Wireless LAN Security hacking

As the next generation of IT networking, 802.11 wireless LANs are also the new playgrounds for hackers. Effective encryption and authentication security measures for wireless LANs are still developing, but hackers already possess easy-to-use tools that can launch increasingly sophisticated attacks that put your information assets at risk.
Like personal computers in the 1980s and the Internet in the 1990s, wireless LANs are the new frontier of technology in the enterprise. Thus, this white paper is not designed to scare enterprises away from deploying wireless LANs. Wireless LANs can be secured with a layered approach to security that goes beyond new encryption and authentication standards to include 24x7 monitoring and intrusion protection.
This white paper outlines how hackers are exploiting vulnerabilities in 802.11 wireless LANs and the widely available hacking tools. The information presented is a collection of already published risks to wireless LANs. This white paper is written to inform IT security managers of what they are up against. In order to effectively secure their wireless LANs, enterprises must first know the potential dangers.

The Hacker’s Wireless LAN Toolbox

Hackers – as well as white hat researchers – are notorious for quickly breaking the new security standards soon after the standards are released. Such is the case with the security standards for wireless LANs. This section provides a few examples of the hardware and freeware tools available on the Internet.

Available Freeware Tools
As mentioned in the introduction, new wireless LAN hacking tools are introduced every week and are widely available on the Internet for anyone to download. Rather than wait for a hacker to attack your network, security managers should familiarize themselves with tools to know what they have to defend themselves against. The table on this page gives a few examples of widely available freeware tools. Network security managers should become familiar with these hacking tools in order to know the dangers of each.

Antennas
To connect with wireless LANs from distances greater than a few hundred feet, sophisticated hackers use longrange antennas that are either commercially available or built easily with cans or cylinders found in a kitchen cupboard and can pick up 802.11 signals from up to 2,000 feet away. The intruders can be in the parking lot or completely out of site.

Breaking Encryption
The industry’s initial encryption technology, WEP, was quickly broken by published tools WEPCrack and AirSnort, which exploit vulnerabilities in the WEP encryption algorithm. WEPCrack and AirSnort passively observe WLAN traffic until it collects enough data by which it recognizes repetitions and breaks the encryption key.

Breaking 802.1x Authentication
The next step in the evolution of wireless LAN security was the introduction of 802.1x for port-based

Tool
  1. NetStumbler
  2. Kismet
  3. kismet
  4. Wellenreiter
  5. THC-RUT
  6. Etherea
  7. WEPCrack
  8. AirSnort
  9. HostAP
authentication. However, University of Maryland professor William Arbaugh published a research paper in February 2002 that demonstrated how the newly proposed security standard can be defeated. The IEEE is now working on a new standard, 802.1i, which is expected to be ratified within the next two years.

War Driving

To locate the physical presence of wireless LANs, hackers developed scanning and probing tools that introduced the concept of “war driving” – driving around a city in a car to discover unprotected wireless LANs. User-friendly Windows-based freeware tools, such as Netstumbler, probe the airwaves in search of access points that broadcasted their SSIDs and offer easy ways to find open networks. More advanced tools, such as Kismet, were then introduced on Linux platforms to passively monitor wireless traffic.

Both Netstumbler and Kismet work in tandem with a global positioning system (GPS) to map exact locations of the identified wireless LANs.