Slashdot Mirror
AirTraf 802.11b Security Package
An anonymous reader writes "Being ignorant of network vulnerabilities is a happy condition for only so long. Ignorance is bliss, right up until someone with rogue access drives away with your company secrets. This article covers information about AirTraf, an open source package, which performs a number of tasks, such as determining the Service Set Identifier of the access points, and the channel it is operating under. It can tell how many wireless nodes are connected to a given access point, as well as that point's total load. AirTraf is capable, too, of polling a number of sniffers through a central polling server in order to collect the most current information. The least of your fears should be the leeching of your Internet connectivity. Industrial espionage is a growing reality that you must confront."
Is there any way to do triangulation if you have more than one base station? Then you could do some spatial security as well, by restricting access to particular zones (say, within your own building). I know the cell phone companies have been trying to implement E911 locating for a while ... could you do such a thing with a carefully written 802.11 driver?
Toronto-area transit rider? Rate your ride.
I've always wondered why wireless security can be such a problem. Why hasn't someone devised a wireless system where encryption is hard to crack? Take a look at SSL: if you have someone listening to the wire, it's hard to get any good information from it based on the way the protocol works. Why can't the same thing be applied to wireless? The only real difference is you don't have to go through the trouble of intercepting the packets on a wire.
- tristan
If anyone knows of any agencies progressive enough to jump on the wireless bandwagon, pipe up. Otherwise I think it's just another victim of the hype monster.
Always treat your wireless network as a completely insecure network; the same way you treat the public Internet. This has the additional advantage that when visitors come to your company, they can use your wireless network to access their own home base. This can be amazingly useful.
Then use VPN to give your own staff access to the network, with the same security level you require for access from the public Internet.
WEP is not useful for anything than discouraging the casual bandwidth leech, if that matters to you at all.
It can tell how many wireless nodes are connected to a given access point, as well as that point's total load. AirTraf is capable, too, of polling a number of sniffers through a central polling server in order to collect the most current information.
As useful as this is, its not going todo much to detect or stop the fact that these are just radio waves. And you can't "detect" a hunk of metal out there picking up on them. Almost all new cards are capable of being put into RF monitor mode and sniffing raw 802.11b frames without transmitting anything.
Prism II and Cisco based cards can do it out of the box. Orinoco cards can do it with a patched driver (patched orinoco-cs on linux, WildPackets driver on Windows).
On top of that, AirSnort now compiles on Windows. Its not a fun/easy setup and still has a lot of problems, but it works.
FACT: The Illuminati is using 802.11b as a carrier for their Mind Control Rays. When "reputable sources" speak of 802.11b security, they really want you to work closely with an 802.11b source for a while so you receive their programming.
Real 802.11b security can be achieved by the following means:
Purchase a 15 meter (~50') roll of tin foil.
Wash your hair with baking soda. Don't use commerical brands, they have 802.11b signal enhancers which tune your noggin to their Mind Control Ray.
Once dry, wrap your head in a clockwise fashion with the tin foil. Ensure you cover the top of your head, your ears and base of the neck. You can poke small holes in each side to allow sound to reach your ears.
Sit back and laugh knowing that you have true 802.11b security and are safe from The Illuminati's Mind Control Rays.
Who's that at my door? )(#@Ujf0d923j 329 32
CARRIER LOST
Trolling is a art,
The flaw is not in the medium, it's in the protocol. Many organizations have pointed this out. The IEEE wanted to make key distribution easy, so in a system where the administrator is not absolutely on top of everything, it's very easy to learn the key and crack the network. A point-to-point, RSA encrypted wireless link should theoretically be as difficult to crack as a wired link, if designed properly.
Toronto-area transit rider? Rate your ride.
WEP is a miserable encryption algorithm. It can be brute-forced within hours, or passively within a day or two. Simply by having WEP enabled on your access point is *no* guarantee whatsoever that your data is secure.
Now, having everything SSH tunnelled and then wrapped in a flaky WEP crust, that's different... But WEP for 802.11(x) makes about as much sense as a bicycle for a mermaid.
Bowie J. Poag
It's been my experience that all consumer grade access points come with all security features turned off. WEP and MAC filtering are not enabled until the user/admin turns them on. Realistically I don't see this situation changing any. What's the alternative - setting a default WEP password that ships with thousands of identical AP's?
Part of this is an ease of use issue. When you install your first access point you just want to get the thing working. After the initial joy of a succesfull installation it's up to you to turn on WEP and enable MAC filtering. Even then your WiFi network won't be truly secure.
I have cracked 'secure' wep's in a matter of hours, and the more traffic going over the network, the easier it is.
It is well-known that WEP is insecure but that doesn't mean that it is impossible to send secure data over the air. It is absolutely not the case that "wires=security". If you need to transmit crucial passwords over your corporate intranet you might be smarter to encrypt than rely on the fact that nobody with access to your physical network wants to steal your data. Encryption is the key to security, not broadcast medium.
The only problem I have ever had with wired lines is bad planning. Providing you know where your workstations are going to go, and how you plan on growing, wires are just fine and MUCH faster!! :)
So you need a network drop anywhere anyone may ever want to work on their laptop (or palmtop, or wi-fi phone). Sure, if you are going to be restrictive it is easy to force people to work in the places you tell them they should work. But this can hurt productivity. Knowledge workers will have persistent wi-fi in their homes, in cafes, in restaurants (even McDonald's), in hotels, and in trains, but you're going to tell them they have to deal with wires at the office? Sorry dude, I can't help but think that you are short-sighted and will be proved so over the next few years. Wireless with true encryption will be standard almost everywhere people work.
But we thought the same thing 24 hours BEFORE the latest service pack came out and we were WRONG
MS's larger number of previous screw ups, slower discovery rate, slower reaction rates, are a strong indication that there are and will continue to be a much higher possbility that you are MS software currently has an undiscovered security flaw waiting to be found by the next lucky fool that thinks he is the MastEr Hack3r.
In addition, it is quite apparent that the number of people capable of installing and maintaing MS software correctly and to their specifications is FAR less then the number of people capable of installing and maintaing Linux software correctly and to their specifications.
Software that is excessivley complex/difficult to install is NOT the best choice for most relatively small businesses.
excitingthingstodo.blogspot.com
Note that WaveSEC is NOT a replacement for end-to-end security. All it does is protect you from wireless eavesdroppers. If you are using WaveSEC or end-to-end IPsec for all your network connections, you don't need WAVEsec.
-30-