Worldwide War Drive

Printable View

October 19th, 2004, 05:42 PM
MrLinus

Worldwide War Drive

Wireless security has always been somewhat of an oxymoron. Upon visiting CNN today I found this article on the issue of wardriving. It's interesting to see that there is a whole site dedicated to and encouraging those to do wardriving. You can visit Worldwide War Drive for more details and tools. :) What is worthwhile checking is the changes in statistics from the first WWD to the most recent ones. While people are using WEP they are leaving other things at default. It makes me think there is a false sense of security with WEP enabled and the fact that people are using it.
October 19th, 2004, 07:07 PM
whatthe

I found this line interesting.

"And once a bad guy finds your box, he will then follow the permissions of that laptop. And that means once he gets into your computer via your wireless router, when you plug that computer back into a VPN, tunneling back into your corporate environment, your taking the bad guy with you."

The most common response when you tell someone to increase their wireless security "What do I care is someone uses my internet access." It's so difficult (and frustrating as hell) to get people to think that the worst case scenario may actually happen.
October 20th, 2004, 06:11 AM
jdenny

While we're at it, since the author mentioned "Four steps to a secure network", disabling SSID broadcast does nothing to make an encrypted and authenticated network more secure. It's a practice of security through obscurity, and to most people, STO is a bad thing!

First, the SSID is still visible in any normal wireless traffic. Anyone prepare to break through your security can, much more easily, still see the SSID. In fact, if there is any wireless traffic, a standard XP client will show your network as an available wireless network.

Second, whether or not the SSID is broadcast, an intruder still needs to break the encryption to even see the network traffic. This is much harder (if not impossible) than discovering the SSID.

On the other hand, not broadcasting SSID will sometimes make it harder or impossible for legitimate clients to connect. In other words, it results in a DoS to your intended population!

It's not about not broadcasting SSID doesn't enhance security, but it can hurt your own usage. CMIIW.

edit/add: MAC address filtering is useless too. It's easy to spoof an authorized MAC address once you're able to sniff one.

Peace always,
<jdenny>
October 20th, 2004, 11:38 AM
MrLinus

Quote:

Second, whether or not the SSID is broadcast, an intruder still needs to break the encryption to even see the network traffic. This is much harder (if not impossible) than discovering the SSID.

Uhhh... we are talking about WEP here right? Last time I checked it could be broken using AirCrack or WEPCrack fairly easily. Or am I mistaken about this? I suppose doing the "4 steps" is helpful to a degree, the reality is that if you want to ensure your wireless is security you'll need to use some type of tunnel (e.g., SSH, VPN). Until 802.11i is fully released and widely used, wireless remains largely an unsecure environment.
October 20th, 2004, 01:02 PM
moxnix

Here is an artical on Tech Republic about securing your wap: http://techrepublic.com.com/5100-22_...tag=html.alert
October 20th, 2004, 03:28 PM
Maestr0

WEP is kiddie strength stuff for home users. In a professional environment people use real stuff like 802.1X PEAP/TTL,etc.

-Maestr0
October 20th, 2004, 03:35 PM
MrLinus

For those who want more details (and correct spelling ;) ) check out Oreilly's Technical Comparison between PEAP and TTLS. The big thing is that you have a device or server that supports it (Protected Extensible Authentication Protocol and Windows)
October 20th, 2004, 09:08 PM
Maestr0

Bah, whats one consanant among friends. :)

-Maestr0
October 22nd, 2004, 03:37 AM
jdenny

Quote:

Originally posted here by MsMittens
Uhhh... we are talking about WEP here right? Last time I checked it could be broken using AirCrack or WEPCrack fairly easily. Or am I mistaken about this? I suppose doing the "4 steps" is helpful to a degree, the reality is that if you want to ensure your wireless is security you'll need to use some type of tunnel (e.g., SSH, VPN). Until 802.11i is fully released and widely used, wireless remains largely an unsecure environment.

Yes, Aircrack and WEPCrack can break WEP. I meant all kind of wireless encryption, including PEAP/TTLS, also Cisco's LEAP which we're using in our office.

But my point was about disabling SSID in clients, which offers very little enhancement in wireless security, while it could cause connecting problem/network loss/bandwidth drops.

And the four steps as suggested by the author, basically means when there are no better security measure available, we have no choice other than to revert to security thru obscurity practice.

Peace always,
<jdenny>