bandwith.

The future is now.

[Ungrounded+Lightning]

When you have 1000's of people driving around trying to h4x0r 802.11b networks, it won't be the same thing anymore.

How do you know you don't ALREADY have thousands of people driving around sniffing 802.11b nets?

And how is a person supposed to distinguish nets left open deliberately, as a public service, from those left open accidentally?

The existence of public 802.11b ports gives plausabile deniability of criminal intent to anyone making parasitic but non-malicious use of an accidentally-open WLAN.

(IANAL of course. But I'd hate to be a prosecutor trying to bring a case against someone who "trespassed" on a WLAN port.)

so what.

[Raleel]

We know wep is insecure. There is little point in even putting anything on these nets. as a matter of fact I can find reasons not to. Let's say for example that you run a facility that has large numbers of people from outside coming in. WOuld it make sense to enforce 128 bit encryption? Sheesh, all the people with bronze (no encryption) and silver (40/64 bit encryption) can't use it.

As someone pointed out above, put it outside the firewall, requirte ssh/vpn to get inside a firewall. tell people it's an insecure net, and recommend personal firewalls (zone alarm. blackice, ipchains, etc).

The major benefit of wireless is access anywhere. Security directly conflicts with access. For example, managing MAC level security (restricting by MAC) is a pain in the keister. WEP is worthless. So assume all your traffic is insecure and use something to encrypt it. If you really need to prevent people from getting on and using your net, _don't use wireless_.