Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Top 10 tips to stop wireless hackers/crackers

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool Top 10 tips to stop wireless hackers/crackers

    Recent surveys have revealed the increasing threat of hackers getting access to wireless local area networks (WLANs).
    This type of hacking activity is also known as "drive-by" hacking. Attacks come from hackers driving around in dense WLAN areas, such as the City of London, with home-made code cracking kits looking for vulnerable wireless networks.


    silicon.com has teamed up with wireless security consultancy Orthus, to put together the 10 best tips to keep those drive-by hackers at bay.

    1. Use directional antennae to avoid excessive spreading of the signal. Signals can emanate many hundreds of feet!

    2. Change the default password on the access point (AP). As most freeware scanning software can quickly suss out the default password it is vital that the password is changed.

    3. Always use wired equivalent privacy (WEP). While WEP is not automatically secure it does at very least act as a barrier.

    4. Ensure the WLAN is on a separate network or firewalled interface. Treat the WLAN as a semi-untrusted network.

    5. Install a personal firewall on all systems using WiFi (The wireless protocol). Many new laptops are being shipped with inbuilt WiFi cards which means your system may be remotely accessible without the protection of firewall.

    6. Perform regular external WLAN audits with a scanning tool. Check for the introduction of unauthorised APs to the network.

    7. Perform regular internal WLAN audits. Additionally, check for the introduction of unauthorised wireless cards and APs that maybe used for illegal file sharing.

    8. Administration of wireless networks is important! Administration should be conducted via secure encrypted sessions. Make sure you are using SSL (secure socket layer) and VPN authenticated sessions that protect the administrator password when doing this.

    9. Maintain audit logs of who is using the WLAN. Audit them regularly to identify unauthorised access and internal abuse of the network.

    10. Assess the information passing over the wireless networks. Consider the sensitivity and lifetime of data passing over the wireless network. Is it covered by the Data Protection Act?
    And remember - wireless networks should always be treated as public networks!

    Source: http://www.xatrix.org/modules.php?op...thread&order=1

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    657

    Thumbs up

    very nice post on something very important that we dont hear enough about

    thanx s0nic , id give u positive points but i have to spread them around first


    _NetSyN_
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    useful info s0nIc.
    Trappedagainbyperfectlogic.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    657
    God this crap is getting on my nervous , i say this is a nice post and i like it and its a important topic and i get negative points stateing
    "It was not a nice post, it was someone else's article"

    Christ grow the hell up!

    quit acting like little children when it comes to using the anti point system!

    THE ANTI-POINT SYSTEM IS TO SHOW THE DIFFERNCE BETWEEN GOOD USERS AND BAD USERS (in short)
    HOW THE HELL IS ME COMPIMENTING SOMEONE ON THEIR POST MAKING ME A BAD USER?!

    bluntly put
    GROW THE F UP!

    _NetSyN_
    [shadow]i have a herd of 1337 sheep[/shadow]
    Worth should be judged on quality... Not apperance... Anyone can sell you **** inside a pretty box.. The only real gift then is the box..

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    It does neglect to say anything about VPNs except that you should administer the WAPs by it and SSl. How about running your clients through a VPN when they are on the WLAN??
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Senior Member
    Join Date
    Jan 2002
    Posts
    244
    I agree with NetSyn!
    Almost all the info shared at AntiOnline isn t infented during the writing of a post!
    There is no mistake about it,sharing good info from third sorces[online info,books,radio/tv or other]is no anti-point worth!
    Someones cheers/anger/miscontent about a post[good/bad]should never be awarded with pos/neg points.



    At your serves.[Pim Fortuyn]
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Static WEP can be broken relatively easily.

    I would recommend using Kerberos for authentication. In deploying Kerberos, you can set an expiry on each encryption key.

    Having dynamic WEP keys (rotating every few minutes) drastically reduces all vulnerabilities associated with WEP encryption.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  8. #8
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    lol i guess some people dont get the idea of Computer Security... its not about who is the author of the post or not.. what matters if the contents are important or not. And i would understand if you dislike the post coz its not mine and for the fact that IM CLAMING ITS MINE. but im not, as you could see i posted the source. I see some of us here dont know the true spirit in computer security... Its all about securing your boxes and gettint the right information on how to secure it. remember.. this IS a security site, not an "article originality marathon". If i read something important and i think that others should know, I post it. I share it. thats what its all about. And clearly if you want to read something original go read my tutorials coz they are as original as they can get.

    You cant handle the heat, stay out of the kitchen. Coz i will not withdraw information just because its not mine... the people has the right to know. Right now there are people out there with their Wireless network secured because of this post, because they RELY on AO to give them useful information. Isnt that what this site is all about? Helping in contributing Computer Security..

    Like NetSyn, he didnt care if the article was originally mine, what he cared was what was in the article, its contents. And he found it useful, and he is grateful. there is nothing bad about that... This isnt a damn poetry site, its a Computer Security site. so wake up neo...

  9. #9
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    It does neglect to say anything about VPNs except that you should administer the WAPs by it and SSl. How about running your clients through a VPN when they are on the WLAN??
    interesting point there.. probably the reason is because VPNs are kind of GENERAL.. targeting and isolating security flaws would take some time.. but dont worry, im working on it. Ill compile a document form for VPN Security and post it here. hopefully some of you can download it. but thanks for pointing that out Korp.. im on it.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    119
    that happened these days at CEBIT -one of the biggest computer trades in the world:


    Wireless LANs in Abundance


    Wireless LANs in Abundance

    In accordance with their previous announcements MobilCom and Cisco are offering free wireless LAN access at the international CeBIT IT trade fair, which is currently taking place in the northern German city of Hanover. But not only they are making such offers -- many exhibitors are running their own wireless networks; these are unprotected and thus more or less intrude upon the attention of visitors that have brought their WLAN notebooks along.

    Members of the WaveHan project in cooperation with c't magazine have taken a look around the trade fair and in doing so have brought to light a number of astonishing facts. In Hall No.1 alone they discovered 108 different wireless networks, of which less than a third were encrypted. The majority of WLANs are configured in such a manner that one is assigned an address automatically, thus gaining free access to the Internet on the spot -- and, what is more, at times at an astonishing level of quality: Transmission speeds of 280 Kbytes/s are likely to make even DSL-spoilt surfers envious.

    As if these unintended free offers were not enough these radio networks were also frequently transparently linked to the cable-based LANs of the exhibitors with their demo computers and servers. In the streams of data our network sniffer detected, above all, calls for web pages, but also e-mails (IMAP), Telnet sessions and SMB Windows-data-clearance packages.

    One less than radiant example among many was Intel, part of a web presentation of which was on air. Even next to the stand of a firm whose standard boldly bears a "Wireless Security" motto we found an open network. The SAP stand, on the other hand, showed that this need not be the case: Here the wireless networks were WEP encoded at least. This encryption too can be decrypted, but to do so an assailant would have to eavesdrop on network transmissions for several hours first. At least one exhibitors is playing it safe and is running a wireless LAN with IPSec.

    One can only hope that the exhibitors' stands' systems do not contain sensitive data. That every employee at the stands who chances to be reading or writing an e-mail happens to be aware of the fact that the CeBITĀ“s ether just may be listing in is doubtful.
    it's amazing how stupid some companies are!!
    the only thing that doesn\'t change is everything will always change.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •