Slashdot Mirror
Wireless Security Attacks and Defenses
An anonymous reader writes "IT-Observer is running a comprehensive overview of wireless attacks and defenses. From the article: 'Wireless technology can provide numerous benefits in the business world. By deploying wireless networks, customers, partners, and employees are given the freedom of mobility from within and from outside of the organization. This can help businesses to increase productivity and effectiveness, lower costs and increase scalability, improve relationships with business partners, and attract new customers.'"
I see that keeping leeching wardrivers out isn't covered.
See the last time I was attacked wirelessly was by an RC plane. I now protect my self by wearing an umbrella hat OVER my tin foil hat. Sexy, stylish AND functional. Or did you mean that funky interweb wirelessness? I can't read much due to the tin foil/umbrella hat slipping into my eyes. BUT AT LEAST I'M PROTECTED!!!!!!!!!!
I suggest replacing the phrase "increase productivity and effectiveness, lower costs and increase scalability, improve relationships with business partners, and attract new customers." with "blah." This way we can write things like "X will help businesses to blah" knowing "blah" stands for "do anything that business wants done." As an added bonus, we won't have to change "blah" everytime stupid business buzzwords change. "Blah" always means whatever buzzwords are in vogue.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Happy now? :)
Anyway I was posting my comment and wifi security in same time... and my comment didn't appear?! Strange :(
In overall access point vendors should start producing APs with better security defaults, preferably with firewalls.
Pixel image editor - http://www.kanzelsberger.com
..yet not a mention of WPA
Its the same if you leave your door unlocked, or window open. Alot of businesses I work with have been avoiding using Wireless technology because they are afraid it will make them more vulnerable. Its more that they don't understand how to implement and secure it properly, and don't want to spend the time or money to do so.
...IMO indicates a major problem behind the thinking of many corporate IT departments. Anyone who grants access a machine access to sensititive or confidential data simply because it is on the network is a moron.
Know what confidential data you can access by simply connecting a computer to the network at my school and most universities, for that matter? Almost nothing! All confidential data should be protected with end-to-end encryption, then the worst that can happen if a third party gets a machine on the internal network is that they can use excessive amounts of bandwidth. Denial-of-service attacks are much easier to recover from than (possible) leaks of confidential data.
Even if somebody somehow makes wireless networking as secure as good ol' fashioned copper, it still can't be made perfectly secure! The ONLY way to ensure absolute security is to pull the power cord(s) out. Oh, and smash the hard disks with an ax.
That said, I wonder how long it'll be before construction companies start offering to make buildings RF-impervious? Y'know, I might actually pay to have something like that done; it would go a long way to enhancing wireless security at my house.
"Wireless blah productivity blah low-cost blah blah company blah..." How about something that pertains to the headline of "Wireless Security Attacks and Defenses" instead of a press release about the wonders of wireless networks? /me feels the wrath of the mod-monsters
It is pitch black. You are likely to be eaten by a grue.
We run wireless @ the plant I work in and it seems to not be fully dependable. I'm not a big fan of wireless, not for the security, but because of the little things that can take it out. It can be more productive if implemented correctly, but there's alot to keep in mind when you do this.
That which does not kill me only postpones the inevitable.
Article didn't seem to have the pictures and diagrams that the text referred to. http://www.windowsecurity.com/whitepapers/Wireless -Security-Attacks-Defenses.html is a version of the article with those pictures
"Another advanced defense method that is possible, although unlikely, is to create an in-house encryption algorithm to use for encoding your network's data."
n SourceandSecurity
s s )
No, no, no, no, NO
As Bruce Schneier says "Public security is always more secure than proprietary security"
http://www.schneier.com/crypto-gram-9909.html#Ope
Also, why don't they mention WPA? ( http://en.wikipedia.org/wiki/Wi-Fi_Protected_Acce
Three guys named Brad and another one named Josh post a fluffy little article on security for wireless, then cover about 1/3rd of the basics, and none of the tough stuff.
In a word, they should be punished. And someone should tape their eyes open while reading WiFoo or another good book on just how many zillion interesting hacks there are for wireless. And then, the site should get the check back-- if they were so silly as to have paid these guys.
And I wonder, how many more airy and light posts will there be, today? Slashdot Lite, less filling, less intelligent-- news for birds.
---- Teach Peace. It's Cheaper Than War.
Look at page 3. It's the one where they tell you what you should do to secure your network.
Bullshit. Everything you need to do this can be found on a single Linux LiveCD (Auditor Linux) including the kit for doing replay attacks. Only unmotivated "hackers" will fail to crack WEP.
Score: 0/1
Bullshit. Again, this will only get people who are unmotivated. MAC spoofing is a triviality. It typically will stop drive-by users of wifi, because they can usually find one that has no "protection" and they can use that. MAC restriction will NOT stop anyone who wants onto your network for any reason other than a minor whim.
Score: 0/2
Using a halfway decent scanner makes ANY settings changes you do (besides turning on WPA) utterly useless.
Score: 0/3
Again, a good scanner makes this irrelevant.
Score: 0/4
Uh, this is the same thing as "mac address blocking". They're the SAME FEATURE, just one is default accept, and the other is default deny.
Score: 0/5 (I should really assign a negative point for trying to use the same feature as a bullet point twice, but I'll be nice.)
If someone has physical access to your AP, you're fucked anyway. If they can do remote admin in your AP, you're an idiot anyway - and turning off remote admin isn't even listed as a good idea here.
Score: 0/6
No, it isn't. A few moments of sniffing will tell you what you need to know. Utterly useless and it just makes your life harder.
Score: 0/7
This article tells you nothing about how to effectively secure your network. In fact, it tells you to do a whole bunch of things that won't work.
Want to secure wifi? There is only one means to do so, and that is to use a tunnel with strong encryption. Whether you're using com
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Not even a mention of WPA2, certificates (hardware/software), or any other actual security measures in there. Some decent stuff about PEBRAC errors in the beginning, and other changes that should be obvious to any netadmin with two brain cells to rub together, but TFA is really not even worth the time it takes to read.
We all know tornados make a bee-line for trailers.
This article may be helpful to some newbies, but I'm looking for something extra here. Where's the 802.11X and 802.11i/WPA2 information?
I see WEP mentioned and then WEP2. I think that by WEP2 the author means TKIP. Of corse there is no explanation of what either does and why WEP2/TKIP is better than WEP.
Why bother learning about MitM attacks? Rogue access points? ISD??? You're using WEP for God's sake!!!
This is is basically something I'd expect to see on Digg. Any self-respecting /. visitor already knows everything mentioned in the article.
The article doesn't mention several things, like the more modern methods that wireless hackers are breaching security. instead of attacking at layer 3, attackers these days are focusing on layer 2 attacks... they're attacking the wireless device drivers themselves, looking for a way in. I heard a podcast where Joshua Wright was mentioning taking over devices that way so as to avoid those pesky firewalls. I just googled wireless hack layer 2 stack driver joshua wright to find some articles. You're on your own for specifics though - just say no to script kiddies.
Your sig(k) has been stolen. There is a puff of smoke!
It is possible to construct a Faraday Cage to block wireless network signals without blocking cell phone communications... Wireless networking uses 2.4 GHz signals. Cell phones use entirely different frequencies.
Try it yourself! Place your cell phone in a microwave, close the door (but don't turn it on, of course), and call your cell phone. If your phone rings, then the cell phone signal made it past the microwave's faraday cage. And microwave and wireless networking signals are almost the same -- my network throughput dies whenever I use my microwave.
NOTE: Different cell phone frequencies exist, so YMMV. I can't try this myself (no land-line) but according to what I learned in physics class (LONG ago), I'm pretty confident it should work just fine. Anyone want to give this experiment a try and post how it worked for you?
That's why Al G. Bell invented the landline. He foresaw that cellular would suffer limitations which only landline could prevent.
Funny the moment I read "which had come equipped with a factory-installed 802.11g antenna" I knew there wouldn't be anything of value.
Haven't read TFA, just your summary here. Thanks for exposing your brain to this IQ sucking pap so the rest of us don't have to. Do they really call WEP "Wireless Encryption Protocol?" Because it means Wired Equivalent Privacy. They got every fucking word in the acronym wrong!
WEP is also, as you point out, not anywhere equivalent to wired privacy.
Sigh.
"Hey, look at me! I just read two chapters in a "Wireless for Dummies" book and I'm getting paid to write an article in a trade journal!"
Where's the justice?
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
I maintain a wireless network of over 40 AP's for a college campus. This article spends much time on nothing.
a) 'default' SSIDS are irrelevant. It doesn't make the networks easier to find. It's not like when I ask windows to "View Wireless Networks" it only shows me the ones called "linksys". Perhaps at one time seeing a router called 'linksys' might have made me think that the user is less likely to be running encryption but under XP it tells me right away which ones are encrypted and which aren't.
b) Warchalking - old hat. Perhaps before it was feasable to simply leave my PDA running as I walk around and report all the AP's it sees this might have been useful.
c) WEP - You've got to be joking. The article mentions the 'newer 128-bit specification' doesn't mention DWEP using 802.1x or WPA. Either make it much harder to crack.
d) IDS - Possibly useful but really only once someone is accessing your system via your wireless.
e) MACs - The article seems to vassilate here, on one hand saying that MAC isn't meant for access control and on the other saying that you should use them for ACLs. MAC authentication is useless, it's trival to find a useful MAC address on any network that's used regularly.
f) DHCP - Stupid. Disabling it stops very little for very long. The vast majority of WLANs are using one of the three non-routable IP ranges. It wouldn't take me long to find one that's accessable. It also introduces a serious pain for the maintainers for the network.
What it should mention are the following:
a) Authentication - 802.1x preferably. I personally don't like web portals as it makes it easier to fool users with "evil twin" attacks.
b) WPA2, using WEP or idealy AES.
c) For corporate WLANs use a system that can use your own wireless networks to detect rogue AP's. I'm using Nortel (now cisco) 2270 (with 2230 aps) and I have SNMP traps which warn me when someone in the WLAN starts up an AP.
d) VLANS - keep the WLAN traffic restricted to particular ports, destinations.
e) Have a written policy for your users. Make them understand that adding their own wireless equipment is forbidden.
f) Using some kind of authentication on your ethernet jacks helps - it's hard to find an AP that will do 802.1x on the WAN side. Even so, it would be tied to a particular user. Using the information from (c) you can just disable their account.
f) Invest in a solution that keeps users OS and Virus software up-to-date.
That kind of experience is breathtaking, gained from years and years, or even minutes, of reading the Kismet FAQ.
I'm going across the road to see if any of my neighbours want me to set up their Wireless Routers for them. If they aren't going to read the manual, they certainly wont have read that article. Which begs the question, who exactly is supposed to read that article?
Not if it fools you into thinking you're safe. Paranoia trumps complacency.
The May 10th, 2006 date on this article must be wrong. The article is obviously months or years old. The lack of information about WPA, the discussion of warchalking and the dates of the referenced material all indicate this article was written sometime in early 2005 or late 2004. It was posted on invulnerableit in 11/2005, but I suspect it is older than that.
I call it "wire."
Slashdot Burying Stories About Slashdot Media Owned
Actually, I don't think the shielding in the microwave is tuned to any particular frequency. Putting a phone in a grounded metal box should pretty effectively stop the signal regardless of the aperture size on a single screened face. But, it will probably work in some cases and not in others, just due to location of tower and such.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I can't try this myself (no land-line)
and apparently, no friends with cell phones...
How is this a troll? There is no such thing as a 802.11g antenna, there is only an 802.11g adapter, and a 2.4GHz antenna. Anyone actually qualified to write such an article would not make these errors. Therefore, the people who wrote the article are morons and the parent comment is entirely correct. See my earlier comment in this thread for exactly what is wrong in this article. Well, just from one page, and it's seven pieces of COMPLETELY WRONG INFORMATION. And I didn't even read the whole page!
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Blah!? Don't you worry about Blah, let me worry about blah!
Proof by very large bribes. QED.
Read it!
Martini Glasses
My favorite quote:
"A more likely approach would be to implement an existing, proven encryption method such as MD5 or MIC. "
Those are hashes. They don't encrypt anything, (if by encrypting you mean being able to decrypt it later).
Anyone want to give this experiment a try and post how it worked for you?
I tried it, but right away I started to hear a crackle noise, saw some sparks, and then my cell phone went up in flames. Why the hell did you have me try that?
Oops, I missed the part where you said not to turn the microwave on..
Then give yourself a minute
Push start
Repeat the experiment
There's quite an easy solution for this. It's used at our university for the offices of employees. Some time ago you could just plug in a PC, assign a valid IP-address and use the net, authorisation was done by physical access to the room, or lack thereof. Then I had to install a new PC, plugged the network in, but nothing worked. It took me some time to figure out that the network port was blocked, because a new MAC address was seen on this port. That's true, once they detect any new MAC address, they completely shut off that port. You have to phone the helpdesk and explain why there's a new MAC address (= new PC) on that port. Usually you can't use a hubs/switches, as only one MAC address is allowed per port (there are some exceptions though). While this article recommends using MAC addresses as access control, I think in most cases this is just wrong. But in this particular case it does sense: Once an employee plugs in an access point, they'll detect that additional MAC address. Spoofing the address on your wireless card won't help, as only one MAC address is allowed, but two are detected (wireless card + Access Point).
:).
If you have to install new PCs, this is quite annoying. I'm happy if the old PC has a network card that I can take out and put into the new PC, so the address doesn't change (I know spoofing is possible, but I don't think they like it
At home I'm using WEP, but unlike the article recommends not for security. I'm just being friendly to my neighbours, so their windows systems won't autoconnect and get an IP address, which they couldn't use for anything: Without a connection to my VPN, there's no internet.
wireless encryption protocol: 5,860,000 results
Wired Equivalent Privacy: 2,200,000 results
Wikipedia says Wired Equivalent Privacy
Screw the uneducated masses -- this fool probably Googled "WEP", along with the rest of his low-rent "Wireless for Dummies" security tips.
body massage!
Actually, the cell phone signal here is marginal, at best. I often have calls drop on me, if I can get them at all. Hence my request in the original post for others to try it and report how it worke for them.
I have a hard time taking an article seriously when simple technical terminology is grossly incorrect.
"Try it yourself! Place your cell phone in a microwave, close the door (but don't turn it on, of course), and call your cell phone."
I don't know what's sadder. The fact that you had to explain a Faraday Cage to a bunch of geeks, or that you had to tell them not to turn the microwave on.
my network throughput dies whenever I use my microwave.
Congratulations, you've just proven that the microwave doesn't completely block microwaves either.
As a professional in an enterprise of 60,000 employees all wanting WiFi, I have to say, these folks missed listing the major concerns for an enterprise. Man in the middle attacks are well known and describing them to the uninformed makes the story teller sound like a magician. It does little to address real non-trivial issues.
For an enterprise, nobody should consider using any WiFi AP or router that doesn't support WPA and RADIUS authentication. Shared keys are for small offices with under 10 computers, not for an enterprise.
So the answer is simple:
- WPA or better encryption (WEP is a toy)
- A real RADIUS server
- 1-time passwords like RSA/SecurID provides
- Locked down suplicants - no open access point should be allowed, even from home.
- Role-based access to network resources - not everyone needs access to the finance subnet and almost nobody needs access to the backup network.
- Unauthenticated network access should only allow SMS, OS patches and Antivirus updates - no real server access and no web/internet access.
It'd be nice to have a a program for the wrt54g that scans for new access points regularly, reporting them if they route through the company LAN. Even better would be the ability to automatically gather packets and crack WEP for the route testing part.
They mention warchalking, but not wifi mapping services. Also, they brought up the old wwwd, which ended in '04.
Zhrodague.net - I do projects and stuff too.
why please is everybody putting wireless into the ... dubious content
...
the same basket as wired? it's NOT! it's a convinience,
it's light (or electromagnetic waves) which goes thru
walls, tables, doors even to other planets.
THAT's what is about. use technology where it shoulde
used.
my WIFI point (acctually two for better coverage) is
WIDE-open.
it is limited of course. for example all HTTP HAS to go
thru a proxy. i want to know what's going on, should
any anonymous dude want to access some
i have logs to proof that none of my machines (MAC number)
was accessing it.
it's a well of knowledge and i set it up SUPER CONVINIENT.
it's got a DHCP server giving u the ip address. the server
is setup to give u a proxy configuration automatically etc.
i have a SAMBA happly serving files (get firefox now), movies
and music to anyone who cares to listen...
the whole wireless thing is of course on a completly differnet
network (-card) and routing between my wired lan and the wireless
is disabled.
so PLEASE use it for what it is. it's a freaking antenna for
computers. i am now a radio station and a tv station and it's WIDE
open. THAT'S what wireless is for: CONVINIENCE.
we really need a paradigm shift in this whole wireless discussion
thing, sheesh
Actually, I don't think the shielding in the microwave is tuned to any particular frequency. Putting a phone in a grounded metal box should pretty effectively stop the signal regardless of the aperture size on a single screened face. But, it will probably work in some cases and not in others, just due to location of tower and such.
Well, I hope you're wrong.... I for one, would prefer to own a microwave whose shielding was designed for maximum attenuation at the frequency used by the microwave (somwhere in ~2-2.4ghz).
Otherwise, it means I'm getting cooked along with the food.
Yes, the metal walls on 5 sides probably attenuate most RF. But its the glass window in the front whose shielding concerns me most....
Look no further: http://ask.engadget.com/2006/03/30/ask-engadget-bl ock-wifi-the-right-way/?