WIRELESS NETWORK SECURITY

The Popularity of WiFi

Wireless networking has experienced a huge increase in popularity over the last
couple of years. The necessary hardware is widely available to consumers, it is
very affordable, and relatively easy to install and configure. Gateway devices,
common called “routers” or “firewalls” by consumers, that allow users to share
a broadband connection with and protect multiple computers on a home
network have been around for a while. The addition of wireless capabilities to
these gateway devices gives the user the convenience of taking a computer
anywhere in the house, and not have to worry about running wires through walls
and crawl spaces and attics to connect computers in various parts of the house.
Industrial-strength high-performance versions have been around even longer in
company environments, allowing employees to roam between offices, cubes,
and conference rooms with laptops without ever losing connectivity.

It is a great technology that offers many benefits. As the saying goes, however,
with privilege comes responsibility. A responsibility that is unfortunately much
too often ignored by the person implementing it. A wireless network needs to be
properly secured as it poses a number of extremely serious risks and dangers if
left wide open and exposed, which many users are unaware of.

Why secure a wireless network?

If you are thinking right now that you have nothing important on your network
and that you have no need to secure your wireless network, I guarantee you that
you will reconsider your opinion after reading the next few paragraphs.
Consider the following dangers of having an unsecured wireless network.

Bandwidth Parasite

In a “best” case scenario, all the intruder does is use the victim’s broadband
connection to get online without paying. Maybe just to surf the web, maybe to
download pirated music or software. This does not cause any direct harm to the
compromised network, but it can slow down Internet or network access for the
victim, the legitimate user of the network, if an intruder leeches off his
bandwidth. This could mean substantial additional ISP cost for the victim if the
ISP meters used bandwidth and charges for actual usage.

Masking criminal activity

An unauthorized user could abuse the victim’s connection for malicious

purposes like hacking, launching a DoS attack, or distributing illegal material.
Since the intruder is a part of the private network and sits behind its gateway
device, any traffic between him and the Internet will appear to be coming from
the public IP address the ISP assigned to the victim. The ISP has no idea how
many computers are behind the gateway, who they belong to, and what they are
used for. If the criminal activity is discovered and investigated, the origin of the
attack will be traced back to the victim’s broadband account. It is a pretty safe
bet that nobody wants to be accused of and go to jail for distributing child
pornography or hacking into restricted company or government networks (just
to mention a few examples) if the crime was in reality committed by a cracker
from behind an innocent victim’s network. Reviewing ISP’s Terms of Service
usually reveals a clause that not only allows the ISP to reveal customer
information to the authorities to assist with legitimate criminal investigations,
but also holds the customer responsible for any activities the connection is
(ab)used for.

Free access to private data

A wireless network is also a direct backdoor into the victim’s private network –
literally. Instead of intruding from the public side of the gateway device, the
intruder connects directly to the network on the private side of the gateway
device, completely bypassing any hardware firewall between the private
network and the broadband modem. Most people assume that since they are
behind a gateway device with a built-in firewall their private network is safe,
hence letting down their guard, sharing drives, and being generally careless. The
intruder can completely take advantage of this by snooping around undisturbed
and getting access to confidential data. This could be in form of personal
information such as financial data, tax records, wills, and more that can be
abused for identity theft for example, or in form of work-related information
such as confidential specs, development information, trade secrets, and more
that the victim has brought home from the office. By employing a sniffer an
intruder can even sniff email or FTP user names and passwords because they
are usually transmitted in cleartext, and use that information to gain
unauthorized access to email accounts or web servers without the victim’s
knowledge.

Backdoor into corporate networks

In addition, a wireless network could also be an indirect backdoor into a

corporate network. An intruder can specifically target an employee of a
company whose confidential information is valuable to him for monetary or
competitive reasons. If that employee establishes a VPN connection either
permanently from his gateway or from a machine behind his gateway to the
company network, the intruder can then piggyback on the VPN tunnel and gain
unauthorized access to company resources, a serious security breach and every
network administrator’s nightmare.

That’s why

By now the danger should be pretty clear: Unsecured wireless networks are
unacceptable due to the extremely high risks involved. Yet there are countless
unsecured wireless networks out there. A train ride through the Silicon Valley
East Bay area revealed about 60 wireless networks, 40 of them wide open and
insecure. A drive around a residential neighborhood covering just a few blocks
revealed over 30 wireless networks, 20 of them wide open and insecure.

What is even scarier is that it does not take any skill to discover and gain
unauthorized access to wireless networks. One does not have to be a
programmer, Linux expert, or network specialist. All it takes is a laptop with a
wireless network card, and some software (also available for Windows) that can
be easily downloaded for free from the Internet. Armed with these basic tools
anybody can drive around, detect open wireless networks, and connect to them.
With a Linux machine, additional software, some advanced knowledge, and
some time and patience it is even possible to break into wireless networks that
use encryption.

Now that it is obvious why a wireless network has to be secured, it is time to

find out how…
 HOW TO SECURE WIRLESS NETWORK

How to lock down a wireless network

The following steps will only take a few minutes each, but will make a big
difference. The results will fend off all but the most determined and skillful
crackers.

Change the default password

Almost all wireless devices can be managed via a web interface that can be
accessed by simply typing its IP address in a browser’s address field. While the
admin interface is password protected, the default password set by the
manufacturer is always the same. Any wireless network sniffer program will
easily discover the manufacturer of the wireless device because it willingly
broadcasts that information. Anybody can download the manual from the
manufacturer’s website, and get the default password to that manufacturer’s
devices in seconds. As a result, an intruder can type in the default IP address of
the wireless gateway to get to the admin interface, and try the default password
to log in and access the device settings. Knowing the manufacturer of the device
gives the intruder the additional benefit of being able to employ cracks or
exploit vulnerabilities specific to that manufacturer.

Disable SSID Broadcast

The SSID is the name of the wireless network. In order to connect to a wireless
network, its name needs to be known. By default, wireless gateways happily
broadcast the SSID to be picked up by any wireless network device for easy
configuration. Hiding the SSID by disabling SSID broadcast will make it much
harder for an intruder because he will have to start guessing. It has to be
mentioned that while most wireless gateway devices offer the option to disable
SSID broadcast, some devices require a firmware upgrade, and some devices do
not offer that option at all.
Change the SSID

Disabling SSID broadcast doesn’t help much if the SSID remains the
manufacturer’s default, which is just as easily found in the manual as the default
admin password. The SSID should be changed to a custom phrase that is
difficult to guess. The use of non-dictionary words as well as numbers and
special characters for the new SSID is encouraged.

Enable encryption

Wireless devices support the wireless encryption protocol (WEP) with either
64-bit or 128-bit encryption. 64-bit encryption has been proven to be very weak
and easily broken, 128-bit encryption is recommended because it is a lot more
difficult to break (though far from impossible). Some devices might require a
firmware upgrade to support 128-bit encryption. Encryption works by entering
the encryption key on the wireless gateway as well as on the PC with the
wireless card. All transmitted data is encrypted for the transfer between the two
devices. If the encryption key does not match, the wireless gateway will not
communicate. Enabling encryption will usually discourage the casual lazy
cracker and send him off to find an easier target.

Disable DHCP

Most gateway devices by default have DHCP enabled. This means that any new
host on a network that makes its presence known and broadcasts a request for an
IP address and TCP/IP configuration information will be automatically provided
this information without questioning. This is very convenient for the legitimate
user because it means real plug-and-play (minus the “plug” part since it’s
wireless). However, it also makes it very easy for the intruder to connect to a
wireless network. By simply setting his laptop to use DHCP it will immediately
receive all TCP/IP configuration information he needs to connect to the
network.

While it is an inconvenience and requires more maintenance from the legitimate

user, disabling DHCP and manually assigning static IP addresses creates
another hurdle for the intruder. It requires him to manually configure his laptop
with what he thinks are the correct TCP/IP properties to be able to connect to
the network.

Change the default subnet

Disabling DHCP doesn’t help much if the subnet remains the manufacturer’s
default, which is just easily found in the manual as the default admin password
or SSID. Most devices use the common default subnet of 192.168.0.0 with a
subnet mask of 255.255.255.0. The subnet should be changed to another private
subnet. There are a number of non-routable IP address ranges that are reserved
exclusively for use on private networks. These ranges are 10.0.0.0-
10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-192.168.255.255
– plenty to choose from. This will prevent the intruder from assigning himself a
static IP address and TCP/IP configuration information based on the
manufacturer’s default subnet.

Use MAC address filtering

Each network adapter has a unique hardware address also called MAC address.
The first half of the MAC address identifies the manufacturer of the network
adapter, the second half identifies the network adapter. This hardware address is
unique (more or less) for each network card. Most wireless gateway devices
support MAC address filtering. The way this works is that the legitimate user
creates a list and enters only the MAC addresses for network cards that he is
aware of and that he wants to be able to access the wireless network. Any
network adapter with a MAC address that doesn’t match a MAC address in the
approved list will be automatically denied access. Only machines with an
authorized MAC address are allowed to participate in the network. MAC
addresses can be spoofed by a savvy intruder, but using MAC filtering is
another good deterrent.

Practice safe computing

Even though the network is private and hidden behind a gateway device with a
firewall, common sense precautions still need to be used, including but not
limited to:
  Use safe passwords for all user accounts. Use non-dictionary words,
include numbers, special characters, upper and lower case letters. Use
passwords longer than 8 characters. Change passwords every month.
 Password-protect any network shares
 Require a user login for all computers, disable the guest account
 Install Antivirus software on all computers and keep it current
 Install software firewalls on all computers
 Monitor log files such as event logs, firewall logs, antivirus logs, etc. for
unusual activity


Conclusion

As documented in this article, there are many very valid reasons why all
wireless networks should be secured. It is extremely easy to do so with not
much effort and little time. Armed with this knowledge, it would be foolish not
to take the necessary precautions and secure that wireless network. A few
minutes of reading the manual and a few minutes of changing settings could
prevent a boatload of trouble in the future