Wep_security

Wifi Network Overview

Is your wireless network secure?

Many people buy a wireless network to get rid of the cabling. But is that same network secure at all? Even with 128bit WEP encryption it's pretty east to hack your network as long as one has the proper tools. More and more Linux software pops up on the internet which is especially made for wardriving and hacking wireless networks. P.H.L.A.K. (Professional Hackers Linux Assault Kit) and the superior Auditor are just a couple of examples.

After burning a LiveCD you can startup with it and use Linux to find your victims. In the city centre it's pretty easy to pick up a wireless signal from an Access Point while walking through the streets. Most of the time serveral signals are in the neighbourhood and a couple have excellent range. The software that comes with wireless cards automatically scans the area for a usable signal. If you're in luck that signal is not encrypted and you can immediately surf the internet on somebodies connection. Should a signal be encryted it only takes a few steps more, a piece of luck and the proper hard- and software to bypass the protection.

Obviously many people who buy wireless don't care or are not aware of the risks that come with it. It happens that more Access Points in each others vicinity carry the same SSID, like "default", "sitecom" or "Belkin54G". Should these AP's be to close to eachother, situations where the neighbours are using eachothers internet without knowing it can happen. Conclusion: open the Control Panel of your newly bought AP (just surf to it with Internet Explorer) and change the default SSID or even better, turn this feature off if possible.

Access Points often use WEP or WPA encryption. Data gets sent with 64 or 128 bit encryption. Sounds safe at first, but it's not. Depending the brand of the victims AP this encryption can be hacked with CPU power, as shown in the screenshot.

All data being sent between AP and client travel through the ether. These encrypted packets are intercepted and temporarily stored by the hacker. First Kismet is used to determine which AP's are in the vicinity and which clients are attached to it. After making notes of a victims MAC address tools like Aireplay and

Aircrack come into action. Both WEP and WPA have mistakes in the encryption methods thus making some data packets more interesting than others. The interesting packets are being resent to the AP in a massive way. The hardware gets distracted and as a result it will send more interesting packets which are stored by the hacker again. If enough data is captured (anything from 500.000 up to 2 million packets with so called "Weak IV" data), the Aircrack will be launched. This program analyzes the packets and tries to find the WEP key by simply brute forcing it. This will be no problem and the proper key is foung in seconds.

Little can be done in order to prevent these kind of attacks. Your ISP cannot see if somebody is using your internet connection to surf the web. Some tips to protect your wireless network as much as possible:

- Try not to buy one of the brands SpeedTouch, Sitecom, E-Tech, Linksys nor Sweex. This hardware is hackable with   no problems or are known to crash when an attack occurs. In short: no protection possible. Cisco hardware is   protected against attacks from the outer world and it should be far more difficult to break in.

- Prevent signal leakage to the outside, so don't place your AP next to a window but let it transmit into the room.Shield   the AP on the back with a lead plate to prevent the signal from travelling through the walls into the neighbours   appartment.

- Lower the transmition rate so the signal will get to weak once it reaches the street. This will not prevent neighbours   very close to you, from sniffing traffic on your network

- Never use a default SSID and disable this option if possible. Never use your name of streetname as SSID. It is best   to do so for privacy reasons.

- Enable the highest level of protection possible on your AP and use a changing key if possible. If you are not familiar   with network setup get somebody else to do it for you.

- Do not store any passwords in the AP, these can be recovered quite easily. You will be amazed when you notice that   somebody has logged in your email.

- Disable DHCP and provide wireless clients with a static IP address. Again if you are not familiar with this rather have   someone to do it for you.

- Use the MAC filter option to only allow workstations with known networkcards. However, this is not sufficient and can   be bypassed by a hacker. The client MAC addresses are already known by the hacker so he can use the AP if a   certain client is offline at that time.

- Locking at the log file of the access point will make you notice of how many machines are connected to your signal.   This is always very usefull thing to do.

Do you need help with securing your wireless network? We can help you with it!