| Part of securing your network must include | | | | great wireless scanning program. I found my |
| looking at your wireless access points. | | | | wireless network in the list. I found the |
| Wireless access can be dangerous to your | | | | connected client and the access point, or |
| network. Most people don't even know how easy | | | | router. Then I proceeded to do a typical type |
| it is to exploit wireless access points. Let | | | | of attack on the network. Hackers need to |
| me illustrate my point. I went out one | | | | grab what's called a "packet" from a computer |
| afternoon and took my trusty laptop with me. | | | | that already has the key for the secured |
| The task this afternoon was to scan for | | | | wireless network. The hacker can then use |
| "open" wireless access points. An "open" | | | | this packet to issue responses from the |
| wireless access point is one that has | | | | router. Why is this important? This allows |
| absolutely no encryption, or security, on the | | | | the hacker to gather a tremendous amount of |
| signal. This allows anyone to listen in on | | | | data from the access point. And this finally |
| your data stream. If you still don't get it, | | | | allows the hacker to crack the WEP security |
| it's a very bad thing! So, I drove for about | | | | key. |
| 2 miles through a small business district and | | | | |
| apartment complex. What was the result? Oh, | | | | So, I went about hacking my own WEP wireless |
| about 45 open wireless networks. That means | | | | router. I "deauthenticated" my computer that |
| that I could log onto those networks, scan | | | | was already connected to the router. This |
| it, and exploit machines connected to that | | | | gave me the packet I needed for the router. |
| network. I didn't do that, but you get my | | | | Then I started sending this packet to the |
| drift. The lesson here is to encrypt your | | | | router a lot. Once I had enough data from the |
| wireless data stream. | | | | router, I then passed it to a cracking |
| | | | program. Viola, it cracked the key in about 1 |
| Some people think that choosing WEP | | | | second. After the dust had settled, I had |
| encryption offers great wireless security. | | | | cracked my WEP security in less than 30 |
| They would be wrong. Your wireless router may | | | | minutes! But would the typical user see that |
| have an option for WPA and WEP. You should | | | | I was hacking? Probably not. The only thing |
| always choose WPA security over WEP. Let me | | | | they would see is that they lost their |
| illustrate why. I set up a wireless network | | | | wireless connection for a moment. This is |
| in my home. I enabled WEP security at 128 bit | | | | when I "deauthenticated" them from the |
| encryption. That's "strong" security for WEP. | | | | network to grab the "packet" I needed. |
| I wrote down the security key and then I | | | | |
| started my test. My goal was to hack my own | | | | Remember, I had my WEP encryption set to 128 |
| WEP wireless network. I thought it was going | | | | bits. This is a high level of encryption. But |
| to be a really hard task. I was wrong. | | | | it really doesn't matter. All a hacker needs |
| | | | is a signal a little time to crack that. |
| I fired up my linux laptop. Linux is just an | | | | Remember, hackers are like house thieves. |
| alternative operating system to Windows. This | | | | They will go along the path of least |
| particular Linux distribution, or flavor of | | | | resistance. The harder your wireless signal |
| Linux, was a security edition. This gave me | | | | is to crack, the less likely you will be |
| all kinds of tools to scan for wireless | | | | hacked. They will simply move along to the |
| networks and exploit them. A typical hacker | | | | next "open" network or one with bad |
| will have all of these free tools at their | | | | encryption. Do yourself a favor, and always |
| disposal. I then fired up Kismet. Kismet is a | | | | choose WPA wireless security over WEP. |