Read NBlog, the NoticeBored blog
Click the banner for the site map of NoticeBored.com, the information security awareness service
Wireless networking security links

   

In the 90s peoiple went bananas

Securing Wi-Fi / wireless networks

Hacking Wireless Exposed: Wireless Security Secrets and Solutions by Cache, Wright and Liu seems good value at US$31.50 from Amazon.

NIST SP 800-97 “Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i”1

ISO/IEC 27033-7 “Guidelines for securing wireless networking -- Risks, design techniques and control issues” are supposedly in development as part of the ISO27k standards suite.  The standard is expected eventually to “define the specific risks, design techniques and control issues for securing wireless and radio networks”.

Click me to buy me on AmazonHot topic! Network Security Architecture is an excellent textbook by Sean Convery (~$46 from Amazon).  It is thoroughly recommended if you are tasked with preparing network security designs, including wireless networks and links.  See our full book review here and visit the author’s website with a collection of links from the book.

Buy me from AmaonAlthough now sadly out of date, Wi-Foo: The Secrets of Wireless Hacking by Andrew Vladimirov, Konstantin Gavrilenko and Andrei Mikhailovsky (~$27 from Amazon) has useful  information about hacking and, by implication, securing wireless networks.

Wardriving: Drive, Detect, Defend by Chris Hurley, Michael Puchol, Russ Rogers and Frank Thornton (~$33 from Amazon) gets mixed reviews from those presumably hoping for a technical wireless network hackers’ manual but is appreciated by those with more limited technical knowledge.

Men from Florida and the UK were arrested for obtaining unauthorized access to WiFi networks. In the Florida case, the man admitted using a laptop PC in an SUV parked outside the house to ‘steal’ WiFi access. Cases of this nature are bound to consider whether the WiFi network was adequately secured - most aren’t.  The numerous risks relating to WiFi take the edge off an otherwise useful facility.

Beware fake wi-fi connections in public places such as airports and Internet cafes.  Fake connections, perhaps labeled “free wi-fi” or similar, are likely to be ad hoc rather than access point types and may have false MAC addresses.  The hackers use tools such as Airsnarf. They can easily intercept all plaintext network traffic from attached machines including, for example POP3 email passwords, and with a bit more effort may potentially spoof encrypted SSL connections using man in the middle attacks.  If your PC is not properly secured, shared drives and directories may also be fully accessible to the fakers.

AirSnare is an intrusion detection system to help you monitor your wireless network. AirSnare will alert you to unfriendly MAC addresses on your network as well as to DHCP requests. If AirSnare detects an unfriendly MAC address, you have the option of tracking its access to IP addresses and ports or of launching Ethereal.”  It can also email alerts, meaning that it could be run on a suitable machine unobtrusively monitoring a remote chunk of your network.  Interesting idea.

Tools to help the overworked Security Manager identify wireless networks in their premises range from free to $thousands.  At the bottom end are Wi-Fi snooping tools such as NetStumbler and kismet, and the cheap-n-nasty wLAN detectors given away as merchandising at computer shows.  In the mid range is commercial software that uses standard wireless LAN cards to scan the normal Wi-Fi frequency bands, and wide range UHF/SHF scanners.  High end tools use very expensive software to get more information from the wLAN cards, or use dedicated spectrum analyzer hardware to get even more gen, provided the user has the technical skills to control the machine and interpret the output.  Read about (some of) the range on Informit.

Intrusion Detection Systems (IDSes) are being adapted to monitor wireless networks.  Standard IDSes work as normal monitoring the wired Ethernet side of the Access Points while the new wireless-capable IDSes monitor the wireless signals.  See eWeek’s review of wireless IDSs for more.

If you still need convincing that wireless networking is something you need to manage, take a look at this survey.  Security concerns were  raised by more than 60% of the respondents who claimed business benefits from wireless technology.

“A Maryland man with a grudge against a Connecticut-based patent firm used unsecured wireless networks at homes and businesses in the Washington DC area to penetrate the company’s computers and deliver untraceable threats and extortion demands, until an FBI surveillance team caught him in the act ...” (news from The Register).

Even the Department of Homeland Security evidently has trouble securing its wireless networks despite publishing advice in this area.

ComputerWorld’s best practice advice for securing wireless networking starts with a great suggestion - sort out policies, training and awareness.

Having found publicly accessible wLAN Access Points using a portable PC, PCMCIA wLAN card and software tools such as Netstumbler, Airsnort and WEPcrack, ‘war-drivers’ may take up ‘war-chalking’.  wHackers leave chalk symbols on the pavement to indicate accessible wLANs nearby.  Wardriving and warchalking are described at www.wardrive.net.  The site recommends ten controls to improve wireless LAN security, adding that applying them creates a basic level of security.  The site also has a good collection of links to further information on wireless LAN security

Placement and types of antennas may certainly be used to control the range of the wireless network, contrary to the rather disparaging remarks in NIST’s otherwise excellent Special Publication 800-48 Wireless network security – 802.11, Bluetooth and handheld devices.  You may be aware of the organized war -driving contests and various ad hoc efforts to identify wireless LANs that are publicized on the Web.  You may not realize, however, that there are many other wireless networks in the vicinity of the so-called “war -drivers” that were not even identified as such.  This was due to their use of directional antennas and/or careful placement of omni-directional antennas to avoid blanket coverage of public areas (‘security by obscurity’ has some value after all).

Insecure wireless LANs provide a convenient network entry point for hackers to launch practically anonymous/untraceable attacks.  “All the bars and restaurants near our offices have wLANs for waiters to send orders to the kitchen.  All are insecurely configured.  However, since the worst anyone could do is jump the queue for ordering drinks, perhaps the low level of protection is all that’s necessary.” 

An excellent Security Focus article Protecting road warriors: managing security for mobile users takes a broad look at information security for workers constantly on the move.  Another covers Wireless attacks and penetration testing, starting with a description of common attack scenarios. Here are parts 2  and 3

Here are ten top tips from South Africa to secure your wLAN.  Microsoft advises on wLAN security for small- to medium-sized enterprises and published a technical pack/guide to securing wLANs, the Microsoft way.

Boeing has thousands of wireless devices in its gigantic Seattle factory.  Discover how they are secured.

Computerworld’s best practices for wireless network security.

New hot 

Bluetooth, 3G, GPS and RFID

NIST SP 800-48 “Wireless Network Security: 802.11, Bluetooth, and Handheld Devices”

3G standards are presently in disarray – see www.three-g.net/3g_standards.html for a taster of the 3G alphabet soup with terms such as GSM, TDMA, CDMA, UMTS, EDGE and IMT-2000 floating around like croutons.  Hopefully the competing interests involved in the industry will eventually see the light and settle on a proper global cellular standard for their customers who simply want to be able to roam about with a cellphone that actually works at home and abroad

Bluetooth technical standards (such as the Bluetooth Core Specification 4.0) and the brand/trademarks are owned by a trade association, the Bluetooth Special Interest Group

At a broader level, most other IT security standards cover network security to some extent, and many network security standards at least mention wireless networks although the coverage is often minimal and/or outdated.  The current version of PCI-DSS, for instance, does not specifically prohibit the use of WEP or WPA which are well known to have been busted wide open.

Teleworking security

Consider this advice from the US National Counterintelligence Executive when traveling with wireless equipment.  Take care both at home and abroad.

NIST’s SP800-114 is a User’s Guide to Securing External Devices for Telework and Remote Access.

A collection of free software to load and run from your USB stick may be useful if you are forced to use an untrustworthy public PC in, say, an Internet cafe or departure lounge.  Lightweight USB browsers and secure password vault programs are worth using but you can’t beat using your own secure wireless laptop or PDA.

This short guide on working from home covers security and other teleworking issues.

An international survey reveals a fascinating discrepancy between what teleworkers say they do in the way of information security and what they actually do.  For example, about a quarter admit to personal use of company laptops yet around half say they shop online (OK, some might be shopping with the corporate credit card, but probably not all of them).  There are significant implications for those of us who use questionnaires and interviews to assess the level of security awareness.  Essentially, the survey warns us against believing everything are told and to beware the gap between perception and reality.

The Internet Security Alliance posted this paper from CERT advising homeworkers on the basics of information security. 

In theory at least, Virtual Private Networks (VPNs) using strong encryption create a significant barrier to hackers whilst providing a secure ‘pipe’ for remote communications over public networks such as the Internet.  However, it seems that VPNs are not always properly configured in practice, leaving organizations with a false sense of security.  This is a classic example of the situations described by crypto-guru Bruce Schneier: VPN security remains theoretically sound but implementation problems often open up serious vulnerabilities in the real world.  A long article in SecurityPipeline recommends changing from IPsec to SSL for VPNs.

War-dialling (meaning the use of hacking programs to dial a range of phone numbers in a search for modem responses), once a well-known threat from the hackers and phone phreaks of old, seems to have been forgotten by today’s system administrators.  This is somewhat surprising as war-driving, for example, is essentially a modern version of much the same techniques.  Software tools such as PhoneSweep can be used to check a range of numbers for modem responses, and SandTrap is a honeypot designed to intercept incoming war-diallers.

Related NoticeBored links collections

Network security and gizmos

NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk.  Please let us know about new or broken links.
HomeLinks > Wireless security links >

Copyright © 2012  IsecT Ltd.