|
-
October 6th, 2003, 07:54 AM
#1
Secure your wireless network
Secure your wireless Network
A lot of people these days are setting up wireless networks in their homes and at the work place. because it is quicker and easier than spending a few days or an entire afternoon running cat5 cable through walls and ripping up the carpet just so they can have internet access in other rooms. so a quick and easy solution to it is setting up a wireless network but most computer users don’t even bother thinking about securing it. Most users think that it is secure when they take it out of the box and hook it up and that they don't have to do anything to it . they are the ones who attackers love to find and take advantage of. I hope that what is written here will make you more aware of the security risks when setting up your network and how to make it more secure
To start out you will have to do the following things
Ban rogue access points If you have an Access Point that is currently connected to your home network, check to see if you were the one who put it in there and it is also a real good idea to check it periodically to make sure nothing has been added that you don‘t want or need to be on there.
Limit access rights While not everyone in your home will need to have a wireless card in their computer(s) Once you know who should have access to the access point, set it to only allow access with authorized MAC addresses only. Any resourceful person can spoof the MAC address quite easily
Use 128-bit WEP Using encryption is better than using nothing at all. Cracking the WEP (Wired Equivalent Privacy) security protocol is an added obstacle that the skilled attacker has to get through in order to gain access to your network. For the casual wardriver will just move on and not bother trying to crack the wep or try to access your network
Control your broadcast area Some security officers think that if the ap is away from streets or up on a high floor they will be safe from trespassers but being up on tall buildings or on a hill top they still can detect your network The only way to decrease the risks of your access point from being picked up by someone who is wardriving. is to use a wireless access point that will let you adjust the signal strength and adjust the signals direction. The first thing you will want to do is place your Access Point as far away as possible from any exterior walls and windows. The next step is to adjust the signal strength so that you barely get a connection near the exterior walls and windows. The less signal strength that you get at the windows and walls. The less likely someone will be able to pick it up from outside keep this in mind though that this really isn't enough to prevent someone from picking up the signal.
Limit the number of user addresses If you don't have many users that need to have wireless access the smart thing to do is limit the maximum number of DHCP addresses that the network can assign, just allowing just what you need is enough for the users you currently have and if everyone that is authorized in the group tries to connect and some can't connect, that will tell you that there is a few unauthorized log-ons on your network
Use the SSIDS wisely. Changing the default Service Set Identifiers for your Access Points will make the attackers attempt to get into your network a bit harder and more time consuming, and another thing don't use anything that will give an attacker any useful information as a example don’t use your home address the less information the attacker has the more likely he/she will move on to another target.
Lock down each AP. This is one of the things that most people don’t even bother doing and it makes it easy for attackers to connect to networks with out breaking a sweat because a lot of people don't even think about changing the default settings on their Access Points when they plug them in and are setting them up. changing the default administrator password will make your system more secure and make the attacker spend a little more time trying to crack the password don’t forget to use a strong password that is very hard to crack, but easy for you to rember. A few things to keep in mind when creating a password is to never use any word that is in a dictionary. the longer and complex it is the more time it will take the attacker to crack it. so use a combination of upper and lower case letters, numbers and special characters such as Ab112%&â€*æ etc
Authenticate users. Use a firewall that supports VPN (virtual private network) connections, if you are sharing your network with friends and family you should set it up so it will require them to log on as if they were dialing in remotely yes it maybe a pain in the ass but it will make it more secure in the long run.
Listed below is free software that will let you scan your wap network and help you make your wireless network more secure by fixing the problem areas.
Windows 2000,Me,xp and pocket pc
NetStumbler, mini stumbler
www.netstumbler.com
netstumbler is used to detect wireless networks around your current area
Freebsd
D-stumbler
www.dachb0den.com/projects/bsd-airtools.html
this is a wireless audit software package
AirSnort
http://airsnort.shmoo.com/
this software program recovers encryption keys
THC-WarDrive
http://www.thehackerschoice.com
use this program with a gps device to map the surrounding area.
Kismet
http://www.kismetwireless.net
Freeware wireless sniffer and monitor that passively monitors wireless traffic and sorts data to identify SSIDs, MAC addresses, channels, and connection speeds
Ethereal
http://www.ethereal.com
Freeware wireless LAN analyzer that interactively browses captured data, viewing summary and detail information for all observed wireless traffic
HostAP
http://hostap.epitest.fi
Toolkit that converts a wireless LAN user station to function as an access point. (Available for wireless LAN cards that are based on Intersil'sPrism2/2.5/3 chipset.)
WEPWedgie
http://sourceforge.net/projects/wepwedgie/
Toolkit for determining 802.11 WEP keystreams and injecting traffic with known keystreams. The toolkit also includes logic for firewall rule mapping, pingscanning, and portscanning via the injection channel
WEPCrack
http://sourceforge.net/projects/wepcrack/
Freeware encryption breaker that cracks 802.11 WEP encryption keys using the latest discovered weakness of RC4 key scheduling
AirSnarf
http://airsnarf.shmoo.com/
Soft AP setup utility that is designed to steal usernames and passwords from public wireless hotspots by confusing users with DNS and HTTP redirects from a competing AP
SMAC
http://www.klcconsulting.net/smac
Windows MAC Address Modifying Utility that allows users to change MAC address Network Interface Cards (NICs) on Windows 2000, XP, and 2003 Server systems, regardless of whether or not the manufacturer allows this option
Airjack
http://sourceforge.net/projects/airjack
Denial-of-Service tool kit that sends spoofed authentication frames to an AP with inappropriate
Air defense
www.airdefense.net
authentication algorithm and status codes. AP then drops connections with stations. Includes WLAN_JACK, Monkey_JACK, and hunter_killer
IRPAS
http://www.phenoelit.de/irpas/
Internet Routing Protocol Attack Suite designed to attack common routing protocols including CDP,DHCP, IGRP and HSRP
Ettercap
http://ettercap.sourceforge.net
Suite for Man-in-the-Middle attacks. It features sniffing of live connections and content filtering on the fly. Additionally, it supports active and passive dissection of many protocols and includes many features for network and host analysis
Cain&Abel
http://www.oxid.it
Password recovery tool that allows easy recovery
of various kinds of passwords by sniffing the network and cracking encrypted passwords using Dictionary, Brute-Force, and Cryptanalysis attacks. Decodes scrambled passwords and analyzes routing protocols
Hotspotter
www.remote-exploit.org/codes.html
Passively monitors the network for probe request frames to identify the preferred networks of clients. Acts as an access point to allow the client to authenticate and associate
WEP Attack
http://sourceforge.net/projects/wepattack/
Brute-Force WEP cracker that uses Dictionary attacks against WEP keys. Is usually very
effective against residential gateways
ASLEAP
http://asleap.sourceforge.net/
Toolkit that can recovers weak LEAP passwords,read captured files, or sniff the air. Can also actively de-authenticate users on LEAP networks, forcing them to re-authenticate
THCLeapCracker
http://www.thc.org
Toolkit that can break the Cisco LEAP authentication protocol and can also spoof challenge-packets from access points, allowing the hacker to perform Dictionary attacks against all users
DSNIFF
http://naughty.monkey.org/~dugsong/
dsniff Collection of tools for network auditing and penetration testing. Can passively spy and perform Man-in-the-Middle attacks
IKEcrack
http://ikecrack.sourceforge.net/
Authentication crack tool that can use Brute-Force or a Dictionary attack against key/password used with Pre-Shared-Key IKE authentication
Nessus
http://www.nessus.org
Remote security scanner
For a complete list of terms and definitions that are used in wireless network technologies and standards.
http://www.wireless-nets.com/glossary.htm
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote