About Computers and Information Technology
July 6th, A Florida man has been arrested for allegedly using his neighbor's wireless network (Wi-Fi) This type of unauthorized access to a computer network happens to be a third-degree felony. Police are saying that Benjamin Smith III admitted using the Wi-Fi signal of Richard Dinon, Smith's neighbor. Dinon says he noticed Smith sitting in a vehicle, using a laptop computer, outside his home in St. Petersburg.
As far back as November 2003, Toronto police charged a man with theft of telecommunications because he was using someone else's Wi-Fi network to download child pornography. The man was caught using his laptop computer, while driving his vehicle no less, to download the images.
Compromising a Wi-Fi Network is Easier than You Might Think
So how is it possible to access someone else's wireless network? According to the network security products company LucidLink it's easier than you might think.
There are two common scenarios in which a Wi-Fi network can be compromised. The first involves the use of someone's unsecured wireless network by an unauthorized person. The second is a more sophisticated procedure, often involving a hacker, that begins with eavesdropping on your network.
Unauthorized Use of a Wireless Network
The first secenario involves the use of a Wi-Fi network by an unauthorized person. I'm tempted to say that this is the most common scenario. What makes it so common is the fact that many people, and businesses too, fail to properly secure their wireless network.
More than ten million homes and small offices are equiped with Wi-Fi networks, many of them unsecured and open to unauthorized use. Virtually all home and SOHO Wi-Fi products come ready-to-use right out of the box. It's great for the average computer user, but the problem is many people don't understand how to secure a wireless network.
It's actually quite easy, the Communications Fraud Control Association based in Phoenix, Arizona has published a very simple Q&A about using and securing a Wi-Fi network. It also includes 5 simple steps you can take to secure your network. For the sake of convenience I've listed them further down the page.
Wardriving: Eavesdropping on Your Network
WarDriving is the act of locating and logging wireless access points while in motion--normally in a moving vehicle. Hackers often use this technique to locate, identify and determine which wireless networks are ripe for the picking. There's even an online database dedicated to recording and publicly displaying this information.
The next step involves eavesdropping on your network while at the same time recording your data transmitted by the Wi-Fi signal. Even if you use encryption on your network it is still possible to capture your data in its encrypted form. A hacker will simply use a variety of freely available tools to decipher and reconstruct the data later on. Once the information has been reconstructed a hacker will be able to sift through e-mail and other documents looking for passwords and other sensitive bits of information.
LucidLink has put together an excellent Flash presentation entitled, Over the Shoulder of a Wireless Hacker, which demonstrates how your network could be compromised from the hacker's point of view.
1. Install a Firewall
A firewall helps protect your PC by preventing unauthorized users from gaining access to your computer through the Internet or a network. It acts as a barrier that checks any information coming from the Internet or a network, and then either blocks the information or allows it to pass through to your computer.
2. Change the Administrative Password on your Wireless Routers
Each manufacturer ships their wireless routers with a default password for easy initial access. These passwords are easy to find on vendor support sites, and should therefore be changed immediately.
3. Change the Default SSID Name and Turn Off SSID Broadcasting
This will require your wireless client computers to manually enter the name of your SSID (Service Set Identifier) before they can connect to your network, greatly minimizing the damage from the casual user whose laptop is configured to connect to any available SSID broadcast it finds. You should also change the SSID name from the factory default, since these are just as well-known as the default passwords. NOTE: Even though the SSID is disabled the SSID is included in the data packets that are transmitted and is easy to discover.
4. Disable DHCP
For a SOHO network with only a few computers, consider disabling DHCP (Dynamic Host Configuration Protocol) on your router and assigning IP addresses to your client computers manually. On newer wireless routers, you can even restrict access to the router to specific MAC addresses.
5. Replace WEP with WPA
WEP (Wired Equivalent Privacy) is a security protocol that was designed to provide a wireless computer network with a level of security and privacy comparable to what is usually expected of a wired computer network. WEP seeks to establish security by encrypting data transmitted over the wireless computer network. Data encryption protects the vulnerable wireless link between clients and access points. Once this measure has been taken, other typical wire computer network security mechanisms such as password protection, end-to-end encryption, virtual private networks (VPN's), and authentication can be put in place to ensure privacy. Unfortunately, WEP is a very weak form of security that uses common 60 or 108 bit key shared among all of the devices on the network to encrypt the wireless data. Hackers can access tools freely available on the Internet that can crack a WEP key in as little as 15 minutes. Once the WEP key is cracked, the network traffic instantly turns into clear text – making it easy for the hacker to treat the network like any open network.
WPA (Wi-Fi Protected Access) is a powerful, standards-based, interoperable security technology for wireless computer networks. It provides strong data protection by using 128-bit encryption keys and dynamic session keys to ensure a wireless computer network's privacy and security. Many cryptographers are confident that WPA addresses all the known attacks on WEP. It also adds strong user authentication, which was absent in WEP.
Sources & Links: