Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wireless Security Attacks and Defenses

Posted by ryuzaki0 on from the keeping-the-aether-safe dept.

An anonymous reader writes "IT-Observer is running a comprehensive overview of wireless attacks and defenses. From the article: 'Wireless technology can provide numerous benefits in the business world. By deploying wireless networks, customers, partners, and employees are given the freedom of mobility from within and from outside of the organization. This can help businesses to increase productivity and effectiveness, lower costs and increase scalability, improve relationships with business partners, and attract new customers.'"

1 of 120 comments (clear)

  1. The article is 100% wrongheaded by drinkypoo · · Score: 5, Informative

    Look at page 3. It's the one where they tell you what you should do to secure your network.

    Even with its inherent weaknesses, Wireless Encryption Protocols or WEP is still a good method for preventing attackers from capturing your network traffic. Less-experienced hackers will probably not even attempt to capture data packets from a wireless network that is broadcasting using WEP.

    Bullshit. Everything you need to do this can be found on a single Linux LiveCD (Auditor Linux) including the kit for doing replay attacks. Only unmotivated "hackers" will fail to crack WEP.

    Score: 0/1

    MAC Address Blocking - For smaller, more static networks you can specify which computers should be able access to your wireless access points. Telling the access points which hardware MAC addresses can join the network does this. Although, like WEP, in which this can be bypassed by knowledgeable hackers, it is still a valid method for keeping many intruders at bay.

    Bullshit. Again, this will only get people who are unmotivated. MAC spoofing is a triviality. It typically will stop drive-by users of wifi, because they can usually find one that has no "protection" and they can use that. MAC restriction will NOT stop anyone who wants onto your network for any reason other than a minor whim.

    Score: 0/2

    Ditch the Defaults - Most wireless devices are being sold today with default configurations that are easily exploited. The three main areas to watch out for are the router administration passwords, SSID broadcasting, and the channel used to broadcast the signal.

    Using a halfway decent scanner makes ANY settings changes you do (besides turning on WPA) utterly useless.

    Score: 0/3

    Beacon Intervals [...] These intervals should be maximized to make it more difficult to find the network. The network appears quieter and any passive listening devices are not as productive at gathering and cracking encryption keys.

    Again, a good scanner makes this irrelevant.

    Score: 0/4

    Access Lists - Using MAC ACL's (MAC Address Access List) creates another level of difficulty to hacking a network. A MAC ACL is created and distributed to AP so that only authorized NIC's can connect to the network.

    Uh, this is the same thing as "mac address blocking". They're the SAME FEATURE, just one is default accept, and the other is default deny.

    Score: 0/5 (I should really assign a negative point for trying to use the same feature as a bullet point twice, but I'll be nice.)

    Controlling Reset - Something as simple as controlling the reset function can add a great deal of security and reduce the risk of potential hack to your network. After all the security measures are in place and the proper encryption settings are enforced, the factory built "reset" button available on nearly all wireless routers/AP's can, in an obvious way, wipe out everything.

    If someone has physical access to your AP, you're fucked anyway. If they can do remote admin in your AP, you're an idiot anyway - and turning off remote admin isn't even listed as a good idea here.

    Score: 0/6

    Disable DHCP - Disabling the use of DHCP in a wireless network is again, a simple but effective roadblock to potential hackers.

    No, it isn't. A few moments of sniffing will tell you what you need to know. Utterly useless and it just makes your life harder.

    Score: 0/7

    This article tells you nothing about how to effectively secure your network. In fact, it tells you to do a whole bunch of things that won't work.

    Want to secure wifi? There is only one means to do so, and that is to use a tunnel with strong encryption. Whether you're using com

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"