Airport Menace: The Wireless Peeping Tom
----------------------------------------
As a network security consultant, I travel quite frequently.
At times, it seems like the airport is my second home. I
actually like to fly, it's a moment in time where no one can
reach me by e-mail, or mobile phone.
It never fails that something interesting happens to me at
the airport. I've even met some famous people during my
travels. A few months ago, I ran into Frank Bielec, from the
TLC show, Trading Spaces. But one of my favorite things to
do at the airport is browse the wireless Ethernet waves. I'm
never really surprised at what I find. I'm just glad I know
more about wireless Ethernet than the average road warrior.
The Dangers Of Ad-Hoc Wireless Networking
-----------------------------------------
Most people who have wireless Ethernet at home, or the
office, connect to the wireless network by attaching to a
wireless Access Point, or AP. This method of wireless
networking is called "Infrastructure Mode". If you have a
secure wireless network configured in "Infrastructure Mode"
you are using MAC address filtering, some level of
encryption, and have made some additional changes to your AP
in order to prevent just anyone from using it or capturing
data. For more information on configuring your
"Infrastructure Mode" wireless network take a look at the
"Wireless Network Security" page at Defending The Net.
Links
-----
http://www.defendingthenet.com/WirelessNetworkSecurity.htm
However, for those who are not using "Infrastructure Mode",
and are configured to communicate from machine to machine,
or "Ad-Hoc", there are a few things you should be aware of.
A wireless Ad-Hoc network allows you to communicate with
other wireless Ethernet systems without using a wireless
access point. It's kind of a peer to peer configuration and
it works rather well. The problem is, most people just set
it up, and forget about it. At home, it's not a huge
problem, but when your on the road, it could cause you a
great deal of grief. The airport is probably the best place
to find Ad-Hoc networks. Business men and women, delayed
once again, power up their laptops and get to work
completing the days tasks, or planning tomorrows agendas.
I can't tell you how many systems I find in the airport
configured this way. Not just in the terminal, but on the
plane. About three months ago, just after we reached
cruising altitude and were allowed to use our "approved
electronic devices", I found that the gentleman two seats up
from me had a laptop configured as Ad-Hoc. He walked by me
about ten minutes later and commented on how much he liked
my laptop. I thanked him, and asked if his laptop was on,
and configured to use wireless Ethernet, he said yes.
To make a long story short, I showed him that I could see
his laptops wireless Ethernet and informed him of the
danger. He asked me if I could access his hard drive, and I
told him that it might be possible. He asked me to see if I
could, so I obliged. After configuring my laptop to use the
same IP address class as his, and typing "net use *
hiscomputersIPAddressc$ "" /USER:administrator", I
received a notice that the connection was successful and
drive Z: was now mapped to his computer. I performed a
directory listing of his hard drive and the guy almost had a
heart attack!
After this, he moved up to the seat next to mine and we
spent the next hour or so configuring his laptop securely,
starting with securing his computers local administrator
account. At one point during the configuration, he made the
statement that I got real lucky because his local admin
account did not have a password. My response to him was, I
get lucky quite often.
Who Else Has Your Client List
-----------------------------
Just think of the possibilities. What do you have to lose if
someone is able to just peruse the files and data on your
laptop? Do you maintain your customer list on your laptop
(Do you want this in the hands of a competitor)? How about
your personal finances (Identity theft ring a bell)? So many
people I talk to initially say, "I really don't have
anything of great importance on this system". Then they
think a little bit and start rattling of things they never
really thought about before. All of a sudden, they get
concerned.
The fact is, whether it be "Infrastructure Mode", or
"Ad-Hoc" wireless Ethernet communications, if not properly
configured and secured, can pose a significant risk. There
are thousands of articles on the Internet about the dangers
of improperly configured wireless networks, yet the number
of unsecured networks seems to be getting greater, not less.
Strength And Posture Does Reduce Your Risks
-------------------------------------------
Keep in mind that your objective should be to reduce the
chances that you will become a target for computer
compromise. When I was growing up in South Philadelphia, I
remember my father telling me that when you walk down the
street, especially in the evening, to walk tall, and project
a position of strength and authority. Why, because thugs
typically pick out those who look like an easy target. The
same thing goes for computer security. Reduce the risks of
becoming a target buy configuring your system with a strong
security policy.
When I perform security assessments, I create a list of
potential targets, and potential methods of compromise. I
then prioritize that list by which system, with a particular
vulnerability, may be easiest to compromise. Those at the
bottom of the list typically never come on my radar screen;
the best scenario it to keep of the radar altogether.
Conclusion
----------
If your are using wireless Ethernet, no matter what
configuration, follow a few rules and keep yourself secure
against most common types of compromise.
1. Above all, make sure all your user accounts have strong
passwords, especially those that have administrative control
over your system;
2. Configure your wireless network to use some sort of
encryption. I know there is a lot of concern about the
"crackability" of WEP, but if this is all you have to work
with, and then use it. It is still helpful;
3. If possible, use MAC addresses filtering to restrict
unwanted systems from attaching to your wireless network;
4. Make sure the firmware for your AP's and wireless
Ethernet cards are up to date. These updates can be found on
your card or AP's support site.
Remember, if you are compromised over your wireless network
it can be near impossible to track down where the attack
came from. Worse yet, think about how many systems become
compromised, and no one ever knows it?
About The Author
----------------
Darren Miller is an Information Security Consultant with
over sixteen years experience. He has written many technology
& security articles, some of which have been published in
nationally circulated magazines & periodicals. Darren is a
staff writer for http://www.defendingthenet.com and several other
e-zines. If you would like to contact Darren you can e-mail
him at Darren.Miller@ParaLogic.Net or
DefendTheNet@ParaLogic.Net.