Do you have a wireless network at home, work, or school? There is a 60% chance that your computer is susceptible to inside attacks. After preforming research for one of my computer science classes I discovered that over 60% of wireless networks in a 10 mile radius did not have any security encryption

With the increasing number of identity thefts each year, securing your home network is almost always overlooked. You might think that your firewall is protecting your computer network from hostile computer users. But in fact hackers can simply sit outside your house and gain access to your wireless network. If your network is encrypted they can use simple tools that can be downloaded freely off the internet to crack your encryption keys too.

Many people have a false sense of security from the consumer electronic manufactures that make wireless routers/firewalls. Many of these devices ship with the wireless feature enabled with no encryption turned on. Consumers simply plug the device in and they are in business. Most of these devices have firewalls, but firewalls only provide a layer of protection to your network from “outside” WAN attacks, it monitors the incoming traffic that enters your network from your internet source (cable, dsl, fios modems). What they don’t protect you from is “inside” LAN attacks. If a hacker has gained physical access to your internal network he essentially has free reign to access every resource on your network. Back before wireless the intruder would have to be physically plugged into your network. Now with wireless networks, they simply just need to be in range of the access point. They could be a neighbor across the street, or a passerby in a car. These people are harder to track, since they can login, get information and drive off.

There are a few measures that can be taken, but the best one is to get your place wired.

Measures people use to protect their wireless network and the ways that they are defeated:

  • Many people pretend to “hide” their wireless network by disabling SSID broadcast. This is essentially security by obscurity. When your computer attempts to access a wireless network, it sends a probe request to the access point. The access point will then reply to the request with the SSID/BSSID. Many open source wireless sniffers can discover a hidden wireless network when there is traffic on that network.
  • Authentication and Disassociation vulnerabilities: Since the authentication frames are not encrypted an attacker can impersonate a wireless station to get authenticated. Also a few disassociation frames can be sent by the impersonating station to disassociate the target node. This will force the target node to re-associate with the station.
  • WEP Attacks- This is one of the most common network authentication/security measures small business deploy on their wireless networks. The main problem is that it is easily broken and keys can be easily guessed using a dictionary attack.
  • MAC Address Access Control- Some networks allow access to specific network cards that are registered with the wireless system. Although it provides another layer of security, MAC addresses can be changed on the majority of network cards. This can defeat hotspot areas that require you to subscribe to gain access

The above list is common attacks/problems that can be used against wireless networks. There are many ways to defeat wireless security that will be discussed in later posts. These are common samples of what can be done to gain access to a home/small business network.

So I just provided some examples on how common wireless networks can be breached. There are a few measures that can be taken to protect vital parts of your network:

  • Move your wireless access points outside of your firewall. This will allow wireless users to gain access to the internet but not access to your local network.
  • Disable administrative wireless access to your access point. If you need to preform access point maintenance plug directly into your access point

Conclusion:

Just about any network is vulnerable to attacks (wired/wireless). It is recommended that businesses that have critical personal data on their network, never attach a wireless note to their networks. This includes computers with their wireless card turned on. There are some measures that can be implemented to encrypt wireless data, which will be discussed in a later post.

Note: The above information is intended for educational purposes only. Jeffrey Wray and JeffreyWray.com does not condone unauthorized access to networks.