6 Common Fallacies of Wireless Network Security

No one wants to get into my WiFi network, and if they get a free ride on the internet who cares? Unfortunately, we live in a world where crimes and vandalism is common place, even more so when the crime can go undetected. Many hackers or disgruntled employees are merely looking to compromise someone's systems whether or not there are huge payoffs – these vandals break in simply because they can. Through your open WiFi network, and intentional hacker can destroy the network and every PC on the network. Imagine the cost to your organization if a hacker launches a virus directly into your network or re-initializes the hard drives on every PC they could access.

I don't have any important information that anyone would want to access. Many people believe that their electronic information is not at risk or of little value to anyone who sees it. This is dangerous thinking. With simple sniffing software, (look over the shoulder of a Wi-Fi hacker) every packet of data you send or receive over the WiFi network can be read and stored to disk. Most users don't realize that when they access their e-mail from a POP3 account over WiFi, their e-mail account user name and password are readable over the air. Imagine the access to personal and confidential information a hacker can have after capturing your e-mail password and having unrestricted access to your e-mail account for months on end without being detected.

There's no one within 300 feet of my building, and WiFi can’t reach beyond that point. Many users falsely believe that they are secure because none of their neighbors are within 300 feet of their home or office. In fact, with a $100 directional antenna hackers can access your WiFi network traffic and PC data from as far as a mile away, making it very difficult to pinpoint the hacker at all. Another common WiFi hacker trick is to leave an unmonitored PC in their car, hotel room, or other temporary location. The PC can be connected to aantenna pointing at your office or home and collects gigabytes of network traffic for off-line analysis after the PC is retrieved. It is nearly impossible to detect a hacker listening to your WiFi network.

If I put in a WiFi network, no one else will find it. War driving is the practice of finding & logging WiFi networks. With a high powered antenna, GPS, and a laptop, war drivers can detect and plot your WiFi network on a global grid. These war drivers then file the location of your network into a permanent database on the web. Once an unsecured WiFi network is found by these war drivers, anyone can pinpoint the exact location of your WiFi network (complete with road maps) on the internet. Go to www.wigle.net to see if your WiFi network is already one of the 9,300,000 Wi-Fi networks that have been logged already.

MAC address filtering can do the job. MAC address filtering is dangerous because it provides a false sense of security to the unsuspecting. Many WiFi access points and routers allow MAC address filtering – a low level check on the MAC address or identifier of your WiFi interface – to determine if a particular PC should be allowed access on the WiFi network. There are 2 significant problems with MAC address filtering. First, it doesn’t prevent passive attacks. A hacker can still capture and listen to your WiFi network traffic without ever being seen. And second, if hackers want access to your network, they need only listen for a valid MAC address, and change the MAC address on their PC to match a valid address. This can be done in less than a minute.

WEP Security is good enough. WEP (Wired Equivalent Privacy) uses common 60 or 108 bit key shared among all of the devices on the network to encrypt the WiFi data. Unfortunately, WEP is a very weak form of security. Hackers can access tools freely available on the internet like WEPcrack, Aircrack, and Airsnort that can crack a WEP key in as little as 15 minutes. Once the WEP key is cracked, the WiFi network traffic instantly turns into clear text – making it easy for the hacker to treat the WiFi network like any open network.