Thread: Secure your 802.11b

IEEE 802.11 and its derived wireless LAN technologies are probably the most often used networking technology for constructing your wireless LAN. The technology uses DSSS ( Direct Sequence Spread Spectrum ) to generate the bitstreams to be transferred in the 2.45-GHz ISM band with a speed up to 11 Mbps.
There are two types of attacks. One is simply use of the broadcasting property of wireless technology to further penetrate a random wireless LAN. The 2nd is related to the vulnerabilities in the WEP ( wired Equivalent Privacy).

War driving or the so called parking-lot attack is the most trivial method used today. Tools used are a laptop, a wireless card, an extention attenna, and programs like AiroPeek and Sniffer Wireless. The first step in sniffing for the service set idenifier ( SSID ). Useing the SSID to gain access to the wireless LAN possibly through a DHCP-assigned IP address. useing restrictions to only certain MAC addresses is not enough, for addresses can be spoofed.

Standard access control mechanisms (such as SSID and MAC address restrictions) still need to be adopted, but to futher protect your corp. an internal firewall and security protocol like IPSec should be implemented.

WEP Countermeasure
Dont wait for a revised WEP specification to be completed and implemented by your wireless vendor. Deploy any of the following technologies to combat the potential WEP brute force attack: VPN, IPSec, SSL, SSH, and Kerberos. Port based network access control will be used to help, if not to substitute for, WEP in a wireless network authentication and authorization mechanisms in the future.

If you have anything to add to this post feel free links would be nice to see too.
Books for futher research inlcude 802.11 wireless security, Microsoft w2k pro, and hacking exposed. also check with the pringles company. LOL

I have been researching the Security of Wireless technology for some time now. Initially I believed that it was totally insecure, and will never be secured to my liking.

I have said this in a previous post, that basically 99% of the problems/vulnerabilities with WEP is because the encryption keys are static. By installing a Kerberos server to do the Authentication/Encryption, you can make the WEP keys dynamic, set to a custom expiry (ie. 2 mins). You could also use RADIUS authentication, which would be pretty good.

I recently read an article regarding the US Armys secure release of 85,000 Wireless clients:

http://www.fcw.com/fcw/articles/2002...t-03-12-02.asp

It uses a Wireless Security Package called AirFortress. It can utilise either 168bit 3DES, or 128bit AES. (Dont know much about AES, but if anyone does, Id love to know). It also does MAC filtering etc...

I can go into a hell of a lot more security countermeasures, but I would be here for days. If anyone would like to know anything about securing a Wireless network, let me know.

NetStumbler

Lazy admins are the cause of most 802.11b Security problems.

Well what do ya know. Came across this article today at iwar.org.uk
http://www.ledger-enquirer.com/mld/l...ws/2925664.htm

Posted on Sun, Mar. 24, 2002



Drive-by hackers hunt free, easy Web access
By Reid Kanaley
Inquirer Staff Writer

Russell Handorf was in a no-parking zone, but so
what? His laptop computer, propped against the steering wheel, had his full attention.

Handorf was probing the wireless-computer networks humming around Center City, trying to sneak his way online.

"I'm on the Internet," he finally proclaimed on this recent afternoon. "Whaddya know. . . . This is a fast connection, too."

Utilizing the credit-card-size wireless adapter plugged into the side of his laptop, Handorf, 22, of the city's Queen Village section, had gotten onto the Net by tapping into the computer system of an unsuspecting business among the nearby office towers.

An interesting document I found on wireless security.