49

Appendix B: Wireless Security

What Are The Risks?

Wireless-G PrintServer for USB 2.0

But even WEP has its problems. WEP’s encryption algorithm is referred to as “simple”, which also means

“weak”, because the technology that scrambles the wireless signal isn’t too hard to crack for a persistent

hacker.

There are five common ways that hackers can break into your network and steal your bandwidth as well as your

data. The five attacks are popularly known as:

1.

Passive Attacks

2.

Jamming Attacks

3.

Active Attacks

4.

Dictionary-building or Table Attacks

5.

Man-in-the-Middle Attacks

Passive Attacks

There's no way to detect a passive attack because the hacker is not breaking into your network. He is simply

listening (eavesdropping, if you will) to the information your network broadcasts. There are applications easily

available on the Internet that can allow a person to listen into your wireless network and the information it

broadcasts. Information such as MAC addresses, IP addresses, usernames, passwords, instant message

conversations, emails, account information, and any data transmitted wirelessly, can easily be seen by someone

outside of your network because it is often broadcast in clear text. Simply put, any information transmitted on a

wireless network leaves both the network and individual users vulnerable to attack. All a hacker needs is a

“packet sniffer”, software available on the Internet, along with other freeware or shareware hacking utilities

available on the Internet, to acquire your WEP keys and other network information to defeat security.

Jamming Attacks

Jamming Attacks, when a powerful signal is sent directly into your wireless network, can effectively shut down

your wireless network. This type of attack is not always intentional and can often come about simply due to the

technology. This is especially possible in the 2.4 GHz frequency, where phones, baby monitors, and microwave

ovens can create a great deal of interference and jam transmissions on your wireless network. One way to

resolve this is by moving your wireless devices into the 5 GHz frequency, which is dedicated solely to information

transmissions.

Downloaded from

www.Manualslib.com

manuals search engine

50

Appendix B: Wireless Security

What Are The Risks?

Wireless-G PrintServer for USB 2.0

Active Attacks

Hackers use Active Attacks for three purposes: 1) stealing data, 2) using your network, and 3) modifying your

network so it's easier to hack in the next time.

In an Active Attack, the hacker has gained access to all of your network settings (SSID, WEP keys, etc.) and is in

your network. Once in your wireless network, the hacker has access to all open resources and transmitted data

on the network. In addition, if the wireless network’s access point is connected to a switch, the hacker will also

have access to data in the wired network.

Further, spammers can use your Internet connection and your ISP’s mail server to send tens of thousands of e-

mails from your network without your knowledge.

Lastly, the hacker could make hacking into your network even easier by changing or removing safeguards such

as MAC address filters and WEP encryption. He can even steal passwords and user names for the next time he

wants to hack in.

Dictionary-Building or Table Attacks

Dictionary-building, or Table attacks, is a method of gaining network settings (SSID, WEP keys, etc.) by analyzing

about a day's worth of network traffic, mostly in the case of business networks. Over time, the hacker can build

up a table of network data and be able to decrypt all of your wireless transmissions. This type of attack is more

effective with networks that transmit more data, such as businesses.

Man-in-the-Middle Attacks

A hacker doesn’t need to log into your network as a user—he can appear as one of the network’s own access

points, setting himself up as the man-in-the-middle. To do this, the hacker simply needs to rig an access point

with your network’s settings and send out a stronger signal that your access point. In this way, some of your

network's PCs may associate with this rogue access point, not knowing the difference, and may begin sending

data through it and to this hacker.

The trade-off for the convenience and flexibility wireless networking provides is the possibility of being hacked

into through one of the methods described here. With wireless networks, even with WEP encryption, open to the

persistent hacker, how can you protect your data? The following section will tell you how to do just that.

Maximizing Wireless Security

Security experts will all tell you the same thing: Nothing is guaranteed. No technology is secure by itself. An

unfortunate axiom is that building the better mousetrap can often create a better mouse. This is why, in the

Downloaded from

www.Manualslib.com

manuals search engine

51

Appendix B: Wireless Security

What Are The Risks?

Wireless-G PrintServer for USB 2.0

examples below, your implementation and administration of network security measures is the key to maximizing

wireless security.

No preventative measure will guarantee network security but it will make it more difficult for someone to hack

into your network. Often, hackers are looking for an easy target. Making your network less attractive to hackers,

by making it harder for them to get in, will make them look elsewhere.

How do you do this? Before discussing WEP, let’s look at a few security measures often overlooked.

1)Network Content

Now that you know the risks assumed when networking wirelessly, you should view wireless networks as you

would the Internet. Don’t host any systems or provide access to data on a wireless network that you wouldn't put

on the Internet.

2)Network Layout

When you first lay out your network, keep in mind where your wireless PCs are going to be located and try to

position your access point(s) towards the center of that network radius. Remember that access points transmit

indiscriminately in a radius; placing an access point at the edge of the physical network area reduces network

performance and leaves an opening for any hacker smart enough to discover where the access point is

transmitting.

This is an invitation for a man-in-the-middle attack, as described in the previous section. To perform this type of

attack, the hacker has to be physically close to your network. So, monitoring both your network and your property

is important. Furthermore, if you are suspicious of unauthorized network traffic, most wireless products come

with a log function, with which you can view activity on your network and verify if any unauthorized users have

had access.

3)Network Devices

With every wireless networking device you use, keep in mind that network settings (SSID, WEP keys, etc.) are

stored in its firmware. If they get into the hands of a hacker, so do all of your settings. So keep an eye on them.

4)Administrator passwords

Your network administrator is the only person who can change network settings. If a hacker gets a hold of the

administrator's password, he, too, can change those settings. So, make it harder for a hacker to get that

information. Change the administrator's password regularly.

Downloaded from

www.Manualslib.com

manuals search engine

52

Appendix B: Wireless Security

What Are The Risks?

Wireless-G PrintServer for USB 2.0

5)SSID

There are a few things you can do to make your SSID more secure:

a. Disable Broadcast

b. Make it unique

c. Change it often

Most wireless networking devices will give you the option of broadcasting the SSID. This is a option for

convenience, allowing anyone to log into your wireless network. In this case, however, anyone includes hackers.

So don't broadcast the SSID.

A default SSID is set on your wireless devices by the factory. (The Linksys default SSID is “linksys”.) Hackers

know these defaults and can check these against your network. Change your SSID to something unique and not

something related to your company or the networking products you use.

Changing your SSID regularly will force any hacker attempting to gain access to your wireless network to start

looking for that new SSID.

With these three steps in mind, please remember that while SSIDs are good for segmenting networks, they fall

short with regards to security. Hackers can usually find them quite easily.

6)MAC addresses

Enable MAC address filtering if your wireless products allow it. MAC address filtering will allow you to provide

access to only those wireless nodes with certain MAC addresses. This makes it harder for a hacker using a

random MAC address or spoofing (faking) a MAC address.

7)Firewalls

Once a hacker has broken into your wireless network, if it is connected to your wired network, they’ll have

access to that, too. This means that the hacker has effectively used your wireless network as a backdoor through

your firewall, which you've put in place to protect your network from just this kind of attack via the Internet.

You can use the same firewall technology to protect your wired network from hackers coming in through your

wireless network as you did for the Internet. Rather than connecting your access point to an unprotected switch,

swap those out for a router with a built-in firewall. The router will show the access point coming in through its

Internet port and its firewall will protect your network from any transmissions entering via your wireless network.

Downloaded from

www.Manualslib.com

manuals search engine

53

Appendix B: Wireless Security

What Are The Risks?

Wireless-G PrintServer for USB 2.0

PCs unprotected by a firewall router should at least run firewall software, and all PCs should run up-to-date

antiviral software.

8)WEP

Wired Equivalent Privacy (WEP) is often looked upon as a panacea for wireless security concerns. This is

overstating WEP's ability. Again, this can only provide enough security to make a hacker’s job more difficult.

WEP encryption implementation was not put in place with the 802.11 standard. This means that there are about

as many methods of WEP encryption as there are providers of wireless networking products. In addition, WEP is

not completely secure. One piece of information still not encrypted is the MAC address, which hackers can use to

break into a network by spoofing (or faking) the MAC address.

Programs exist on the Internet that are designed to defeat WEP. The best known of these is AirSnort. In about a

day, AirSnort can analyze enough of the wireless transmissions to crack the WEP key. Just like a dictionary-

building attack, the best prevention for these types of programs is by not using static settings, periodically

changing WEP keys, SSID, etc.

There are several ways that WEP can be maximized:

a) Use the highest level of encryption possible

b) Use multiple WEP keys

c) Change your WEP key regularly

Current encryption technology offers 64-bit and 128-bit WEP encryption. If you are using 64-bit WEP, swap out

your old wireless units for 128-bit encryption right away. Where encryption is concerned, the bigger and more

complex, the better. A WEP key is a string of hexadecimal characters that your wireless network uses in two

ways. First, nodes in your wireless network are identified with a common WEP key. Second, these WEP keys

encrypt and decrypt data sent over your wireless network. So, a higher level of security ensures that hackers will

have a harder time breaking into your network.

Setting one, static WEP key on your wireless network leaves your network open the threats even as you think it is

protecting you. While it is true that using a WEP key increases wireless security, you can increase it further by

using multiple WEP keys.

Keep in mind that WEP keys are stored in the firmware of wireless cards and access points and can be used to

hack into the network if a card or access point falls into the wrong hands. Also, should someone hack into your

network, there would be nothing preventing someone access to the entire network, using just one static key.

Downloaded from

www.Manualslib.com

manuals search engine