Slashdot Mirror
Detecting Wireless LAN Users
technosavvy writes "With wireless home networks and applications like NetStumbler becoming so popular, it's surprising that there are so few consumer-oriented applications that help monitor who is connecting to your wireless network. Bob Brewin of ComputerWorld lists three tools with this purpose in mind in his article "Tools for detecting rogue wireless LAN users"." I just like running etherape.
So what if you can detect when a rogue has connected to your wireless network. A passive data gatherer connected to your wireless network can often times gain enough information to connect to your network externally (Internet, VPN, etc). So just knowing that noone is actively using your wireless network doesn't mean that noone is hacking your network because of your wireless network.
Check out Kismet over here. It can run on Linux PDA's like the Zaurus and iPaq as well as your laptop. It also has GPS support and speach output (through festival).
This is all good for network security assurance and auditing, but doesn't fix the basic security problems with using WLAN 802.11 technology. I suggest that we use a new security model for WLAN security:
1) Obscure SSID names and WEP should not be used on your WLAN just to provide management/users with a false sense of security;
2) Put the WLAN access point outside your firewall (layer 1 security);
3) Use firewall VPN technology for layer 2 security;
4) Use IPSec protocol for network layer 3 encryption;
5) Use digital certificates for layers 4-6 strong authentication;
6) Enforce Corporate security policy on WLAN deployment & use;
7) Regular audit and security assurance work to detect the addition of new WLAN points to your network.
There are good reasons for using WLANs, and you probably can't stop the keeners from adding access points, but you can try to mandate how they will be added in a secure and managable fashion.
Cheers,
-wjc.
"I figure you're here 'cause you need some whacko who's willing to stick his finger in the fan. So who are we helping?
I'd even pay for it like a utility (like water treatment or gas). God knows it'd get rid of silly little disputes over 'stealing' or redistributing bandwidth and cable companies penalizing users for doing what they signed on to do...use lots of bandwidth.
Why do people think because they have an unmetered, always-on broadband connection they must use it flat-out all the time? I have a cable modem here and don't feel the need to be constantly utilising it to the max.
If I can draw an analogy to the broadband ISPs being similar to the water companies. In the UK, most domestic homes pay a flat rate for their water supplies, for this they have the ability to turn on a tap at any time and not worry about the cost. Fetching your e-mail, light web browsing etc would be the equivalent of washing your hands, flushing the toilet or filling the kettle in terms of demand. A large file download, e.g. the latest distro ISOs would be akin to running a bath, washing your car or watering the garden. A spike in demand, but the water companies ensure that the water pressure is sufficient such that other users in the area are not affected. Same as for the ISPs, they can cope with occassional high demands on the system. Now, imagine the situation if everyone decided to wash their car at the same time or all shared the same bath time, or decided to just leave their taps running because they can.
Heavy users of the water supply (domestic and commercial) are metered and charged appropiately for what they use so why should a resource like bandwidth be any different?
I've got a fever and the only prescription is more COBOL.