<a href="http://www.wirelessnewsfactor.com/perl/story/19776.html">http://www.wirelessnewsfactor.com/perl/story/19776.html</a><br /><br />Judging by all the interest lately in things like "warchalking" and all the comments made by IT professionals, I'd pretty much concluded that WiFi networks are getting hacked left and right these days. However, this interesting article on the WirelessNewsFactor site describes a more realistic viewpoint.<br /><br />"The world of wireless hacking has yet to see the equivalent of some of the highly publicized hacks that hit wired computing in the past. With the exception of one well-publicized incident last year -- someone claimed the ability to intercept data being transmitted at a Best Buy store -- nothing has gone awry enough to give wireless hacking the same reputation as the dreaded conventional variety. But that is not to say it cannot happen."<br /><br />Now, I know that getting a free ride on the Internet is pretty common and easy to do, but just how much real intrusion HAS been made into private corporate networks? I have to admit that I've heard a lot of warnings about the risks of WiFi, but no stories of real hacks. I guess I should have more misgivings about using my WiFi-enabled Pocket PC, but it sure seems like the warnings are over-hyped...Unless you know something I don't.

Many SMEs do not know how to properly setup their wireless network and even if they want to, to do it properly comes at a cost that is out of reach (Cisco tech).

How many Mac user did know that Airport was highly unsecure when they setup their system some years ago?

The FBI has stated that hacked companies have lost $500'000'000 last year. The hackers used wireless gateways in one third of the cases....

It's not easy to find companies that will openly talk about how easily they were hacked...Even now, some just take minimal action and think they're safe.

The FBI has stated that hacked companies have lost $500'000'000 last year. The hackers used wireless gateways in one third of the cases....

Got a reference for those numbers? I don't doubt the first, but the second needs to be substaniated. :roll:

If they are using encryption, I don't see how the Wifi is any less secure than wired. Granted, the 'hacker' doesn't have to be physically attatched to the network, but at least they have to be relatively close (Ie: the same State, Country, Continent...), so instead of having the pool of millions of hackers worldwide, you only have the local goofs, and the truely determined ones that would be willing to travel, but if they are that determined, they'd probably find a way to do it across the wires.


Just my 2 cents.

Granted, the 'hacker' doesn't have to be physically attatched to the network...
That's an interesting point, and one that's mentioned in the article. If you're trying to hack a network through hard wire, you can be located just about anywhere. But, if you're trying to get into a WLAN, you've got to be doing something like lurking in a car in the parking lot or office nearby. It just may be that that is a discouraging factor, because it's harder to hide your activities.

Judging by all the interest lately in things like "warchalking" and all the comments made by IT professionals, I'd pretty much concluded that WiFi networks are getting hacked left and right these days. ...
When I first set up my Linksys WAP11 (v1.0) over a year ago, I didn't bother turning on any security features. I knew the risks, but didn't think it was anything to be concerned over in this neighborhood of mostly "old people." :) About two weeks later, I noticed a DHCP lease in my router for a machine I couldn't account for on my network at home. At the time, the firmware in the access point didn't have anything beyond WEP encryption, so that was all I could do to secure my wireless LAN. I turned on 128-bit encryption, deleted the IP lease, and it hasn't come back since. Later firmware revisions for WAP11 v1.0 and v1.1 hardware added MAC address filtering, and the ability to turn off SSID broadcasting.

I now have a WAP11 v2.2 and have it locked down as tight as I can. 128-bit WEP, a MAC address list with only those cards' addresses that are used at home or by friends when they stop by, and SSID broadcasting turned off. Before I turned off broadcasting, the WAP11's log would occasionally show "[Such and such MAC address] dropped by MAC filter." So people could still see the network, they just couldn't associate with it. Now that broadcasting is turned off, it's almost impossible to even see that the wireless LAN exists, and I've had no intrusion attempts that I'm aware of.

Often, even if the tools to secure the wireless LAN are built into the product, they're not enabled by default to make the devices painless to set up by end users. Even high-end equipment like Cisco's Aironet gear is pretty much wide open by default. From a support standpoint, I can understandy why companies do that. If it works out of the box, it means fewer support calls that you have to field. However, there are thousands of wireless LANs that are wide open because their owners don't know any better. :roll:

At my last job at a local university, we had three mobile carts -- one at each campus -- with Wi-Fi-equipped laptops that could be set up in a few minutes for use in a classroom that didn't normally have PCs in it. Each cart has a Cisco Aironet 340 access point (or 350, depending on the age of the cart) and each laptop either has a 340 or 350 card or built-in Wi-Fi (again, depending on the age of the cart.) For months, there was no security at all on any of the carts. No WEP, default SSID, etc. At the time, when the access point was connected to a wall jack in a classroom, it was inside the firewall and had pretty much unrestricted access to the entire campus network. 8O For the fun of it, I pulled my car up to the parking lot next to the building where a cart was in use for a class, fired up my laptop, was given an IP address, and was on the 'net without having to jump through any hoops.

This always bothered me and I finally brought it to the attention of the network manager, who decided something had to be done to fix that. So, the lead tech took it upon himself to set up the carts so they were "secure." All three carts now have a 128-bit WEP key that will probably never be changed again, still use the default SSID ("tsunami," for those who are interested,) and the access points are still attached to the network inside the firewall. :roll:

Horrible place to work. "Reorganizing" me out of a job was the best thing they did.

--Dave

About the numbers: should be on the fbi IT site. Those where cited in a TV report about wireless hacking.

About the fact that you have to be close to the destination, this is not really an issue for a hacker when your company is downtown...Even better, they could watch your moves ;)

MAC addresses can be easily spoofed....but I think Decius described some valid measures to be taken to prevent "casual hacking".

What is the performance hit when using WEP?

Read this: http://www.entrust.com/solutions/vpn/wirelessfaqs.htm

*shakes head* That's like saying because a building hasn't burned down that it isn't a fire trap. The hacker community in general don't release their secrets easily. It's only when it falls into the hands of someone who wants bragging rights where the idiot spills his guts to the world is when you get things posted on sites like ZDNET. A professional hacker can break WEP encryption period. I'm not talking some little old script kiddy that is looking for a challenge. I'm talking someone who is intending to crack your network to do more then just snoop. With tools like AirSnort. I myself haven't played with it yet but I hear that it’s a relatively easy way to access encryption keys that WEP uses.

As the above mentioned site talks about the best method of securing a wireless network is to have a multilayered level of security that includes a VPN solution within the wireless network. But of course this adds $$$ to the price to implement such a network.

I can say that our company does not use ANY type of wireless devices. This ranges from IR keyboard (That can be intercepted and read with the appropriate equipment.) to 802.11 wireless to Bluetooth. The technology is too new to implement in an enterprise environment. The 802.11i I believe is a standard for advanced security on wireless.
In any case the biggest concern is that there is no longer any need to be on site to hack a site. You could be out in a parking lot and hack a system from your car. I’m personally looking at implementing a wireless network in my home but unless I can get IPSEC or VPN up and running ain’t no way I’m touching wireless.

...MAC addresses can be easily spoofed....but I think Decius described some valid measures to be taken to prevent "casual hacking".Indeed, "casual hackers/crackers" will be kept out by my security measures. MAC addresses are very easy to spoof once you figure out one that's on the list. If you're able to sniff some wireless traffic, though, grabbing a MAC address is trivial.

That's where turning off SSID broadcasting helps a lot. Most wardriving/walking tools rely on wireless LANs to advertise themselves by their SSID broadcasts. Turn those off and it becomes difficult -- but certainly not impossible -- to even discover that the wireless LAN exists. If you can't see that it's there, you can't even attempt to break in.

What is the performance hit when using WEP?I've not done any actual tests myself, but with the WAP11 v1.0 that I had before and the v2.2 that I have now, I didn't perceive any negative impact of WEP encryption. The Practically Networked review (http://www.practicallynetworked.com/review.asp?pid=400) did tests and found only a slight decrease in performance.

--Dave

i do the same, disable broadcast of my ssid in my neighborhood of 'old people'

you made the comment 'not impossible to hack disabled ssid'

how do they hack if they dont see the ssid? interesting.

A professional hacker can break WEP encryption period.
Yup. The only exception to this is ORiNOCO's WEPplus, which is an implementation which fixes the weak key initialization problem. No one has managed to hack that one, yet.

However, it really depends on your network topology to determine best-security policies. At Columbia University in NYC, since the network is virtually open (i.e., jacks everywhere), it makes no sense to put WEP encryption. Columbia has been deploying ssh, kerberos, etc. to prevent password sniffing, so they're pushing security up to the application as they assume the network layer is insecure by definition. Most Columbia applications are also assumed to be open from the outside.

In other entities, especially corporations, physical network-layer security is excruciatingly important, as services are turned on inside but inaccessible from the outside. In those cases, WEP is often insufficient, and you need IPsec or somesuch.

In a typical home or small office network, it's mixed. If you know what you're doing, you don't need a firewall or WEP encryption -- Windows supports encrypted passwords, turning off file sharing, etc. However, for the average household where people just turn on no-password file sharing, a firewall is a good idea. WEP (or, better, WEPplus) combined with no-broadcast, etc. is probably good enough as a security deterrent.

It all comes down to defining "hacked" in the proper context. One needs to determine what level of security you need.

--bdj

That free eSeminar about Securing Remote and Mobile PCs :
http://www.webseminarslive.com/event_details/0,4171,e=37,00.html?kc=%20zdfm1002

might be of interest to people who want to improve their security.

i do the same, disable broadcast of my ssid in my neighborhood of 'old people'

you made the comment 'not impossible to hack disabled ssid'

how do they hack if they dont see the ssid? interesting.
Dictionary or brute force attacks, perhaps?

Steve

Security Practicum: Essential Home Wireless Security Practices
http://arstechnica.com/paedia/w/wireless-security-howto/home-802.11b-1.html