| > | | | | and we spent the next hour or so configuring his |
| | | | laptop securely, starting with securing his |
| As a network security consultant, I travel quite | | | | computers local administrator account. At one |
| frequently. At times, it seems like the airport is | | | | point during the configuration, he made the |
| my second home. I actually like to fly, it's a | | | | statement that I got real lucky because his local |
| moment in time where no one can reach me by | | | | admin account did not have a password. My |
| e-mail, or mobile phone. | | | | response to him was, I get lucky quite often. |
| It never fails that something interesting happens | | | | Who Else Has Your Client List |
| to me at the airport. I've even met some famous | | | | Just think of the possibilities. What do you have to |
| people during my travels. A few months ago, I | | | | lose if someone is able to just peruse the files |
| ran into Frank Bielec, from the TLC show, Trading | | | | and data on your laptop? Do you maintain your |
| Spaces. But one of my favorite things to do at | | | | customer list on your laptop (Do you want this in |
| the airport is browse the wireless Ethernet | | | | the hands of a competitor)? How about your |
| waves. I'm never really surprised at what I find. | | | | personal finances (Identity theft ring a bell)? So |
| I'm just glad I know more about wireless | | | | many people I talk to initially say, "I really don't |
| Ethernet than the average road warrior. | | | | have anything of great importance on this |
| The Dangers Of Ad-Hoc Wireless Networking | | | | system". Then they think a little bit and start |
| Most people who have wireless Ethernet at home, | | | | rattling of things they never really thought about |
| or the office, connect to the wireless network by | | | | before. All of a sudden, they get concerned. |
| attaching to a wireless Access Point, or AP. This | | | | The fact is, whether it be "Infrastructure Mode", |
| method of wireless networking is called | | | | or "Ad-Hoc" wireless Ethernet communications, if |
| "Infrastructure Mode". If you have a secure | | | | not properly configured and secured, can pose a |
| wireless network configured in "Infrastructure | | | | significant risk. There are thousands of articles on |
| Mode" you are using MAC address filtering, some | | | | the Internet about the dangers of improperly |
| level of encryption, and have made some | | | | configured wireless networks, yet the number of |
| additional changes to your AP in order to prevent | | | | unsecured networks seems to be getting greater, |
| just anyone from using it or capturing data. For | | | | not less. |
| more information on configuring your | | | | Strength And Posture Does Reduce Your Risks |
| "Infrastructure Mode" wireless network take a | | | | Keep in mind that your objective should be to |
| look at the "Wireless Network Security" page at | | | | reduce the chances that you will become a target |
| Defending The Net. | | | | for computer compromise. When I was growing |
| However, for those who are not using | | | | up in South Philadelphia, I remember my father |
| "Infrastructure Mode", and are configured to | | | | telling me that when you walk down the street, |
| communicate from machine to machine, or | | | | especially in the evening, to walk tall, and project |
| "Ad-Hoc", there are a few things you should be | | | | a position of strength and authority. Why, |
| aware of. | | | | because thugs typically pick out those who look |
| A wireless Ad-Hoc network allows you to | | | | like an easy target. The same thing goes for |
| communicate with other wireless Ethernet | | | | computer security. Reduce the risks of becoming |
| systems without using a wireless access point. It's | | | | a target buy configuring your system with a |
| kind of a peer to peer configuration and it works | | | | strong security policy. |
| rather well. The problem is, most people just set | | | | When I perform security assessments, I create a |
| it up, and forget about it. At home, it's not a huge | | | | list of potential targets, and potential methods of |
| problem, but when your on the road, it could | | | | compromise. I then prioritize that list by which |
| cause you a great deal of grief. The airport is | | | | system, with a particular vulnerability, may be |
| probably the best place to find Ad-Hoc networks. | | | | easiest to compromise. Those at the bottom of |
| Business men and women, delayed once again, | | | | the list typically never come on my radar screen; |
| power up their laptops and get to work | | | | the best scenario it to keep of the radar |
| completing the days tasks, or planning tomorrows | | | | altogether. |
| agendas. | | | | Conclusion |
| I can't tell you how many systems I find in the | | | | If your are using wireless Ethernet, no matter |
| airport configured this way. Not just in the | | | | what configuration, follow a few rules and keep |
| terminal, but on the plane. About three months | | | | yourself secure against most common types of |
| ago, just after we reached cruising altitude and | | | | compromise. |
| were allowed to use our "approved electronic | | | | 1. Above all, make sure all your user accounts |
| devices", I found that the gentleman two seats | | | | have strong passwords, especially those that |
| up from me had a laptop configured as Ad-Hoc. | | | | have administrative control over your system; |
| He walked by me about ten minutes later and | | | | 2. Configure your wireless network to use some |
| commented on how much he liked my laptop. I | | | | sort of encryption. I know there is a lot of |
| thanked him, and asked if his laptop was on, and | | | | concern about the "crackability" of WEP, but if this |
| configured to use wireless Ethernet, he said yes. | | | | is all you have to work with, and then use it. It is |
| To make a long story short, I showed him that I | | | | still helpful; |
| could see his laptops wireless Ethernet and | | | | 3. If possible, use MAC addresses filtering to |
| informed him of the danger. He asked me if I | | | | restrict unwanted systems from attaching to |
| could access his hard drive, and I told him that it | | | | your wireless network; |
| might be possible. He asked me to see if I could, | | | | 4. Make sure the firmware for your AP's and |
| so I obliged. After configuring my laptop to use | | | | wireless Ethernet cards are up to date. These |
| the same IP address class as his, and typing "net | | | | updates can be found on your card or AP's |
| use * hiscomputersIPAddressc$ "" | | | | support site. |
| USER:administrator", I received a notice that the | | | | Remember, if you are compromised over your |
| connection was successful and drive Z: was now | | | | wireless network it can be near impossible to |
| mapped to his computer. I performed a directory | | | | track down where the attack came from. Worse |
| listing of his hard drive and the guy almost had a | | | | yet, think about how many systems become |
| heart attack! | | | | compromised, and no one ever knows it? |
| After this, he moved up to the seat next to mine | | | | |