Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking
by Darren Miller
Published on this site: May 5th, 2005 - See
more articles from this month...
Airport Menace: The Wireless Peeping Tom
As a network security consultant, I travel quite frequently. At
times, it seems like the airport is my second home. I actually like
to fly, it's a moment in time where no one can reach me by e-mail,
or mobile phone.
It never fails that something interesting happens to me at the
airport. I've even met some famous people during my travels. A few
months ago, I ran into Frank Bielec, from the TLC show, Trading
Spaces. But one of my favorite things to do at the airport is browse
the wireless Ethernet waves. I'm never really surprised at what
I find. I'm just glad I know more about wireless Ethernet than the
average road warrior.
The Dangers Of Ad-Hoc Wireless Networking
Most people who have wireless Ethernet at home, or the office, connect
to the wireless network by attaching to a wireless Access Point,
or AP. This method of wireless networking is called "Infrastructure
Mode". If you have a secure wireless network configured in
"Infrastructure Mode" you are using MAC address filtering,
some level of encryption, and have made some additional changes
to your AP in order to prevent just anyone from using it or capturing
data. For more information on configuring your "Infrastructure
Mode" wireless network take a look at the "Wireless Network
Security" page at Defending The Net.
Links
http://www.defendingthenet.com/..Security.htm
However, for those who are not using "Infrastructure Mode",
and are configured to communicate from machine to machine, or "Ad-Hoc",
there are a few things you should be aware of.
A wireless Ad-Hoc network allows you to communicate with other
wireless Ethernet systems without using a wireless access point.
It's kind of a peer to peer configuration and it works rather well.
The problem is, most people just set it up, and forget about it.
At home, it's not a huge problem, but when your on the road, it
could cause you a great deal of grief. The airport is probably the
best place to find Ad-Hoc networks. Business men and women, delayed
once again, power up their laptops and get to work completing the
days tasks, or planning tomorrows agendas.
I can't tell you how many systems I find in the airport configured
this way. Not just in the terminal, but on the plane. About
three months ago, just after we reached cruising altitude
and were allowed to use our "approved electronic devices",
I found that the gentleman two seats up from me had a laptop
configured as Ad-Hoc. He walked by me about ten minutes later
and commented on how much he liked my laptop. I thanked him,
and asked if his laptop was on, and configured to use wireless
Ethernet, he said yes.
To make a long story short, I showed him that I could see his laptops
wireless Ethernet and informed him of the danger. He asked me if
I could access his hard drive, and I told him that it might be possible.
He asked me to see if I could, so I obliged. After configuring my
laptop to use the same IP address class as his, and typing "net
use hiscomputersIPAddressc$ "" /USER:administrator",
I received a notice that the connection was successful and drive
Z: was now mapped to his computer. I performed a directory listing
of his hard drive and the guy almost had a heart attack!
After this, he moved up to the seat next to mine and we spent the
next hour or so configuring his laptop securely, starting with securing
his computers local administrator account. At one point during the
configuration, he made the statement that I got real lucky because
his local admin account did not have a password. My response to
him was, I get lucky quite often.
Who Else Has Your Client List
Just think of the possibilities. What do you have to lose
if someone is able to just peruse the files and data on your
laptop? Do you maintain your customer list on your laptop
(Do you want this in the hands of a competitor)? How about
your personal finances (Identity theft ring a bell)? So many
people I talk to initially say, "I really don't have
anything of great importance on this system". Then they
think a little bit and start rattling of things they never
really thought about before. All of a sudden, they get concerned.
The fact is, whether it be "Infrastructure Mode", or
"Ad-Hoc" wireless Ethernet communications, if not properly
configured and secured, can pose a significant risk. There are thousands
of articles on the Internet about the dangers of improperly configured
wireless networks, yet the number of unsecured networks seems to
be getting greater, not less.
Strength And Posture Does Reduce Your Risks
Keep in mind that your objective should be to reduce the chances
that you will become a target for computer compromise. When
I was growing up in South Philadelphia, I remember my father
telling me that when you walk down the street, especially
in the evening, to walk tall, and project a position of strength
and authority. Why, because thugs typically pick out those
who look like an easy target. The same thing goes for computer
security. Reduce the risks of becoming a target buy configuring
your system with a strong security policy.
When I perform security assessments, I create a list of potential
targets, and potential methods of compromise. I then prioritize
that list by which system, with a particular vulnerability, may
be easiest to compromise. Those at the bottom of the list typically
never come on my radar screen; the best scenario it to keep of the
radar altogether.
Conclusion
If your are using wireless Ethernet, no matter what configuration,
follow a few rules and keep yourself secure against most common
types of compromise.
- Above all, make sure all your user accounts have strong
passwords, especially those that have administrative control
over your system;
- Configure your wireless network to use some sort of encryption.
I know there is a lot of concern about the "crackability"
of WEP, but if this is all you have to work with, and then
use it. It is still helpful;
- If possible, use MAC addresses filtering to restrict
unwanted systems from attaching to your wireless network;
Make sure the firmware for your AP's and wireless Ethernet
cards are up to date. These updates can be found on your
card or AP's support site.
Remember, if you are compromised over your wireless network it
can be near impossible to track down where the attack came from.
Worse yet, think about how many systems become compromised, and
no one ever knows it?
Darren Miller is an Information Security Consultant with
over sixteen years experience. He has written many technology &
security articles, some of which have been published in nationally
circulated magazines & periodicals. Darren is a staff writer
for www.defendingthenet.com and several other e-zines. If you would
like to contact Darren you can e-mail him at [email protected]
or [email protected].
If you would like to know more about computer security please visit
us at http://www.defendingthenet.com.
If someone you know has sent you this article, please take a moment
to visit our site and
register for the free newsletter at
http://www.defendingthenet.com/subscribe.htm.
|