| Airport Menace: The Wireless Peeping Tom | | | | heart attack!After this, he moved up to the seat |
| ---------------------------------------- | | | | next to mine and we |
| As a network security consultant, I travel quite | | | | spent the next hour or so configuring his laptop |
| frequently. | | | | securely, |
| At times, it seems like the airport is my second | | | | starting with securing his computers local |
| home. I | | | | administrator |
| actually like to fly, it's a moment in time where | | | | account. At one point during the configuration, he |
| no one can | | | | made the |
| reach me by e-mail, or mobile phone.It never fails | | | | statement that I got real lucky because his local |
| that something interesting happens to me at | | | | admin |
| the airport. I've even met some famous people | | | | account did not have a password. My response |
| during my | | | | to him was, I |
| travels. A few months ago, I ran into Frank | | | | get lucky quite often.Who Else Has Your Client |
| Bielec, from the | | | | List |
| TLC show, Trading Spaces. But one of my | | | | ----------------------------- |
| favorite things to | | | | Just think of the possibilities. What do you have |
| do at the airport is browse the wireless Ethernet | | | | to lose if |
| waves. I'm | | | | someone is able to just peruse the files and data |
| never really surprised at what I find. I'm just glad | | | | on your |
| I know | | | | laptop? Do you maintain your customer list on |
| more about wireless Ethernet than the average | | | | your laptop |
| road warrior.The Dangers Of Ad-Hoc Wireless | | | | (Do you want this in the hands of a competitor)? |
| Networking | | | | How about |
| ----------------------------------------- | | | | your personal finances (Identity theft ring a bell)? |
| Most people who have wireless Ethernet at | | | | So many |
| home, or the | | | | people I talk to initially say, "I really don't have |
| office, connect to the wireless network by | | | | anything of great importance on this system". |
| attaching to a | | | | Then they |
| wireless Access Point, or AP. This method of | | | | think a little bit and start rattling of things they |
| wireless | | | | never |
| networking is called "Infrastructure Mode". If you | | | | really thought about before. All of a sudden, they |
| have a | | | | get |
| secure wireless network configured in | | | | concerned.The fact is, whether it be |
| "Infrastructure Mode" | | | | "Infrastructure Mode", or |
| you are using MAC address filtering, some level | | | | "Ad-Hoc" wireless Ethernet communications, if |
| of | | | | not properly |
| encryption, and have made some additional | | | | configured and secured, can pose a significant |
| changes to your AP | | | | risk. There |
| in order to prevent just anyone from using it or | | | | are thousands of articles on the Internet about |
| capturing | | | | the dangers |
| data. For more information on configuring your | | | | of improperly configured wireless networks, yet |
| "Infrastructure Mode" wireless network take a | | | | the number |
| look at the | | | | of unsecured networks seems to be getting |
| "Wireless Network Security" page at Defending | | | | greater, not less.Strength And Posture Does |
| The Net.Links | | | | Reduce Your Risks |
| ----- | | | | ------------------------------------------- |
| for those who are not using "Infrastructure | | | | Keep in mind that your objective should be to |
| Mode", | | | | reduce the |
| and are configured to communicate from | | | | chances that you will become a target for |
| machine to machine, | | | | computer |
| or "Ad-Hoc", there are a few things you should | | | | compromise. When I was growing up in South |
| be aware of.A wireless Ad-Hoc network allows | | | | Philadelphia, I |
| you to communicate with | | | | remember my father telling me that when you |
| other wireless Ethernet systems without using a | | | | walk down the |
| wireless | | | | street, especially in the evening, to walk tall, and |
| access point. It's kind of a peer to peer | | | | project |
| configuration and | | | | a position of strength and authority. Why, |
| it works rather well. The problem is, most people | | | | because thugs |
| just set | | | | typically pick out those who look like an easy |
| it up, and forget about it. At home, it's not a | | | | target. The |
| huge | | | | same thing goes for computer security. Reduce |
| problem, but when your on the road, it could | | | | the risks of |
| cause you a | | | | becoming a target buy configuring your system |
| great deal of grief. The airport is probably the | | | | with a strong |
| best place | | | | security policy.When I perform security |
| to find Ad-Hoc networks. Business men and | | | | assessments, I create a list of |
| women, delayed | | | | potential targets, and potential methods of |
| once again, power up their laptops and get to | | | | compromise. I |
| work | | | | then prioritize that list by which system, with a |
| completing the days tasks, or planning | | | | particular |
| tomorrows agendas.I can't tell you how many | | | | vulnerability, may be easiest to compromise. |
| systems I find in the airport | | | | Those at the |
| configured this way. Not just in the terminal, but | | | | bottom of the list typically never come on my |
| on the | | | | radar screen; |
| plane. About three months ago, just after we | | | | the best scenario it to keep of the radar |
| reached | | | | altogether.Conclusion |
| cruising altitude and were allowed to use our | | | | ---------- |
| "approved | | | | If your are using wireless Ethernet, no matter |
| electronic devices", I found that the gentleman | | | | what |
| two seats up | | | | configuration, follow a few rules and keep |
| from me had a laptop configured as Ad-Hoc. He | | | | yourself secure |
| walked by me | | | | against most common types of compromise.1. |
| about ten minutes later and commented on how | | | | Above all, make sure all your user accounts have |
| much he liked | | | | strong |
| my laptop. I thanked him, and asked if his laptop | | | | passwords, especially those that have |
| was on, | | | | administrative control |
| and configured to use wireless Ethernet, he said | | | | over your system;2. Configure your wireless |
| yes.To make a long story short, I showed him | | | | network to use some sort of |
| that I could see | | | | encryption. I know there is a lot of concern |
| his laptops wireless Ethernet and informed him of | | | | about the |
| the | | | | "crackability" of WEP, but if this is all you have to |
| danger. He asked me if I could access his hard | | | | work |
| drive, and I | | | | with, and then use it. It is still helpful;3. If possible, |
| told him that it might be possible. He asked me | | | | use MAC addresses filtering to restrict |
| to see if I | | | | unwanted systems from attaching to your |
| could, so I obliged. After configuring my laptop to | | | | wireless network;4. Make sure the firmware for |
| use the | | | | your AP's and wireless |
| same IP address class as his, and typing "net use | | | | Ethernet cards are up to date. These updates |
| * | | | | can be found on |
| hiscomputersIPAddressc$ "" /USER:administrator", | | | | your card or AP's support site.Remember, if you |
| I | | | | are compromised over your wireless network |
| received a notice that the connection was | | | | it can be near impossible to track down where |
| successful and | | | | the attack |
| drive Z: was now mapped to his computer. I | | | | came from. Worse yet, think about how many |
| performed a | | | | systems become |
| directory listing of his hard drive and the guy | | | | compromised, and no one ever knows it? |
| almost had a | | | | |