Bolster your wireless network’s security and find out if there’s a neighbourhood Wi-Fi leech sucking your bandwidth
Turn the tables on the masked criminal looking to capture the valuable data being transferred on your wireless network.Start by grabbing these tools. InSSIDer, an open source Windows tool, is used for scanning and reporting on local wireless networks. Find the latest version at www.metageek.net/products/inssider. Wireshark is the industry standard network traffic monitor is perfect for sniffing out illegal connections. Grab it from www.wireshark.org. Now we're ready to begin.
What is wireless?
What’s usually called Wi-Fi belongs to a family of wireless networking technologies more properly called IEE 802.11.These all use the same protocol for transmitting and receiving data over short distances. Home wireless routers and hubs (commonly called a wireless access points) conform to the 802.11g variant of the specification. This uses transmission frequencies centred on 2.4GHz. Each transmission channel gives a raw data throughput of either 54 or 65 Mbits/sec depending on your equipment. However, the useful data transmission rate is more like 19 Mbits/sec – the rest of the available bandwidth being used for error correction, encryption and packet collision detection.Wireless LANs operate on one of 13 channels. If you’re getting low data transfer rates, it’s worth changing your wireless access point to use a different channel because the chances are that another network in the neighbourhood is using the same one. Using the same channel won’t cause data leakage onto other networks because each is also uniquely identified and should feature strong encryption.
Encrypt to survive
Encryption is vital in wireless networks. There are two main standards in popular use. The first, older, and decidedly less secure standard is called Wired Equivalent Privacy (WEP). The original idea behind WEP was that it would be as secure as using a wired network. However, it’s been widely known for around half a decade that if you can capture enough data packets of a secure connection, its WEP encryption can be cracked using freely available hacking tools.After cracking WEP encryption on a target network, it’s possible for a hacker to then read the login credentials required to connect to that network. After that, it’s a case of discovering and exploiting whatever vulnerabilities he finds on the network to consolidate his hold over it, possibly by deploying a keylogger to snatch identities, as well as using your computers for the storage of files he wouldn’t necessarily want on his own network. And, of course, the core aim is likely to leech your bandwidth to download undesirable content.
For this reason, WEP should no longer be used. In its place, your wireless network should support WPA (Wi-Fi Protected Access – it’s part of the 802.11g standard). This features far stronger encryption and the tools used to crack it are still either at the proof-of-concept stage or take so long to run that updating your passwords regularly will mean that your wireless network remains a very slippery target indeed.
If your network is still set up to use WEP, stop reading immediately, log into your wireless access point’s web interface, to go to the admin page and select WPA (or if available, the stronger variant WPA2) and save the configuration. Now disconnect and reconnect your computers to the network and they’ll begin using the stronger encryption. That done, let’s now explore the neighbourhood.
Network Discovery
The first task a hacker will go through when scouting for Wi-Fi targets is checking the potential networks that are in range to find the best one to attack. While you could simply use your computer’s Wi-Fi connectivity software to discover local networks, there are better tools available online that will show you far more.One such tool is the free InSSIDer from MetaGeek (www.metageek.com). After downloading, installation on a computer with a wireless network card is as simple as running the installation package and clicking Next a couple of times.
You don’t need to be a member of a wireless network to run InSSIDer. Run it and select your wireless network interface from the pull-down list at the top of the InSSIDer window. Click the Start Scanning button and the interface begins to fill with networks. At the top is a table containing a line for each network the program discovers. This contains information ranging from the wireless access point device each network uses, and the name (called the SSID) of the network, to the signal strength and the type of security used.
In the lower, larger section of the interface are real time graphs of the signal strengths of each network as they change over time. Water in the atmosphere absorbs radio waves, so if the weather’s bad, you may see lower signal strengths than on a bright, dry day. Such fluctuations in atmospheric interference will cause networks on the edge of the detectable range to occasionally pop up and disappear again.
InSSIDer shows you – and any passing ne’er do wells - exactly what’s going on in the wireless neighbourhood.As a general guide, the RSSI (received signal strength indication) column in the table is a useful measure of the distance between you and each network’s base station. This can be used to get a rough idea of whose networks you can see if they’ve not been readily identifiable from their SSID.
The SSID is the “service ser ID”. This is the user-defined name of the network. When you buy a new wireless access point, the SSID will usually be set to a default. If you leave this as it is, it gives people a good indication that little if any configuration or security work has been done. If the network is also using the insecure WEP encryption (or worse, no encryption at all), it is open to easy abuse.
InSSIDer gives you a great way to see what Wi-Fi networks are in your neighbourhood. However, if you find a network that has no protection at all, don’t be tempted to join it and leech bandwidth. It may that an incompetent neighbour has set it up and doesn’t realise that it’s open to abuse, but it may equally have been set up deliberately. It’s possible that someone may have set up a data collection utility such as Wireshark on the open network. If you connect to the network, the person who owns it will be able to see everything you do.
To Catch a Hacker
So let’s turn the tables. Let’s now use this technique to set a tricky trap for anyone in the vicinity who may fancy exploring networks and leeching bandwidth that doesn’t belong to them. It’s a technique you can use to monitor traffic on your own networks in general as well as to determine if someone’s trying to use your wireless network. The technique is one of many dubbed a ‘honeypot’ – something which looks sweet and inviting but may in fact contain hundreds of stinging bees.Honeypots are computers or even entire networks that seem to be unprotected. They’re designed to tempt hackers and malware to explore and infect them. In reality, they’re heavily monitored and protected, and some even use sophisticated software that can exactly emulate the responses to attacks generated by real computers. Researchers use them to detect new strains of malware, but we can use a honeypot wireless network to catch bandwidth leeches.
The technique involves setting up a wireless network without any protection and monitoring it for unauthorised connections. The network is physically isolated, but anyone joining it illegally won’t know that. It just looks like a juicy connection waiting to be exploited.
To set up a simple wireless honeypot, you first need a spare wireless access point for potential hackers and freeloaders to attempt to access. This is plugged into an old network hub. The hub is important because whatever traffic it receives on one port, it automatically retransmits it on all others. This doesn’t happen in a network switch, which is why we need a hub. Into another port on the hub you plug a computer running a traffic-monitoring program, begin collecting data, and wait for the fun to begin.
The monitoring program we’ll use is the industry standard, open source Wireshark. This is used by network security professionals the world over and is very easy to set up and use.
Setting the Trap
Go to the Wireshark site and download the latest Windows version. This is compatible with all supported versions of Windows form XP onwards. As with InSSIDer, installation is a simple matter of running the downloaded executable and accepting the defaults. Unlike Linux, Windows doesn’t have the ability to put its network card into “promiscuous” mode. In this mode, it will accept all traffic, thereby allowing Wireshark to monitor whatever flows past. To enable the card to be put into promiscuous mode, part of the Wireshark installation procedure will install a library called WinPcap.Once installed, run Wireshark and select your wired network interface card from the interface list. This begins a collection session. You should begin to see traffic being sent every few seconds by the wireless access point as it monitors and discovers resources, and asks who has which IP address. You’ll also see traffic from the PC upon which Wireshark runs sending traffic.
Wireshark installed. The interface is very simple to use – just select an interface and it begins collecting traffic.Test your handiwork by joining the network wirelessly from another computer. On the joining computer, open a command line and enter the command ‘ipconfig/all’. Find the wireless network card’s details in the morass of information that appears. Make a note of its IP address. If you now click the source or destination columns in Wireshark to sort the incoming information, you can easily find the traffic being generated by this IP address.
The traffic reveals a surprising amount of detail, including the machine’s name and its MAC address. If, while monitoring, you find other computers joining the network, you know someone is exploring. Their machine’s Windows name, as well as its MAC and current IP addresses, will be recorded by Wireshark.
Wireshark in the act of capturing data flowing into the honeypot from a computer that has just joined the wireless network.Change Your Defaults
Changing all the default settings for your wireless access point is, after engaging WPA or WPA2 encryption, one of the best yet simplest things you can do to remain secure.To begin, change the administration password for the access point. The default may seem obscure to you, but there are plenty of default password lists available online that will enable someone to change your configuration (and even lock you out) very easily.
Change the network name (the SSID) to something other than the default and turn off the option to broadcast it. After all, there’s no reason unauthorised computers should know anything about your network – not even the name. In Windows this should make the network appear as an unknown network.
Work your way through your wireless access point’s manual and get to know its more obscure and possibly unique security features. If your broadband connection is always on, for example, and if your access point supports restricting access by time of day, set up a schedule to prevent access between perhaps midnight and 8am when you’re not using the network.
It’s also important to learn how to reset your access point’s settings back to the factory defaults. This is important for both if you decide to sell the equipment, and also if you either forget a password or want to start again from scratch.
Generate Memorable, Strong Passwords
Strong passwords are more essential to life online than ever before, but the technology to crack them has kept pace with the rest of computer technology. Simple dictionary words are no longer considered secure, and neither is the technique of combining two short words into one.Random jumble of letters, numbers and symbols make the strongest passwords, but they’re also the easiest to forget, so here’s a technique to generate complex passwords that are also very memorable. The key is to generate them from a song you personally know well, but which no one else knows you know.
Take the initial letters from the first line or so and the resulting jumble of letters is quite random. Change the vowels to numbers (or even the symbols above the numbers on the keyboard), for even greater complexity.
Test the strength of your passwords to withstand automated cracking using Microsoft’s own online tool.If you forget your password, start with the first line of the song, convert it into a password and try it. If it doesn’t work, move onto the next, and so on. Provided you never divulge the song from which the passwords were generated, they’ll remain very difficult to crack. When it comes time to change the password, simply generate it from the next line on from the last.
MAC Address filtering
As another line of wireless defence, if your access point supports it, enable MAC address filtering. The MAC (media access control) address is a globally unique hardware address assigned to every network card on the planet. By only granting access to those computers whose MAC addresses appear on a list maintained by the wireless access point, you can make it far more difficult for would-be hackers.To find the MAC address of a Windows computer, open a command line and enter the command ‘ipconfig/all’. This lists the details of all network cards, both wired and wireless. The MAC address is in the form nn-nn-nn-nn-nn-nn, where each ‘nn’ is a pair of hex digits, and is called the physical address. An example would be 00-71-45-32-A4-F7. In Linux, the command iwconfig will give you details of the wireless network card.
You may need to look through the manual for your wireless access point to find out how to enable MAC filtering and how to enter MAC addresses, but once done, only your computers should be able to join your wireless network.
There are several sneaky tools that will enable a hacker to spoof his MAC address, but they rely on being able to gain access to traffic to find an existing, authorised MAC address. In a domestic environment, hackers with so much knowledge shouldn’t be a worry.
For More Check Related Links :
0 comments:
Post a Comment