Wireless Security Issues @ Home & Hotspotting Ernest Staats Director of Technology and Network Services (TNS) MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ [email_address] Resources available @ http://www.es-es.org/
Information Blowin' in the Wind
Wireless open by default
Wireless networks “broadcast” data into the air
Anyone can receive the broadcast
Certain steps must be taken to protect “users” of wireless networks
Wireless Basics - 802.11
2.4 GHz (no license) band
Only 3 non-overlapping channels (in theory)
CSMA-CA (50% overhead)
Half Duplex (talk then listen)
Home Wireless Issues
Not enough bandwidth (when downloading or gaming)
Updates chew-up bandwidth
Co-channel interference (Phones, Microwaves)
Old Firmware ( check for updates every quarter )
No Security or worse, they use WEP
SSID broadcast on
Raises your risk factor that someone could obtain personal information or worse
What Could Happen?
Slow down your Internet performance.
View files on your computers and spread dangerous software.
Monitor the Web sites you visit, read your e-mail and instant messages as they travel across the network, and copy your usernames and passwords.
Send spam or perform illegal activities with your Internet connection.
Changing Default Settings:
Change the Default logon password and make it long!
All defaults are known and published on the Net
http://www.phenoelit.de/dpl/dpl.html updated Jan 2007
AP Management Interface
HTTP, SNMP, Telnet
Linksys: UID=blank PW=admin
DLink: UID=admin PW=blank
Generic: UID=admin PW=admin
SNMP (disable SNMP for home use)
Change default no Open systems to WPA2 systems for home use a long passphrase
How far is your WIFI signal going? (that is called your cell size)
I can pickup wireless when I go visiting family in ID or CO by just turning on my laptop
Can’t cover whole house?
802.11N (if you like Vegas)
The Cell size is usually adjusted by the power setting
Go outside your house and see how far your wireless single is reaching you will be surprised.
Helps others identify whether or not you have left default settings on
Broadcast on by default (turn it off)
Once again with the default settings your wireless device broadcasts its name saying “my name is … connect to me
Turning off SSID cloaking is called Cloaking
Avoid naming your SSID a private or personal code (don’t make it your password or your name)
“ MAC Filtering” is where you tell your wireless device what other devices can connect to it.
A MAC address is the hardware number that is network card specific (literally burned into the network card when it is made)
Can be spoofed but is still a good option for homes
Obtaining Your MAC Address
WINDOWS NT / 2000 PROFESSIONAL or XP:
After clicking on the Start Button, click on Run.
Once a small black window appears, type in ipconfig /all (with a space between the g and the /).
Locate the number to the right of Physical Address. This is your MAC address.
Macintosh (OS X):
If your computer is running OS X, it is best to have it upgraded to at least 10.1
From the dock, select "System Preferences".
Select the "Network" Pane
With the TCP/IP tab selected, the number next to Ethernet Address is you MAC addres
On Linux systems, the ethernet device is typically called eth0. In order to find the MAC address of the ethernet device, you must first become root, through the use of su. Then, type ifconfig -a and look up the relevant info.
# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:60:08:C4:99:AA inet addr:220.127.116.11 Bcast:18.104.22.168 Mask:255.255.248.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15647904 errors:0 dropped:0 overruns:0 TX packets:69559 errors:0 dropped:0 overruns:0 Interrupt:10 Base address:0x300
The MAC address is the HWaddr listed on the first line. In the case of this machine, it is 00:60:08:C4:99:AA.
WEP – First Wireless Security
Cracked -- Any middle-schooler can crack your WEP key in short order
Harder to crack than WPA
Uses Server to Authorize User
Can be very secure
AES encryption – “Uncrackable”
Wi-Fi Protected Access ( WPA)
WPA: WPA stands for Wi-Fi Protected Access. WPA is much better than WEP; we recommend that you put at least WPA on your wireless. It has been cracked, but it takes much longer and is almost not worth the effort.
For “workgroups”, laptop carts, home users, etc.
Keep “secret” long and obscure (set a long passphrase of at least 20 random characters. Better yet, use the full 63 characters by typing a sentence you can remember—just don't make it something that's easily guessed, like a line from a movie.)
Additional weakness in social engineering the “secret”
Wi-Fi Protected Access (WPA2)
WPA2: is very effective for keeping most “normal” people off your wireless.
Changes encryption from RC4 to AES
coWPAtty v4 can attack and crack it
Some hardware may not support it
Firmware upgrade may be necessary
Use it if available
Turn It Off:
The easiest wireless security option. When you don’t need it, TURN IT OFF.
After a certain hour at night
Turn OFF access point / wireless router and your laptop’s wireless card (saves your battery life some also)
Turn off DHCP on the router or access point, set a fixed IP address range, then set each connected device to match. Use a private IP range (like 10.0.0.x) to prevent computers from being directly reached from the Internet. Assign Static IP Addresses to Devices Or Limit the number of DHCP address your router will give out
Home Wireless Summary
Change default settings -- SSID and passwords
Use WPA or (better WPA2)
Use a MAC filter
Turn off SSID broadcasting
Know how far your wireless signal is reaching
Turn off wireless when not being used for extended time periods & Turn off DHCP or limit DHCP
Disable remote administration
Update Firmware on AP and wireless cards semiannually
Secure your Home machines
Firewall (if the wireless router has a firewall option turn it on)
Auto update Windows
Common Sense (Check the “ Secure Your Laptop Section ”)
Hot Spot or Public Access
Everything you do can be observed by other people; including your email, logon and surfing.
Etherwatch (driftnet, etherpeg)
Capture and display images
Ethereal, Commview, AirMagnet…
Capture packets and display email, web pages, etc.
Data is unencrypted
Unless an application does it
Your system can be probed to see if someone can get into your laptop
Common Laptop Issues
Most laptop users leave wireless “on” all the time
Peer attack may be possible
Firewall might block
Access to shared folders or administrative share “C$”
ame or IP addressc$
Set WiFi client to “infrastructure”
Secure Your Laptop
Turn your firewall on: Start > Settings > Network Connections > Wireless Network Connection > Change Advanced Settings > Advanced Tab > Windows Firewall Settings > Select “On” > OK
BETTER YET use Another Firewall (i.e. Kerio, Jetico, or Zone Alarm)
Change Administrator password : Click Start > Control Panel > User Accounts. Ensure the Guest account is disabled. Click your Administrator User Account, and reset the password
Infrastructure Networks Only
To allow only connections to approved access points:
In Control Panel, double-click Network Connections.
In the Network Connections window, right-click Wireless Network Connection, and then click Properties.
In the Wireless Network Connection Properties dialog box, on the Wireless Networks tab, make sure that the Use Windows to configure my wireless network settings check box is selected.
Under Preferred networks, make sure that the name of the network that you want to connect to is highlighted, and then click Advanced.
In the Advanced dialog box, click Access point (infrastructure) network only, and then click Close. Click OK.
AnchorFree's Hotspot Shield , a new free software download. Install it on a Windows 2000 or XP system
Paid VPN Solutions
JiWire's SpotLock (IPSec) software.
All charge for the VPN connections they provide, and require installation of a utility on the computer.
Security Tips for Public Hotspots
Use a personal firewall
Use anti-virus software (update daily or hourly)
Update your operating system and other applications (i.e. office. adobe reader) regularly.
Turn off file sharing.
Use Web-based email that employs secure http (https) (beware of some SSL issues though)
Use a virtual private network (VPN).
Password-protect your computer and important files (make sure your administrator account has a good long password).
Encrypt files before transferring or emailing them.
Make sure you're connected to a legitimate access point.
Be aware of people around you.
Properly log out of web sites by clicking log out instead of just closing your browser, or typing in a new Internet address
TIPS for WIFI at Work
TO keep a work WIFI system so it does not drop users as they move around all vendors have some common suggestions.
Name all your AP's with the same name so if the single gets blocked by an individual standing in front of the AP or in front of another users laptop and they then get a stronger single from another work AP they do not have to re authenticate to the work wireless network.
Make sure all your AP's are on the same subnet if your are doing AD authentication.
Make sure the network is the only one listed on the preferred networks under the wireless tab of the "wireless network connection properties" on the network card adapter settings in control panel.
TIPS for WIFI at Work (cont.)
Also on the wireless tab of the "wireless network connection properties“, click on the advanced tab and:
Make sure it is set on the (Networks to Access) section to only access the Access Point also called (infrastructure) networks only
Then make sure the Automatically connect to non-preferred networks is unchecked
These steps will greatly help you only once these steps are done, and if you still have issues then turning off Windows Zero Config for WIFI might help
Use 802.1x or (better) 802.11i in offices that need secure wireless.