IBM Counters "Drive-by Hacking" with New Software

By Clint Boulton

June 17, 2002

Big Blue researchers issue the follow-up to their wireless auditing tool for 802.11 networks.

Researchers in IBM's Hawthorne, N.Y. facility Monday said they have worked up new software that monitors 802.11 wireless networks and reports any security problems as soon as they are detected.

A true "sniffer" product that ferrets out intrusions, the Distributed Wireless Security Auditor (DWSA) runs on desktop and laptop computers, minding wireless network security. If a breach is detected, the software program lets the central back-end servers know about it.

Powered by Linux with a Windows version to come soon, the DWSA system pinpoints the location of rogue access points based on signal strength measurements by the wireless hardware on the clients. As long as at least three client machines report the signal strength of the rogue, their reports can be used by the system to calculate the access point location using the estimated ranges and geometry.

The DWSA was created to combat such malicious methodologies as drive-by hacking, in which a perpetrator can access a WLAN from a moving car, or a park bench within reasonable distance to the facility in which the network resides. Hackers can pull crucial data from insecure networks using a laptop or personal digital assistant, and then quickly be on their way.

What does this do for IT staffers? It saves them the time it would take to do manual checks for intrusive activity, which is vital because wireless networks need to be checked frequently because employees can easily add new wireless devices, which may become convenient access points for users who intend malice.

Dave Safford, manager of Global Security Analysis Lab at IBM Research, said increased popularity of 802.11 networks highlights the need for such self-diagnostic software tools.

The DWSA is a follow-up to the Wireless Security Auditor (WSA) the outfit unveiled last summer, which runs on a small wireless PDA running Linux. The WSA for LANs is used by IBM consultants to detect wireless access points that do not have the appropriate security. A set of recommendations are sent to the customer.

The wireless security tool was developed in collaboration with the IBM Personal Computing Division, which is looking in to including it in future ThinkPad models.
Originally published on .

Comment and Contribute
(Maximum characters: 1200). You have
characters left.