Recommended action: Turn SSID broadcasting off.
Reality: Several software tools (such as Kismet) exist that will discover the SSID when a client connects — and common hacker tools can force a user to reconnect to the AP at will — thus giving up the SSID. In reality, this measure stops only two commonly used WLAN discovery tools from finding a WLAN, namely, Netstumbler and Windows XP.
Recommended action: Utilize static IP addresses.
Reality: Static IP address pools can be found quickly through simple traffic analysis, much quicker than you can eliminate DHCP from your network.
Recommended action: Turn 128-bit WEP encryption on.
Reality: WEP can be cracked in tens of minutes in essentially every case.
Recommended action: Change WEP keys periodically.
Reality: New WEP keys can be cracked just as quickly as old ones.
Recommended action: Enable MAC address filtering.
Reality: Simple traffic analysis will yield the authorized MAC addresses (which, after all, are the only ones passing traffic over the network). Because MAC addresses can be specified by a hacker for his WLAN card, this has no real security benefit. In fact, this “security tip” offers essentially zero security while requiring great effort to implement.
Recommended action: Utilize shared key authentication.
Reality: Again, WEP can be cracked quite rapidly.
Recommended action: Use personal firewalls.
Reality: A good idea to prevent anyone who does manage to connect with the AP from communicating with your mobile device and potentially obtaining data or doing harm. However, because attacks exist that fool the mobile device into believing that a hacker’s system is a trusted one, this is not a panacea.
Recommended action: Administer wireless devices using secure protocols like SSH or HTTPS, instead of telnet or http. With the tunnel in place, anyone who tries to monitor the conversation between your laptop and the mail server will get something resembling line noise.
Reality: Unless the hacker is able to perpetrate a man-in-the-middle attack. SSH and HTTPS have been found vulnerable in the past to man-in-the-middle attacks in certain circumstances; wireless connections are easier to exploit in this regard than wired ones.
Next» Wireless Security Honeypots