Open wireless networks are networks that:

6 Wireless Network Security

Employees using the convenience of wireless to log into the corporate network (usually via laptop) need to have their laptops configured with strong encryption to prevent data breaches. The first-generation encryption type known as Wireless Equivalent Privacy (WEP) was easily deciphered (cracked) using common hacking tools and is no longer widely used. The latest standard in wireless authentication is WPA or WPA2 (802.11i), which offers stronger encryption compared to WEP. Although wireless cards in laptops can offer all the previously noted choices, they should be configured with WPA or WPA2 if possible.

There are quite a few hobbyists roaming corporate areas looking for open wireless access points (transmitters) equipped with powerful Wi-Fi antennas and wardriving software, a common package being Netstumbler. Wardriving was originally meant to log the presence of open Wi-Fi access points on Web sites (see sidebar: Basic Ways to Prevent Wi-Fi Intrusions in Corporate Intranets), but there is no guarantee that actual access and use (piggybacking, in hacker terms) won’t occur, curiosity being human nature. If there is a profit motive, as in the TJX example, access to corporate networks will take place, although the risk of getting caught and the resulting risk of criminal prosecution will be high. Furthermore, installing a RADIUS server is a must to check access authentication for roaming laptops.

Basic Ways to Prevent Wi-Fi Intrusions in Corporate Intranets

Reset and customize the default Service Set Identifier (SSID) or Extended Service Set Identifier (ESSID) for the access point device before installation.

Change the default admin password.

Install a RADIUS server, which checks for laptop user credentials from an Active Directory database (ACL) from the same network before giving access to the wireless laptop. See Figures 8.5 and 8.6 for illustrated explanations of the process.

Enable WPA or WPA2 encryption, not WEP, which is easily cracked.

Periodically try to wardrive around your campus and try to sniff (and disable) nonsecured network-connected rogue access points set up by naïve users.

Document the wireless network by using one of the leading wireless network management software packages made for that purpose.

Note: Contrary to common belief, turning off the SSID broadcast won’t help unless you’re talking about a home access point situation. Hackers have an extensive suite of tools with which to sniff SSIDs for lucrative corporate targets, which will be broadcast anyway when connecting in clear text (unlike the real traffic, which will be encrypted).

Publisher Summary

Phishing attacks appear in different forms other than forged emails and spoofed Web sites. They can exploit vulnerabilities in open wireless access points, Bluetooth, and handheld devices. Further, such attacks can be carried out using SMS or VoIP. In a mobile environment, such attacks are easier to set up and more convincing than traditional mass mailing techniques. Although traditional phishing attacks rely on fooling the recipient, in a mobile environment, the attack can take advantage of the limited (or lack of) security in mobile devices. Several ubiquitous solutions available for desktop and wired computers are generally not as readily available across wireless and mobile devices. This is due to the limitations in mobile devices, namely power, processing, and storage. Implementing traditional antiphishing solutions, such as machine learning approaches, in a mobile environment is inapplicable since some of these solutions are heavy in nature. Antiphishing solutions in a mobile environment should take advantage of the high predictive accuracy of machine learning approaches and at the same time conceal the high overhead associated with such approaches by building a distributed client-server framework to thwart the attacks.

The Application Layer

Most of the applications listed in this section are totally insecure because they were written for a different time. At the beginning of the networked world, most systems were mainframes that were locked in government and business buildings. There were no Category 5 cables interconnecting every office in the building, and no open wireless access points were being broadcast from the apartment next door. Suppressing passwords and other critical information on the monitor was considered robust enough to protect information and data. Here’s a short list of some of the insecure applications and high-level protocols:

FTP FTP is a TCP service that operates on ports 20 and 21 and is used to move files from one computer to another. Port 20 is used for the data stream, and transfers the data between the client and the server. Port 21 is the control stream, and is used to pass commands between the client and the FTP server. Attacks on FTP target misconfigured directory permissions and compromised or sniffed cleartext passwords. FTP is one of the most commonly hacked services.

Telnet Telnet is a TCP shell service that operates on port 23. Telnet enables a client at one site to establish a session with a host at another site. The program passes the information typed at the client’s keyboard to the host computer system. While Telnet can be configured to allow anonymous connections, it should also be configured to require usernames and passwords. Unfortunately, even then, Telnet sends them in cleartext. When a user is logged in, he or she can perform any allowed task.

Simple Mail Transfer Protocol (SMTP) This application is a TCP service that operates on port 25, and is designed to exchange electronic mail between networked systems. Messages sent through SMTP have two parts: an address header and the message text. All types of computers can exchange messages with SMTP. Spoofing and spamming are two of the vulnerabilities associated with SMTP.

Domain Name Service (DNS) This application operates on port 53, and performs address translation. DNS converts fully qualified domain names (FQDNs) into a numeric IP address and converts IP addresses into FQDNs. DNS uses UDP for DNS queries and TCP for zone transfers. DNS is subject to poisoning and if misconfigured, can be solicited to perform a full zone transfer.

Trivial File Transfer Protocol (TFTP) TFTP operates on port 69, and is a connectionless version of FTP that uses UDP to reduce overhead and reliability. It does so without TCP session management or authentication, which can pose a big security risk. It is used to transfer router configuration files and to configure cable modems. People hacking those cable modems are known as uncappers.

Hypertext Transfer Protocol (HTTP) HTTP is a TCP service that operates on port 80. HTTP helped make the Web the popular service that it is today. The HTTP connection model is known as a stateless connection. HTTP uses a request response protocol where a client sends a request and a server sends a response. Attacks that exploit HTTP can target the server, browser, or scripts that run on the browser. Nimda is an example of the code that targeted a Web server.

Simple Network Management Protocol (SNMP) SNMP is a UDP service that operates on ports 161 and 162, and was designed to be an efficient and inexpensive way to monitor networks. The SNMP protocol allows agents to gather information (e.g., network statistics) and report back to their management stations. Some of the security problems that plague SNMP are caused by the fact that community strings are passed as cleartext and the default community strings (public/private) are well known. SNMP version 3 is the most current and offers encryption for more robust security.

Is an open wifi network secure?

Where is open Wi

What is an open public network?

What are the 3 main types of wireless networks?