 |
|
|
|
|
 |
CertiGuide to Security+ 9 Chapter 2: Communication Security (Domain 2.0; 20%) 9 2.6 Wireless 9 2.6.4 Vulnerabilities |
|
Unauthorized Access
As mentioned earlier, unauthorized access to wireless LANs is a significant issue.
One thing you can do is use hardware that allows you to specify the MAC addresses of devices allowed to have access to the network. Networks that are large enough to make pre-enrolling MAC addresses impractical should look at a VPN (How a VPN works is described in Encryption) before the connection to a wireless network. Options such as the Cisco Aironet utilize the Cisco Lightweight Extensible Authentication Protocol (LEAP) to ensure mutual authentication between wireless clients. This includes a back end RADIUS server, dynamic WEP keys, and changes the Initialization Vector (IV) on a per packet basis. Vendors such as Fortresstech offer products such as Airfortress251 that is placed between the Wired Access Point and the rest of the network. Other vendors have updated drivers for their wireless offerings to improve security on existing products.
Not worried enough about unauthorized access by “war-driving”252 users with Pringles can antennas? Let us tell you about a few more tools used by that crowd.
Netstumbler is a free windows-based wireless sniffer that looks for a SSID being broadcast. Note that, as we mentioned earlier, you must have the correct SSID to join a wireless network. Netstumbler is useful for finding the rogue access point that was set up without thinking of the ramifications. Additionally, a Linux based sniffer called Kismet is totally passive and can find a wireless network without revealing itself in the process. It is also able to capture data from signals too weak to fully participate in a wireless LAN. Kismet was created to work hand-in-glove with the free protocol analyzers such as Ethereal253 for Windows or tcpdump254 for Linux or Windows. Ethereal does an incredible job in many ways. As an example, check out their site255 to see how easy it is to see email messages.
Remember virtually everything needs to be watched for vulnerability. While suggesting tcpdump in the preceding paragraph, rapid7 found a hole in it256.
With so many sites running open wireless networks, it can be difficult for a busy war-driver to remember all the sites they have found. Kismet solves this issue by adding support for GPSDrive257 to map all the sites found. If you don’t have the time to try all this yourself, the creator of Kismet has done a great job of showing how all this can work together. Just point your browser to the footnote258.
__________________
251. http://www.fortresstech.com/AirFortress%20Overview.htm
252. http://www.nwfusion.com/columnists/2002/0902schwartau.html
253. http://www.ethereal.com
254. http://www.tcpdump.org
255. http://www.ethereal.com/introduction.html#screens
256. http://www.rapid7.com/advisories/R7-0017.html
257. http://www.kraftvoll.at/software
258. http://www.kismetwireless.net/screenshot.shtml
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.