Part of securing your network must include looking at your wireless
access points. Wireless access can be dangerous to your network. Most
people don't even know how easy it is to exploit wireless access
points. Let me illustrate my point. I went out one afternoon and took
my trusty laptop with me. The task this afternoon was to scan for
"open" wireless access points. An "open" wireless access point is one
that has absolutely no encryption, or security, on the signal. This
allows anyone to listen in on your data stream. If you still don't get
it, it's a very bad thing! So, I drove for about 2 miles through a
small business district and apartment complex. What was the result? Oh,
about 45 open wireless networks. That means that I could log onto those
networks, scan it, and exploit machines connected to that network. I
didn't do that, but you get my drift. The lesson here is to encrypt
your wireless data stream.
Some people think that choosing WEP encryption offers great wireless
security. They would be wrong. Your wireless router may have an option
for WPA and WEP. You should always choose WPA security over WEP. Let me
illustrate why. I set up a wireless network in my home. I enabled WEP
security at 128 bit encryption. That's "strong" security for WEP. I
wrote down the security key and then I started my test. My goal was to
hack my own WEP wireless network. I thought it was going to be a really
hard task. I was wrong.
I fired up my linux laptop. Linux is just an alternative operating
system to Windows. This particular Linux distribution, or flavor of
Linux, was a security edition. This gave me all kinds of tools to scan
for wireless networks and exploit them. A typical hacker will have all
of these free tools at their disposal. I then fired up Kismet. Kismet
is a great wireless scanning program. I found my wireless network in
the list. I found the connected client and the access point, or router.
Then I proceeded to do a typical type of attack on the network. Hackers
need to grab what's called a "packet" from a computer that already has
the key for the secured wireless network. The hacker can then use this
packet to issue responses from the router. Why is this important? This
allows the hacker to gather a tremendous amount of data from the access
point. And this finally allows the hacker to crack the WEP security key.
So, I went about hacking my own WEP wireless router. I
"deauthenticated" my computer that was already connected to the router.
This gave me the packet I needed for the router. Then I started sending
this packet to the router a lot. Once I had enough data from the
router, I then passed it to a cracking program. Viola, it cracked the
key in about 1 second. After the dust had settled, I had cracked my WEP
security in less than 30 minutes! But would the typical user see that I
was hacking? Probably not. The only thing they would see is that they
lost their wireless connection for a moment. This is when I
"deauthenticated" them from the network to grab the "packet" I needed.
Remember, I had my WEP encryption set to 128 bits. This is a high level
of encryption. But it really doesn't matter. All a hacker needs is a
signal a little time to crack that. Remember, hackers are like house
thieves. They will go along the path of least resistance. The harder
your wireless signal is to crack, the less likely you will be hacked.
They will simply move along to the next "open" network or one with bad
encryption. Do yourself a favor, and always choose WPA wireless
security over WEP.