Results of a Personal Wardrive
June 07, 2004
Here's some best practices for avoiding standing out to those who would take advantage of your own lack of security.
Wi-Fi networks are becoming well-known and readily available in electronics and office supply stores. A couple of years ago you had to look hard to find wireless LAN products on store shelves. Now, there are full-length aisles full of wireless adapters and routers. With this growing popularity, lots of homes and small offices are deploying wireless LANs.
With this in mind, a couple of my staff members drove through residential and office areas while running a wireless LAN analyzer. The goal was to find out what security issues were commonly present in wireless LAN implementations in the area -- what some call a wardrive. Heres what we found:
Home WLAN Security Not to Good
After driving through a few large residential areas and capturing details from a couple hundred wireless routers and access points, we found that roughly fifty percent were not using any form of security. Of course the problem with this is that a neighbor or someone who parks in the street can easily access Internet services and retrieve files stored on the homeowners computers.
A while ago, a friend of mine living in an apartment installed a wireless LAN router (with no security) attached to a broadband Internet service. After a few months, he found that a couple of unknown users were associating with the router and using his Internet service from somewhere else within the apartment complex. He quickly implemented Wi-Fi Protected Access (WPA), which solved the problem. You could also disable SSID (service set identifier) broadcasting (if available on the unit) to limit other users from automatically gaining access.
Also, Id heard that a friend of our family bought a laptop with an integrated Wi-Fi adapter, took it home, and found it really cool that they could access the Internet wirelessly. This user, however, hadnt yet installed any routers or Internet service! Apparently, the radio card in the laptop was associating with a neighbors unsecured wireless router, which was graciously providing access.The funny thing was that this person didnt even realize that you needed any special hardware in the home to make this work. Theyd thought that the wireless connection was only enabled by the radio device in the laptop and that the connection to the Internet was magically made available. Maybe we need to educate the home crowd a bit more...
SSIDs Identify Businesses
In our drive around testing, we found that many of the homes and businesses were broadcasting the default SSID, which actually isnt too much of a problem. In most cases, the default value is the hardware vendors name (except Cisco, which uses tsunami). Some of the SSIDs found in our testing clearly indicate company names. In fact, we found several large businesses having the SSID the same as their company name. These companies were not broadcasting SSIDs, but our packet analyzer readily found the SSIDs in user association request frames.
The knowledge of the SSID alone doesnt allow access to a WLAN that employs solid authentication and encryption mechanisms. The issue is that having an SSID the same as the company name may identify a network that a hacker would rather attack than others. Id argue that its safer to have the SSID equal to the default vendor name rather than use your company name. In addition, the use of meaningless characters as the SSID draws the attention of hackers and makes them suspicious that it represents a company trying to hide themselves.
Business WLAN Security Not Much Better
In business areas, we found that the usage of wireless security was around seventy five percent. This was better than the residential areas, but there were still several rather large, well-known companies operating wireless LANs without any form of security. There was even evidence that a significant portion of these businesses were connecting their access points directly to the corporate network.
A business, especially a large one, is a bigger target for hackers wanting to either disrupt operations or steal information. Companies not implementing wireless security are certainly inviting hackers in to overhear email transmissions, access corporate data, and change network configurations.
The bottom line in homes and small offices is to secure the network with at least wired equivalent privacy (WEP). Even though WEP has weaknesses, its better than nothing. If WPA is available, use it. For larger companies, consider the use of a VPN (virtual private network) and/or 802.1X authentication.