Hack Your Way To WLAN Security

May 1, 2003
Recent global events have emphasized the need for adequate security—both in the real world and in cyberspace. Hacking into a wireless 802.11b network is often easy. In fact, it's too easy. So how do corporate IT administrators or small-office...

Recent global events have emphasized the need for adequate security—both in the real world and in cyberspace. Hacking into a wireless 802.11b network is often easy. In fact, it's too easy. So how do corporate IT administrators or small-office home-office (SOHO) users protect their wireless networks from unwanted visitors? The answer is simple: They must step out of the bright light of respectability and into the shadowy world of the hacker. The best way to ensure that a WLAN is secure is to try to break into it. Once you know the weaknesses of your system, you will be better prepared to make an effective contingency plan. Good hacking is really just good risk assessment.

In fact, hacking by network administrators may one day become the law. A bill that is under consideration in New Hampshire's legislature states that operators of wireless networks must either secure them or lose some of their ability to prosecute anyone who gains access to the networks. House Bill 495 could effectively legalize many forms of war driving (i.e., motoring through an inhabited area while scanning for open wireless access points).

It would be wise for network administrators to hack into their own systems before someone else does. But how do hackers operate? What tools do they use? Is sheer technology enough, or is it important to plan the strategy of an attack? Before answering these questions, I'd like to offer an apology to my friends and colleagues who are hackers. I know that most hackers—like most engineers—are honest, curious, highly intelligent people. They simply enjoy the challenge of solving a complex technical problem. It doesn't matter if that problem is designing a secure network or discovering the inherent weakness in any man-made system, such as a wired or wireless network.

For the most part, hackers are neither malicious nor destructive. Instead, they're rather playful. In lieu of reformatting an unsuspecting network user's hard drive ('rm - rf/'), most of these individuals prefer to announce their presence in a friendly way ('echo giggle | wall'). Of course, some hackers do use their knowledge of technology and organizational infrastructures for criminal purposes. But don't forget: The white-collar world is full of non-hacker criminals. To obtain even more information about hackers, plan a late-night visit to the 2600 Web site (www.2600.com).

Now that these points have been stated, let's briefly consider some of the tools that are used to break into an 802.11b WLAN. First and foremost, there are detection tools. These tools fall into two main categories: active and passive detection. In the former category, a client transmits probe requests and looks for any responding networks. Probe packets contain a specific network Service Set Identifier (SSID). This identifier is used when a client tries to join a network. If an access point grants access to the client, it then transmits a probe response containing the SSID.

The active detection of 802.11b networks has a definite advantage: It doesn't require a card or a driver that's capable of RF monitor support. Yet it also has its drawbacks. The client must be within transmission range of the access point. Because this is an active detection, it also generates traceable traffic on the target network.

One of the more accessible tools for active detection is a free Windows utility called NetStumbler (www.netstumbler.com). Marius Milner wrote this 802.11b wireless-network-auditing program. For any wireless access points that it can find, NetStumbler identifies and tracks information like MAC address, WEP status, and channel.

Of course, hackers could use such a program to gain access to an unprotected wireless LAN. But responsible IT engineers also could use it to analyze their networks' capabilities. This program could help them locate WLAN dead spots and track sources of intermittent noise. In addition, tools like NetStumbler can determine where overlapping channels reduce overall performance. They also can establish the actual boundaries of a WLAN, which often reach beyond the office walls.

When used in conjunction with easily available WEP decryption tools, such as AirSnort (http://airsnort.shmoo.com/), NetStumbler and equivalent programs help to level the playing field. The wireless-network administrator or designer effectively becomes the hacker of his or her own system. What better way is there to appreciate your system's vulnerability?

Feel free to drop me an e-mail if you have any comments on the topic of WLAN security or hacking in general. I'm at [email protected].

Sponsored Recommendations

Board-Mount DC/DC Converters in Medical Applications

March 27, 2024
AC/DC or board-mount DC/DC converters provide power for medical devices. This article explains why isolation might be needed and which safety standards apply.

Use Rugged Multiband Antennas to Solve the Mobile Connectivity Challenge

March 27, 2024
Selecting and using antennas for mobile applications requires attention to electrical, mechanical, and environmental characteristics: TE modules can help.

Out-of-the-box Cellular and Wi-Fi connectivity with AWS IoT ExpressLink

March 27, 2024
This demo shows how to enroll LTE-M and Wi-Fi evaluation boards with AWS IoT Core, set up a Connected Health Solution as well as AWS AT commands and AWS IoT ExpressLink security...

How to Quickly Leverage Bluetooth AoA and AoD for Indoor Logistics Tracking

March 27, 2024
Real-time asset tracking is an important aspect of Industry 4.0. Various technologies are available for deploying Real-Time Location.

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!