Wireless networks are everywhere; in workplaces, in homes, and in schools the world over. They allow us to play online games, read the news, view our Facebook and Twitter pages and check our bank accounts without having to use messy cabling to receive a connection or argue on the internet. However, despite the benefits provided by wireless networks, it may come as a shock to some readers when I say that I <i>hate</i> them.
My father also hates wireless networks, but for a different reason. He hates them because you can’t see them, old man style. I hate them because of the lack of security they present, and the way that they misrepresent themselves as secure devices, when they are not.
Providing wireless access into your secure, wired network is the same as buying a Ferrari and parking it in a rough neighbourhood with the keys in the ignition; you know something is going to go wrong. Some of you may think that I am overreacting but I say that if you can find an intelligence agency that has a wireless network on one of its secure networks then I will show you an intelligence agency that needs to send its staff on a security training course. To prove my point that wireless networks are security nightmares, I decided to hack my own home wireless network using basic applications found in most versions of BackTrack, a Linux distribution designed for penetration testing. I ran a sniffer application known as Ettercap on the network. The results can be viewed below:
This screenshot shows that my laptop is connected to my wireless network and that I am now capturing all password information that I pass across my network. This means that if I were to log onto my bank account, an attacker could potentially capture my user account information and thus have access to my account. From this screenshot you can see that the first Username and Password listed originate from a Windows Live account, while the second entry originates from a Facebook account.
So, in this rather attractive issue of Atomic, I will be explaining some basic theory behind the most notable wireless security methods, giving some tips on implementation and explaining the vulnerabilities of each method.