REGISTER | Lost password ? |
forums file and links archive
logged users ::
registered users:72197
Ngtdream
New Order news backend or more advanced version. |
Security and Wireless Networking Introduction Wireless networks have spread fast
and everywhere. Just walking around the city one is being exposed to millions
of bytes of data worth of radio waves. Even here at this university until recently
we were using wireless networking to connect the buildings. The advantages of
wireless networking (WLANs) very often seem to be valued higher than the security
risk it poses. Many people will sacrifice their data integrity for mobility.
There are point-to-point and client/server wireless networks. The later usually
have an Access Point, a controller that receives and re-transmits the data from
the machine. There are four types of wireless networks: Bluetooth, IrDA, HomeRF
(SWAP) and WECA (Wi-Fi). Bluetooth is used but not that widely.
It is not yet available for transmitting high rates of data between computers. IrDA (Infrared Data Association) is
the standard being used by devices that work using infrared waves. In order
for these devices to operate there must be no physical obstacles between them.
HomeRF and WECA are both based on the
IEEE 802.11 specification, or wireless Ethernet. Facts and Risks With WLANs we open doors to unauthorized
users. We give access to people from the outside. Identifying these people is
harder than in wired networks. WLANs pose the following risks: · Exposure of confidential information
(passwords, secret data). This information, unlike in wire networks where it
is enclosed in wires, flows through the air. This makes it easy for it to be
sniffed[1]. Once passwords are sniffed the network can be compromised further. · Loss of data reliability and
integrity occurs. The data that is considered important to your work can be
accessed, modified, stolen, damaged, deleted and maybe even used against you.
WLANs offer many more options to people to access this kind of data. · Difficulties arise with dealing
with the network, resources, detecting network problems, detecting intrusion.
In wire networks we can detect if someone is sniffing our packets, in WLANs
its harder. The Way of Hacking Most people as we said over-look the
security issue of WLANs. Most think that the network is contained within the
walls of their premises. Same as when dealing with wire security issues, WLANs
can easily be compromised by both insider and outsider attackers[2] like an
employee or a power-user[3]. If WLAN is enclosed within walls a simple RF (Radio
Frequency) link to the outside can be installed so that everyone out there can
access your network. Devices like this cost no more than $150. In order for
users to access WLANs, they need to setup Wireless Network Interface Cards (WNIC)
that are usually PCMCIA cards and an Access Point, or the gateway to the network.
An Access Point consists of a WNIC and an Ethernet port, these two are tied
together; the linkage between the two can be also done with software. The function
of the link is to pass traffic from the WNIC to the Ethernet card. People believe that the signals from
a WNIC dont leave the building. But signals are still strong enough to
pass through and travel in the air, with windows and doorways being the hotspots
because they offer little obstacles. This could bring disaster to the company
or university if an employee or student decided to connect from the outside
and cause damage to the network. Many attackers can use camouflage techniques
to hide Access Points they themselves have installed (since Access Points are
very light and generally no bigger than an average book). This would be hiding
them among books, roof tiles (to increase transmitting range) or hide it anywhere.
Access points of such type are good only for transmitting within 1000 ft (304.8
Meters), for greater distances RF antennas must be used. This makes them more
difficult to conceal but an experienced attacker will build their own antennae,
one that will blend-in with the environment, like a picture frame or hocked
on a piece of furniture. Attackers prefer to place antennas in places where
there is a lot of traffic, such as a switch, so that access to more information
is possible. An attacker from inside can also setup a wireless relay that would
retransmit traffic to an outside destination. Some of these relays can go as
far as 20 miles (32 Km). Another generally and often overlooked security threat
would be cell phones. They are harder to detect since they are so common thus
a laptop connected to one would serve as an Access Point for anyone outside
the premises of the WLAN. But one of the most spread vulnerabilities
of WLANs comes from administrators themselves. They often use DHCP[4] to assign
IP addresses and this makes it possible for anyone to simply sit outside the
building and get connected. Stopping Attackers As an administrator of a WLAN the first
thing one must do is try to reduce as much as possible the amount of RF signals
escaping the building. Hopefully if there were no signal an attacker would try
and hit the gateways that are monitored better than the rest of the network.
The location of the antennas and Access Points must be chosen carefully. Another
step would be to modify the building to stop bleeding or leaks of
RF signals. There are a number of proposed steps in this: · Grounding interior walls when
using metallic covering · Installing thermally insulating
glass (which attenuates RF and IR signals) · Usage of metallic Venetians
instead of plastic · Place WLAN devices such as
Network Closets[5] and sensitive areas away from exterior walls · Lining Network Closets with
aluminum foil · Use of metallic doped paint
for walls · Limiting the power of a signal
by changing the attenuation of the transmitter Besides shielding us from attackers
the other benefit of this shielding is that inside resources are protected from
outside interference, either intentional or unintentional. Detecting Intrusions RF Perimeter Detection System offers
protection from wireless attackers located outside the building or a certain
perimeter. This can also be used to separate the network into a private and
public domain, thus increasing the security of the network. All users coming
from the public domain (or part) of the network would be treated as any other
user from the Internet. Signal Leakage Detection System is
consisted of receivers placed along the perimeter of the building. These receivers
are directed toward the building and are used to detect any abnormal signaling
coming from the building. This can help to monitor what comes out and goes into
the WLAN. Passive Monitoring Stations are similar
to Leakage Detection Systems but are usually within the building. These monitor
any unknown Ethernet signals and for big networks there might be a need for
a few of them to cover the whole network. These can be used to detect the following:
unregistered MAC addresses cloned MAC addresses[6] or an increase in re-authentication
frames. Often sweeps of the network
are required to discover sources of unauthorized signals and devices. Many consumer
solutions exist for this but these generally look for known types of device.
If one wants to do a through sweep then we must look not only for RF signals
but also for IR signals using night vision or thermal imaging devices. Ensuring Security from the Network
Itself An attacker can sniff out the network
traffic. Thus data between computers on a WLAN must be encrypted and protected.
Establishing an encrypted tunnel between the machines can do this. One of the
encryption standards used today is IPSecurity (IPSec); it has proven to be stabile
and hard to break. Other options exist such as SSH or an encrypted protocol
such as SSL (Secure Socket Layer). Authentication is another important
aspect. The infrastructure of 802.1x networks offers the use of the Extensible
Authentication Protocol (EAP) to authenticate wireless stations on the network.
There is also the option of using an authentication server to do this job. Unfortunately some of the IEEE specifications
have vulnerabilities. If we talk about the integrity of information the 802.11
specification uses a shared public key to encrypt the connection. The problem
is that this key is used by everybody else on the network and the mechanism
of encryption it uses is nothing more than a CRC (Circular Redundancy Check)
mechanism which is actually an error checking method. The authentication method
of this specification (802.11) is also vulnerable due to a flawed publicly shared
key. How Do Attackers Do It? This is a post on USENET news groups
regarding wireless network hacking when asked how is it done: it's very simple, i drive around
the town, with my card set to roam, and look for a dhcp network, with a short
script i wrote, and it alearts me when it finds one. VERY simple, i originally
got the card cause my school runs a wireless network, and it's nice to sit around
campus, but it's also nice sitting at the park or starbucks and be able to surf
with my linux box :-) So to hack, hackers use some sort of
a scanner. This scanner can be a simple Laptop with a Wireless Network Interface
Card (WNIC). This kind of a laptop can be set to continually ask for an IP from
the network and thus when it happens to be in the range of one (assuming that
the network is using DHCP) it will receive an IP and as a result will be able
to access the internet, sniff traffic on the network or even maybe (if the network
is very insecure) use resources and data. A laptop can also be equipped with
GPS[7] so that the hacker can mark the position where the signal is the strongest.
Another option is to use directional antennae[8]. These antennas are used to
receive network traffic from distances or receive traffic that is directed in
one way. These antennas make it possible to hackers to do their job from the
distance. If strong enough these can be used to access networks at very large
distances. If the network we want to connect to
doesnt have DHCP then we can try and grab some of their packets and try
and figure out what their IP range is. This would enable us to find a free IP
and connect using it. One tool for discovering wireless networks
is Kismet (for Linux). All you need with this is a WNIC. This tool will check
the area in the vicinity for any wireless LANs. Why Is It Important One may ask why is it important for
me to secure my WLAN if I dont have any sensitive information on it? The
answer is simple: You can get arrested. There are those people who will launch
a virus, an attack on a server, credit card fraud or DDoS[9]. This happens today
in normal LANs, computers are hijacked by attackers to do illegal
things. WLANs offer a new perspective to this. They make it easier and more
anonymous. The probability of capturing the people responsible for illegal things
if they used WLANs is very small, especially if they are operating from distance. Consulted Sources BMX Num 24. (2001). Hacking into 802.11
wireless networks. -------------------------------------------------------------------------------- [1] Sniffing the process of
retrieving the data packets from a network and thus acquiring the data, be it
passwords, chat sessions, file transfers or system requests. Simply, sniffing
permits people to capture packets from your network [2] An Attacker a person who
is intentionally trying to break into your system. To not be confused with Hacker,
or people who break into systems for sheer pleasure of learning. Attackers (or
crackers, lamers, script kiddies) are not worthy of being called Hackers [3] Power User a name for users
who have more rights on the computer than usual/average/normal users. Power
Users can install software and make limited system changes [4] DHCP Assigns IP addresses
to new computers on the network automatically [5] Network Closets a big box
that contains hubs, switches, routers and has tons of cables coming out of it,
a very important piece of network equipment [6] Cloned or Spoofed is along the
same lines, it is faking an address, either a MAC or IP address [7] GPS Global Positioning System,
used to give accurate location on the globe [8] An antennae that looks like a cylinder
and receives/sends signals in one direction [9] DdoS Denial of service attack,
an attack launched against a server with the intention of bringing its services
down
read comments (1) /
write comment |
The content on this site is (c) by particular authors and the New Order (neworder.box.sk) team.
Design is (c) by Box Network ltd.
For more informations about the New Order contact cube