exploited by a threat. Some examples are wireless networks not using encryption, weak passwords on wireless access points or APs (which is the central hub for a set of wireless computers), and an AP sending wireless signals outside the building. Wireless-network vulnerabilities are what we’ll be seeking out in this book.
Beyond these basics, quite a few things can happen when a threat actually exploits the vulnerabilities of a various wireless network. This situation is called risk. Even when you think there’s nothing going across your wireless network that a hacker would want — or you figure the likelihood of something bad happening is very low — there’s still ample opportunity for trouble.
Risks associated with vulnerable wireless networks include ߜ Full access to files being transmitted or even sitting on the server ߜ Stolen passwords
ߜ Intercepted e-mails
ߜ Back-door entry points into your wired network
ߜ Denial-of-service attacks causing downtime and productivity losses ߜ Violations of state, federal, or international laws and regulations relating to privacy, corporate financial reporting, and more
06_597302_ch01.qxd 8/4/05 7:28 PM Page 12
12 Part I: Building the Foundation for Testing Wireless Networks ߜ “Zombies” — A hacker using your system to attack other networks making you look like the bad guy
ߜ Spamming — A spammer using your e-mail server or workstations to send out spam, spyware, viruses, and other nonsense e-mails We could go on and on, but you get the idea. The risks on wireless networks are not much different from those on wired ones. Wireless risks just have a greater likelihood of occurring — that’s because wireless networks normally have a larger number of vulnerabilities.
The really bad thing about all this is that without the right equipment and vigilant network monitoring, it can be impossible to detect someone hacking your airwaves — even from a couple of miles away! Wireless-network compromises can include a nosy neighbor using a frequency scanner to listen in on your cordless phone conversations — or nosy co-workers overhearing private boardroom conversations. Without the physical layer of protection we’ve grown so accustomed to with our wired networks, anything is possible.
Understanding the enemy
The wireless network’s inherent vulnerabilities, in and of themselves, aren’t necessarily bad. The true problem lies with all the malicious hackers out there just waiting to exploit these vulnerabilities and make your job — and life — more difficult. In order to better protect your systems, it helps to understand what you’re up against — in effect, to think like a hacker. Although it may be impossible to achieve the same malicious mindset as the cyber-punks, you can at least see where they’re coming from technically and how they work.
For starters, hackers are likely to attack systems that require the least amount of effort to break into. A prime target is an organization that has just one or two wireless APs. Our findings show that these smaller wireless networks help stack the odds in the hackers’ favor, for several reasons: ߜ Smaller organizations are less likely to have a full-time network administrator keeping tabs on things.
ߜ Small networks are also more likely to leave the default settings on their wireless devices unchanged, making them easier to crack into.
ߜ Smaller networks are less likely to have any type of network monitoring, in-depth security controls such as WPA or WPA2, or a wireless intrusion-detection system (WIDS). These are exactly the sorts of things that smart hackers take into consideration.
However, small networks aren’t the only vulnerable ones. There are various other weaknesses hackers can exploit in networks of all sizes, such as the following:
06_597302_ch01.qxd 8/4/05 7:28 PM Page 13
Chapter 1: Introduction to Wireless Hacking
13
ߜ The larger the wireless network, the easier it may be to crack Wired
Douglas Preston, Lincoln Child