Wireless

Fundamentals

• There are several standards for wireless. 802.11b is most commonly used these days, but 802.11a and 801.11g are also available and offer higher bandwidth and greater range.
• The concept: your computer uses a two-way radio that operates in the 2.4GHz range (not requiring a license). It communicates with one wireless access point (AP) that, in turn, sends data up the network...
• Like Ethernet, wireless is a broadcast communication method: anyone in range can detect the data you send and receive.
• Like for Ethernet and other telecommunication that could be intercepted, encryption and access control are needed for security.
• Here's an article from O'Reilly about the 802.11b standard

Wireless Security

• Access control: An SSID (service set identifier) can act like a passcode. This can also help differentiate traffice for two different access points near each other. SSID is transmitted in plain text, so doesn't offer much security.
• Network access: A wireless card has an Ethernet MAC which can be used to determine what data is allowed to cross the network. However, wireless cards (and access points) can set their MAC.
• Encryption: Wired Equivalent Privacy (WEP) uses a symmmetric encryption key plus a checksum system to provide encryption plus integrity checking between the client and the AP. However, due to the size of the keyspace, discovering the encryption key is easy. Due to the checksum, providing falsified data is also easy. Using 128 bit keys, instead of the older default of 40 bits, helps.

  From a SANS article:

  Along with the specifications of transmission, 802.11 defined the WEP protocol to address some of the security issues. The principal goal of WEP is to defend the confidentiality of data from eavesdroppers. Another objective is to guard against surreptitious modification of data (integrity). An ancillary intention of WEP is to provide access control to the WLAN infrastructure. Regrettably, with the vulnerabilities discovered by the researchers, WEP's security goals can be defeated.

Tools and Discoveries

• A new pastime for security experts, hackers and hobbiests is finding access points, especially those without WEP.
  • Regionally: Alan Clegg's maps and related information
  • NetStumbler.com has a North America map
• Some tools:
  • PacketStorm Security's wireless page. It lists the following, plus other tools and resources.
  • NetStumbler.com, a program for MS Windows, plus other information
  • AirSnort, one of the first publicly available tools to exploit WEP insecurity. For Linix & BSD
  • Kismet, similar to AirSnort but developed separately and with some different features
  • Kismet-Qt, a graphical interface for Kismet

Locally...

• UNC's network will only talk to wireless cards whose MACs are registered and associated with an ONYEN
• UNC will require WEP soon. Details of how key distribution will be handled have not yet been distributed.