ABCs of Wireless Networking

Tags:


So, you are contemplating cutting the proverbial landlocked copper wire and taking the wireless route. Is it because you want to use your laptop or pda while you are watching TV? Are you trying to prepare for a corporate presentation and the conference room isn't cabled, or are you just a propeller head who has run into a topology issue and this is the most economical solution...
Pick one and stick with it for the rest of the article...please, it'll help me...

Whether for home, SOHO, or business, I am hopeful this article will aide in your quest for wireless zen-dom; but this article is meant to focus on basic wireless security steps and in no way suggests that any implementations mentioned will protect you in all situations. Wireless usage, placement and tools will be covered in another article.

Even with the extended output range out-of-the-box wireless devices can reach, it just doesn't always work due to placement and other factors. From Corporate America to Little Johnny's room, wireless specifications and the hardware that runs them have continued to evolve into a very simple and affordable solution while providing rapid deployment, expandability, and flexibility. Yet, a few simple everyday "taken for granted things" might keep the network from running or cause problems: Cordless phones operating in the 2.4ghz frequency, the microwave (hmm popcorn), placement and positioning, what your walls are made of, how thick they are, other wireless networks, whether the antenna(s) are dipole or omni-directional, is your new fake ficas between you and the Wireless Router/Access Point, etc..

Also keep this in mind...
Between the falling costs of hardware and the proliferation of laptops, and pdas running anything from Windows XP, Linux, PocketLinux, and PocketPC variants, all anyone needs is a vehicle (maybe), one of these devices, a wireless network card connected to an antenna of various designs and strengths, maybe a GPS unit, Netstumbler/Ministumbler, Kismet, Airsnort, WEPCrack, (etc.) and poof! You have what is commonly referred to as Wardriving (or warwalking, warmowing, etc.). Wardriving is really taking off in this country thanks to the "out of the box 'defaults'", and consumers' lack of knowledge. Hence, there is this article and hundreds like it. In a normal driving day in the Nashville, TN, area it is easy to come across 30-40 open Access Points in a matter of 10-15 miles. Some in places they REALLY shouldn't be.

First things first, we will assume you have purchased the necessary hardware, comprising but not limited to: Broadband wireless router or Wireless Access Point and wireless network card or device capable of wireless networking. And we will also assume that you have these devices communicating and surfing happily. Most wireless networking gear will connect and communicate straight out of the box. This is where you get yourself into the most trouble – you leave it that way.

With that said,
You plugged your wireless router into your cable or dsl modem, inserted your wireless client of choice and fired it all up. Now you are checking out the program listings from DirectTV.com while watching DIY Network from the comfort of your deck.

Did you disable remote management on the router?
No...?
Did you change the password to the router?
No...?
Did you disable DHCP?
No...?
Did you enable a WEP key?
No...?
Did you enable MAC filtering?
No...?
Ok, well surely you changed the SSID?
No...

Hmm - Ok then...don't look now, but you are probably being VERY generous to say the least...
Odds are your next door neighbor probably has a nifty new Windows XP laptop with wireless built into it and is connecting to the internet through your broadband connection RIGHT NOW! What's worse is he might even know it.

Here's a walk through of how it works.
Some "curious" person may drive past your home or apartment and hear a beep. "Got one," he or she thinks to him/herself while checking his or her handheld or laptop. Hmm – no encryption, the SSID is "." I wonder... yup - got an IP Address - oh too easy. (Hopefully they pull over.) Ping the gateway...reply...ping yahoo.com...reply...should we?!? Nah! Keep driving... Had this been "for real" the individual could have scanned your network, found a machine or two and potentially done some real damage. This is where your imagination runs for cover!

The two basic types of wireless connections are Ad Hoc and Infrastructure modes. Infrastructure is generally the one that is used.

Ad Hoc mode network is a standalone network that consists only of a small number of wireless stations, and has no backbone infrastructure. It is generally used for small wireless-only networks consisting of wireless workstations. It is like linking two PCs directly together using a crossover cable, rather than connecting them both to a hub or switch. Because there is no Access Point, there is no way to directly bridge to another network or a fixed wiring backbone.

Infrastructure mode is for mixed wireless/wired networks or bridging to external networks. As well as wireless workstations, this mode also includes Access Points that act as a wireless hub and bridge to other networks. An Infrastructure network is a standalone network that consists only of a number of wireless stations and one or more Wireless Access Points (APs). An Infrastructure mode network links the stations together in a Wireless LAN, and the APs may also be used to bridge to other networks. Multiple Access Points are used to extend range and coverage, or to support a greater number of stations. Users can transparently roam between APs.

Remember that list of questions I asked earlier?
This is what they mean.

SSID:

  • The SSID (Service State Identifier) is an alphanumeric string up to 32 characters long. It is case-sensitive; MYNETSSID is not the same as MyNetSSID.
  • Stations must specify the correct SSID before they will be able to connect to an Access Point.
  • Normally, Access Points regularly broadcast their SSID so that wireless stations can identify available services. Turning off the broadcast of SSID does not really give you any protection as it is still transmitted with each packet.
Note: While I urge you to change the SSID, I STRONGLY recommend you do yourself a favor. If the SSID has ANY personal information about you, your family, your dog, or as an advertisement for your rock band – CHANGE IT NOW!

MAC Address filtering:

  • Most Access Points offer Access Control or MAC (Media Access Control) address filtering as a way to improve security on a Wireless LAN.
  • The idea is to specify in the Access Point a list of wireless stations that will be allowed to connect to it. Generally, it is a simple list of the 48-bit MAC (ethernet) addresses assigned to the specified Wired or Wireless NICs (Network Interface Cards) that are in use on your network. Finding the MAC addresses is generally software dependant if the NIC is already installed in your system, but all NICs and most networking hardware have their MAC addresses on a label.
  • The list needs to be replicated in each Access Point on the WLAN.

Encryption (WEP):

The WEP (Wired Equivalent Privacy) key is a binary number, normally entered as a string of hex digits, the numbers 0 through 9 and the characters A through F. i.e.: DEAD99BEEF

When WEP is enabled, the WEP key is normally used for two purposes:

  • To authenticate the wireless station to the Access Point so that only authorized users may use Access Point services. (Think of authentication as proof of identity.)
  • To encrypt wireless traffic to prevent eavesdropping. (Just like the gold lock on an encrypted webpage - the wireless traffic is encrypted.)

On some equipment, it is possible to control these functions separately:

  • Open System - allows access without authentication.
  • Shared Key - use the WEP key for authentication. (This is the one you want.)
  • Automatic - authentication will be performed if required.
This, however, is one of the weaknesses in the design of WEP. If, for example, the WEP key is discovered by an exploit in the authentication process, then the discovered key can also be used to decrypt any and all captured traffic. Our goal here is to make it as unappetizing as possible for someone to even want to try to access your systems. If "Jane Hacker" sees an encrypted Access Point, she will generally move on to your neighbor's access point.

To enable WEP encryption:

  • Select the key length [64 or 128 bit (802.11a can go as high as 156 bit)].
  • Enter at least one key of the corresponding length.
  • The WEP key length and key need to be entered (and match) on both the wireless router/access point and all of the wireless client stations.

Most WiFi compatible equipment allows the entry of multiple WEP keys (usually 4), but only one key is active or in use at any time. The only reason for entering multiple keys is to make it easier to change keys in the future just by selecting a different key number rather than entering the whole key. In theory this should support a policy of regular key rotation, but in practice most WEP keys are rarely or never changed.

Each device is different; be sure to check the settings or security pages and be logical about the selections. If in doubt, contact that manufacturer's support staff for suggestions and further explanations.

Summation for wireless zen-dom:

  1. Change your router/AP password.
  2. Change your SSID to something other than "TheSmithHome" or "default."
  3. Enable some type of encryption - at the very least 64bit. Just like that deadbolt on your front door, it is a deterrent. To crack a WEP key, approx 500mb or more of data has to be captured and disseminated. It would take a little while to capture that much data in one sitting without attracting SOME attention, but it can and has been done.
  4. DHCP can be left enabled if you have encryption enabled. Monitor your DHCP leases.
  5. MAC address filtering can be enabled for further protection. Note: I have seen incidents where the actual MAC reported by the operating system(s) was in fact NOT the one being transmitted. Also, be aware that if your NIC fails, you may not be able to get back into your router without resetting its defaults.
  6. Dive into the manual (gasp!) to look for things like "Security Settings" "Remote Management" or "Discard Ping from WAN side." If this is your primary internet connectivity point (i.e., the WAN side has a Public IP Address or plugs into your broadband modem), you will want to disable anything that allows someone to manage or test your defenses from the internet or from a neighbor down the street...

The basic formula for snuggling up in bed and not worrying about your cybergenerosity... WEP + NewSSID + MAC Filtering + Tweaks (RTFM) – DHCP = Ahhhhhh!


Grey Eagle Consulting and DevelopmentTres Ransom
. : . Grey Eagle Consulting and Development . : .
www.greyeagleconsulting.com