Wi-Fi: It's Fast, It's Here -- and It Works

Businessweek ^ | 4/02

[LonePalm]

Neat, we demo'd this at a government trade show two years ago.

Garde la Foi, mes amis! Nous nous sommes les sauveurs de la République! Maintenant et Toujours!
(Keep the Faith, my friends! We are the saviors of the Republic! Now and Forever!)
LoanPalm, le Républicain du verre cassé (The Broken Glass Republican)

[Oschisms]

Just one thing: Make sure that you use a distinct SSID (don't use the default) and turn on 128-bit Wireless Encryption Protocol (WEP).

Could you elaborate a little on this. Is this only available with the Cisco switches?

[Dinsdale]

WI-FI is essentially useless without cheap broadband access.

You are confusing some issues here. A home network is still usefull without an internet connection at all. It all depends on if you have a use for it. (I had coax ethernet with only a dialup and it was usefull to me, now I've got 100Mbit ethernet a proxy and a cable modem)

You can also use wireless networking to get broadband over miles (assuming you do some 'off label' mods, greater range if you ignore uncle Charlie). Cringly and many others have done this. They pay for a distant but in line of sight neighbors cable modem connection on the condition that they allow him to piggy back his broadband off theirs. This violated the ISPs terms of service but is not illegal and is almost impossible to detect.

[Dinsdale]

128-bit Wireless Encryption Protocol (WEP).

< Dale Dribble > 128-bits is not nearly enough. 4K-bits will keep the NSA out.< /Dale Dribble >

[Bush2000]

128-bits is not nearly enough. 4K-bits will keep the NSA out.

If you're worried about the NSA, dude, don't even consider Wi-Fi. Any wireless protocol is inherently weak against that kind of firepower...

[Dinsdale]

Hence the Dale Dribble tag. The NSA could care less about what I'm up to.

[Bush2000]

Could you elaborate a little on this.

I'd be glad to.

Is this only available with the Cisco switches?

No. It's available on nearly all APs. Because Wi-Fi access points cannot control the range or content of radio waves, nearly all of them *must* have built-in security; otherwise, any homeboy cruisin' outside your house with a wireless NIC could access your network. If you find an AP that *doesn't* have WEP, run screaming in the opposite direction.

The problem is that most folks take their APs and NICs out of the box, install them in their machines with the default settings (no security), and don't bother to secure them at all. That is bad. Sure, your neighbors may be honest and not tap into your network ... but maybe not. And if you consider the type of information you store on your computer (accounting stuff, documents, portfolio management, etc), you can see how vulnerable you are if you don't secure your APs.

Here's the way a hacker can get in. First of all, he gets a cheap notebook computer, a wireless NIC, and a power amplifier. He figures that most people in the area are probably using a LinkSys or a Cisco AP. So he specifies the default SSID (depends on the AP). Then, he gets in his car and cruises through a local subdivision in your area. Because he has an amplifier (as an aside, people have used things as simple as Pringles cans to complement their NIC antennas), the NIC locates a suitable network and, because WEP isn't being used, the AP associates the NIC automatically. The hacker is now connected to your LAN. It's as if he has an Ethernet cable hardwired from his notebook to your router (yes, it's that bad). Now, he can sit in his car and run various utilities against the servers on your network (ping, tracert, etc) to figure out your network topology. He can also launch the NIMDA worm to penetrate unpatched IIS servers on your network and wreak tremendous damage.

Or, he can simply take over some of your servers and prevent you from accessing your own network. How? Most APs support the HTTP protocol. That means you connect to them and configure them with a standard web browser. Since you didn't change the password when you installed the AP, he figures out the IP address of the AP and connects to it via his web browser (ie. http://192.145.0.1). Now, he changes the password or installs his own WEP key so you can no longer connect to it (the only thing you could do after that would be to cold boot the AP and push the reset switch). Or he could connect to your firewall via HTTP and turn off filtering -- so all outside traffic gets routed onto your network. Very bad. You no longer have a firewall.

That's why you need to set strong passwords on your AP, use 128-bit WEP, and use a different SSID. Any questions? ;-)

[Bush2000]

Security issues? If you're implementing a businees connection, by all means, CYA! with firewalls, encryption, AV software, and all that. But home use? The practical limit is 500 feet. If you know who your neighbors are . . .

There are no exceptions to security with Wi-Fi, business or home. It's incredibly easy to drive through a subdivision and find unprotected access points. Mark my words: There will be a tremendous amount of computer crime/vandalims because of the explosion in unprotected Wi-Fi devices and insufficient security. Beware. There be dragons outside...

[Psycho_Bunny]

Wow. This thread only went six posts without someone bringing up MS and Apple.

>:P

[Bush2000]

See #27 ;-)

[Ernest_at_the_Beach]

Thanks for the ping!

To find all articles tagged or indexed using tech_index

Click here: tech_index

[Ernest_at_the_Beach]

And the April 22 Businessweek has an article about a new superfast data-beaming technology is on its way!

My login is messed up so I can't put up a Link to it!

[TechJunkYard]

He figures that most people in the area are probably using a LinkSys or a Cisco AP. So he specifies the default SSID (depends on the AP). Then, he gets in his car and cruises through a local subdivision in your area.

It's even easier than that. Just plug in a wireless card, start up NetStumbler and go out for a drive. The tool scans for all wireless systems, decodes the SSID and tells you whether the encryption feature is enabled. There are other tools which can calculate your encryption keys once they collect enough encrypted packets.

On a recent two-mile drive from the house to the office, I sniffed six wireless systems (including my own) and three of them were set up with default SSIDs and NO encryption... wide open.

Look for Access Points which use MAC filters in addition to the encryption keys... you enter the MAC addresses from all of your wireless cards and the AP won't talk to any other cards. The Linksys box has that feature, I don't know about any others.

[Bush2000]

And the April 22 Businessweek has an article about a new superfast data-beaming technology is on its way!

I read that article. It appears that they still have a ways to go on that technology. For example, they were talking about exchanging keys via light and using the fundamental nature of light to verify that the error rate didn't exceed 50% to signify that eavesdropping/substitution hadn't occurred; however, the scenario failed to account for a man-in-the-middle attack where the middler pretends to be the target and ignores the target completely and acts as his proxy. Nonetheless, the core technology seems sound and very promising, if costs can be contained.

[Bush2000]

On a recent two-mile drive from the house to the office, I sniffed six wireless systems (including my own) and three of them were set up with default SSIDs and NO encryption... wide open.

Careful, dude. I know that sounds harmless enough but, technically speaking, it's the same as breaking-and-entering...

Look for Access Points which use MAC filters in addition to the encryption keys... you enter the MAC addresses from all of your wireless cards and the AP won't talk to any other cards. The Linksys box has that feature, I don't know about any others.

I know that the Cisco APs have that feature. I turned it on. The question is ... can you sniff the traffic and figure out the MAC addresses of other boxes trying to hit the same AP? I'll bet it's possible.

[TechJunkYard]

Careful, dude. I know that sounds harmless enough but, technically speaking, it's the same as breaking-and-entering...

Not at all. I don't access anything, just receive and decode radio signals, like any other radio receiver. I'll admit that it has been tempting to try to pull a DHCP address, but (so far) I haven't yet crossed that threshold.

.. can you sniff the traffic and figure out the MAC addresses of other boxes trying to hit the same AP? I'll bet it's possible.

AFAIK the NetStumbler tool looks for the packets broadcast by the AP which include the SSID and other info. In order to hear the clients, you'd have to be really close. I'm sure the other tools can do it, since their objective is to collect as many packets as possible. I don't know if the MAC info is encrypted in the packet or not. Seems that the most prudent thing to do is use the MAC filter and change your keys periodically (and I do).

[Gorest Gump]

Thanks for the info.

[Oschisms]

Darn. When I took a friend's laptop outside of my apartment and attempted to access any of my PC's shared drives, I was prompted for a network credential & took it as (relative) security.

I checked out my admin settings on the access point and saw the ability to turn on WEP and change SSID. Cool. I'll probably work on that this weekend. Unfortunately, that probably means dealing with SMC tech support. (Arrrgh!) Thanks for the info.

[Oschisms]

BTW, I would like to state for the record that I did change my AP password the day I set it up...

[Fish out of Water]

Interesting thanks for the ping