Wireless Security: 6 Ways to Stop and Catch Hackers and War Drivers

War drivers are in the business of finding wireless access points, documenting them and uploading their locations to the web. Why would someone do this, well for several reasons:

First they want free internet access. Next they could just be war driving as a hobby; finally they could be targeting your network for financial gain.

One of the most asked questions is how do you stop hackers from trying to hack your wireless lan and how to catch them in the act.

Stopping Wardrivers:

1. Use directional antennas: One of the most under stated uses of directional antennas are how they keep your wireless signal within your area of operation. If you are using a Omni directional antenna that is causing half the signal to travel outside your building, you have a major security problem. Also while using your wireless directional antenna turndown transmit power to reduce your signal strength if you can.

2. Blend your wireless antennas into your buildings architecture or keep them low profile. This is not expensive, the whole point is not letting your antennas stick out like a sore thumb so anyone driving by doesn't say, wow they have a wireless network. Once again the best way to stop people from trying to hack your wireless network is to keep it hidden.

3. Use Kismet or Airsnort - Make a cheap wireless Intrusion detection system. Use an older desktop computer install Linux, install a USB wireless adapter or PCI wireless adapter and boom you have your wireless war driver stopper. Both Kismet and airsnort will alert you when wireless clients are probing your network. If a wireless client is using netstumber and not joining networks they will be found by Kismet. Their wireless adapters MAC address will be logged and other details of the operating system. Most of the time these could be false hits but if you notice a pattern of the same MAC address probing networks you could have hacker issues.

4. Security Cameras - No matter how hard you try not to have your signal bleed outside your operations area it will...to a point. Probe your own network as if you were a wardriver. Don't just use a standard wireless adapter to find out where you still can detect your network. You will want to use a highly directional antenna to see how far away you can detect your own network. Once you know your weak points setup some cheap security cameras to monitor those areas.

5. Setup a Honey Pot - Give the Wardriver what they want, a network to hack. Take an access point connect it to a standalone switch with another junk computer connected to that switch. Name the SSID something sounding important like server WLAN and name the computer Database. Finally use a weak password or just leave the access point without any security. Script kiddies who say they "hack networks" really are only connecting to open wireless lans with no security. If you give them a "Important sounding SSID with a "database to hack" this will keep them occupied until you can track them down. There are many honeypot programs free and commercial that will simulate networks or servers but are really just recording all the hackers' information and types of attacks.

6. Use a RADIUS Server - RADIUS servers require Wireless clients to authenticate with a username and password not just with a PSK (Pre- Shared Key). With out a RADIUS server you really don't know who is on your WLAN. With a RADIUS server you know who is accessing your WLAN and when they accessed it. Also a RADIUS server gives you the ability of creating policies for times your WLAN can be accessed and other required security features the wireless clients must have enabled their computers.

Now let's put this all together to catch our hacker. First you are going through your daily routine of checking logs on your Kismet IDS server and you notice the same MAC address probing networks but not joining. Next you check your help tickets and notice that in one area of the building clients were having trouble connecting to the wireless network or they had trouble staying connected.

Flags go up in your head, so you go over to your honeypot server and check that . You notice it was accessed around the same time of the Kismet logs showed a client probing the network. The honey pot recorded the MAC address of the WAR driver and the operating system and the computer name.

Next you check your security cameras for that time but don't really notice anything. So for the next couple days you keep monitoring your honey pot server and watch the hacker try and crack the WLAN and the database server. The whole process of cracking wireless encryption is actually two steps. The first step is gathering enough packets for your cracking program to crack. This whole process of gathering enough packets can takes days or weeks not five minutes. Now once you do have enough packets 64 bit WEP encryption can be cracked in less that five minutes. 128 bit encryption can take many times longer, WPA with TKIP and AES encryption can takes months to crack.

My whole point is that you have some time to catch your hacker because he will be back many times, assuming that you already have at least the basic security features in place.

Now once you have all your logs compiled and your honey pot data you should have a good idea how the hacker behaves. Check your security cameras and you probably notice the same car or person in the area around that time. Take that information to your in house security and tell them to watch for that vehicle or person and call the police.

If you are lucky security or police will spot him and apprehend him. Convicting him or her will be tough but with your compiled logs and video you should have a lot of evidence to help your case.

Simple and secure wireless solutions. Join the most popular wireless networking newsletter on the internet at http://www.wirelessninja.com Keep your home and family safe with Ninja certified wireless hidden cameras [http://www.wirelessninja.com/wireless_hidden_cameras.htm]

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Network Security - I Have a Firewall, So I Am Safe From Hackers, Right?

Wrong. How many high profile organisations have been hacked in recent months? We are talking about Government, DoD, Security Companies, Sony! You can bet your cotton socks that these guys have more than one Firewall protecting their network(s) plus a whole load more protective controls.

So, if they have so much Security, how on Earth were they hacked - what was the weak link? Human Beings, a wireless Printer, Surveillance Bugs?

Well frankly it could be any number of things. A Human can be tricked into providing restricted information such as their user credentials. A printer might be running an old version of firmware susceptible to man in the middle attacks or a bug could be planted in the IT Room to eavesdrop on useful information.

The point here is that placing a Firewall on your Network or installing a Laser Beam Alarm Systems in the building is not enough. You need to put yourself in the shoes of a Hacker and think the way they do. Why break into a building at night when they can walk into to the building during the day and impersonate an employee? Why hack the firewall when they can plant a USB stick on the floor for an employee to pick up and connect to their PC punching a hole straight through the firewall?

What do we have to do in order to protect ourselves from these attacks? Well, I would start by having a carefully thought out Security Policy. Sounds a bit tame doesn't it? Well its the equivalent of a having a plan. Do you think the USA ever went into a War without a plan - actually don't answer that! Having a well thought out plan makes your life so much easier by providing you the path that you need to follow rather than trying to feel your way through. An Employee education programme would be a good place to start. It may include guidelines like:

'NEVER provide your User Credentials to ANYONE'. All seems quite obvious but you'd be amazed at how easy it is to pose as an IT Support member and blag a password out of someone.
Another one might be to forbid the use of unauthorised external media such as USB Sticks.
A quarterly staff or departmental presentation to educate staff on Security and explain why these controls are being put in place - Believe it or not it helps for the staff to know why they have been asked to act in a certain way.

Read more in Part 2 of this document so keep a look out!

Net3Security is a Managed Services Provider specialising in Network & Data Security Solutions. Read more at http://www.net3security.com

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.