Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom
----------------------------------------
As a network security consultant, I travel quite frequently. At times, it seems like the airport is my second home. I actually like to fly, it's a moment in time where no one can reach me by e-mail, or mobile phone.

It never fails that something interesting happens to me at the airport. I've even met some famous people during my travels. A few months ago, I ran into Frank Bielec, from the TLC show, Trading Spaces. But one of my favorite things to do at the airport is browse the wireless Ethernet waves. I'm never really surprised at what I find. I'm just glad I know more about wireless Ethernet than the average road warrior.

The Dangers Of Ad-Hoc Wireless Networking
-----------------------------------------
Most people who have wireless Ethernet at home, or the office, connect to the wireless network by attaching to a wireless Access Point, or AP. This method of wireless networking is called "Infrastructure Mode". If you have a secure wireless network configured in "Infrastructure Mode" you are using MAC address filtering, some level of encryption, and have made some additional changes to your AP in order to prevent just anyone from using it or capturing data. For more information on configuring your "Infrastructure Mode" wireless network take a look at the "Wireless Network Security" page at Defending The Net.

Links
-----
http://www.defendingthenet.com/WirelessNetworkSecurity.htm

However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of.

A wireless Ad-Hoc network allows you to communicate with other wireless Ethernet systems without using a wireless access point. It's kind of a peer to peer configuration and it works rather well. The problem is, most people just set it up, and forget about it. At home, it's not a huge problem, but when your on the road, it could cause you a great deal of grief. The airport is probably the best place to find Ad-Hoc networks. Business men and women, delayed once again, power up their laptops and get to work completing the days tasks, or planning tomorrows agendas.

I can't tell you how many systems I find in the airport configured this way. Not just in the terminal, but on the plane. About three months ago, just after we reached cruising altitude and were allowed to use our "approved electronic devices", I found that the gentleman two seats up from me had a laptop configured as Ad-Hoc. He walked by me about ten minutes later and commented on how much he liked my laptop. I thanked him, and asked if his laptop was on, and configured to use wireless Ethernet, he said yes.

To make a long story short, I showed him that I could see his laptops wireless Ethernet and informed him of the danger. He asked me if I could access his hard drive, and I told him that it might be possible. He asked me to see if I could, so I obliged. After configuring my laptop to use the same IP address class as his, and typing "net use * hiscomputersIPAddressc$ "" /USER:administrator", I received a notice that the connection was successful and drive Z: was now mapped to his computer. I performed a directory listing of his hard drive and the guy almost had a heart attack!

After this, he moved up to the seat next to mine and we spent the next hour or so configuring his laptop securely, starting with securing his computers local administrator account. At one point during the configuration, he made the statement that I got real lucky because his local admin account did not have a password. My response to him was, I get lucky quite often.

Who Else Has Your Client List
-----------------------------
Just think of the possibilities. What do you have to lose if someone is able to just peruse the files and data on your laptop? Do you maintain your customer list on your laptop (Do you want this in the hands of a competitor)? How about your personal finances (Identity theft ring a bell)? So many people I talk to initially say, "I really don't have anything of great importance on this system". Then they think a little bit and start rattling of things they never really thought about before. All of a sudden, they get concerned.

The fact is, whether it be "Infrastructure Mode", or "Ad-Hoc" wireless Ethernet communications, if not properly configured and secured, can pose a significant risk. There are thousands of articles on the Internet about the dangers of improperly configured wireless networks, yet the number of unsecured networks seems to be getting greater, not less.

Strength And Posture Does Reduce Your Risks
-------------------------------------------
Keep in mind that your objective should be to reduce the chances that you will become a target for computer compromise. When I was growing up in South Philadelphia, I remember my father telling me that when you walk down the street, especially in the evening, to walk tall, and project a position of strength and authority. Why, because thugs typically pick out those who look like an easy target. The same thing goes for computer security. Reduce the risks of becoming a target buy configuring your system with a strong security policy.

When I perform security assessments, I create a list of potential targets, and potential methods of compromise. I then prioritize that list by which system, with a particular vulnerability, may be easiest to compromise. Those at the bottom of the list typically never come on my radar screen; the best scenario it to keep of the radar altogether.

Conclusion
----------
If your are using wireless Ethernet, no matter what configuration, follow a few rules and keep yourself secure against most common types of compromise.

1. Above all, make sure all your user accounts have strong passwords, especially those that have administrative control over your system;

2. Configure your wireless network to use some sort of encryption. I know there is a lot of concern about the "crackability" of WEP, but if this is all you have to work with, and then use it. It is still helpful;

3. If possible, use MAC addresses filtering to restrict unwanted systems from attaching to your wireless network;

4. Make sure the firmware for your AP's and wireless Ethernet cards are up to date. These updates can be found on your card or AP's support site.

Remember, if you are compromised over your wireless network it can be near impossible to track down where the attack came from. Worse yet, think about how many systems become compromised, and no one ever knows it?

About The Author
----------------
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Darren you can e-mail him at [email protected] or [email protected].

In The News:


Forbes

Building A Strong Foundation: How Network Architecture Dictates IT Security
Forbes
Although IT security has emerged as a high-profile, headline-grabbing issue, the concept of securing data has traditionally been secondary at best. Developers are typically focused on other elements, such as design and functionality. As a result ...

and more »

NPR

Equifax Confirms Another 'Security Incident'
NPR
After the revelation that a cybersecurity breach at the international credit reporting agency Equifax exposed personal information of 143 million people, the company has confirmed an additional security incident with a payroll-related service in the ...
Equifax says it had a security breach earlier in the yearABC News
Equifax acknowledges a second security 'incident' happened in MarchCNBC
Equifax Execs Resign; Security Head, Mauldin, Was Music MajorNBCNews.com
TechCrunch -CNNMoney -Bloomberg -Bloomberg
all 1,836 news articles »

USA TODAY

The Early Edition: September 21, 2017
Just Security
The U.N. Security Council backed reforms to its peacekeeping missions yesterday, Vice President Mike Pence stating that the U.N. must be more efficient and effective. Alexandra Olson reports at the AP. U.N. Secretary General António Guterres opened the ...
At UN, Trump's 'me first' doctrine abandons Truman's postwar 'security for all'USA TODAY
Remarks by President Trump at the Reforming the United Nations: Management, Security, and Development MeetingThe White House (blog)

all 4,361 news articles »

Forbes

Alphabet's Nest Goes After The Boring (But Big) Home Security System Market
Forbes
Alphabet-owned Nest has launched a full-on assault on the home security services market. At a press conference in San Francisco Wednesday morning, the smart gadget company announced its first full-fledged security system, Nest Secure. Nest Secure's ...
Nest's home security system costs $499 and comes with magnetic ...The Verge
Nest launches a new $349 smart outdoor security cameraTechCrunch
Alphabet's Nest introduces new home security devices as CEO promises big increase in salesCNBC
Phys.Org -Gizmodo -Business Insider -Nest
all 116 news articles »

Tunisia must live up to promises to end impunity for security forces at UN Human Rights Council
Amnesty International
The use of torture in custody and human rights violations committed in the name of security and counterterrorism will continue unabated unless Tunisia lives up to the commitments it has made today at the UN Human Rights Council in Geneva, said Amnesty ...

and more »

Engadget

Knightscope's new security bot looks like a mini concept car
Engadget
Robot maker Knightscope has been in the news lately for all the wrong reasons. Its K5 security robot took a look at the harsh world and chose to throw itself into a fountain. And a different K5 robot was attacked and knocked over by a drunk guy. But ...

and more »

PBS NewsHour

White House refutes Erdogan's claim that Trump apologized for charges against security guards
PBS NewsHour
The White House on Wednesday refuted Turkish President Recep Tayyip Erdogan's claim that President Donald Trump apologized to him after the Department of Justice filed charges against members of Erdogan's security detail following a clash outside of ...
Turkish president: Trump apologized for indictment of security staff in brawlThe Guardian

all 221 news articles »

Washington Post

UC system will chip in at least $300000 to help Berkeley pay security costs for controversial speakers
Los Angeles Times
The University of California will chip in at least $300,000 to help UC Berkeley pay security costs for controversial speakers, an unprecedented step as criticism mounts over the financial toll the events are taking on the campus. “Free speech is not ...
UC President to Pay Half of Security Costs for Shapiro, YiannopoulosInside Higher Ed
'Substantial cost': University of California foots major security bill for free speechWashington Post

all 36 news articles »

National Review

For National Security!
National Review
Call it Cooke's Rule: Those losing the argument over a given domestic policy will eventually cry “necessity.” This morning, Matthew Olsen and Benjamin Hass provide a good example, arguing in Politico that “the Electoral College is a national security ...

and more »

10TV

Security robots used to help fight crime
10TV
The security bots use the same technology used at TSA security checkpoints to determine the size and shape of weapons. Creators are also working on audio detection to help security locate the scene of a crime. “The opposite of voice recognition, can ...

Google News

Are They Watching You Online?

When surfing the Internet you probably take your anonymity for... Read More

Virus and Adware - Fix them Both!

We all get the odd virus now and then, but... Read More

Is Shopping Online For Your Horse Gifts Safe?

Shopping for horse gifts or other gift items on the... Read More

Is That Free Stuff Like An iPod Or Desktop Computer Really Free?

Have you seen the web site, www.freestuff.com? Or have you... Read More

Phishing - Identity Theft & Credit Card Fraud

What is Phishing? Phishing is a relatively newly coined term... Read More

3 Things You Must Know About Spyware

1)Spyware is on your system. Like it or not, statistically... Read More

SPYWARE - Whos Watching Who?

I am in the midst of Oscar Wilde's The Picture... Read More

Secure Your PC From Hackers, Viruses, and Trojans

Viruses, Trojans and Spyware: Protecting yourself.No user on the internet... Read More

SCAMS ? Be Aware ? And Report When Necessary

The Internet is a vast International Network of people and... Read More

How To Be Your Own Secret Service Agency

So you want to know who your kids are chatting... Read More

With the Rise of Internet Crimes, Users are Turning to High-Tech ?PI?s? for Solutions

High-tech private investigators are becoming the answer for many Internet... Read More

Virus Prevention 101

Blaster, Welchia, Sobig, W32, Backdoor, Trojan, Melissa, Klez, Worm, Loveletter,... Read More

8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft

Ebay is a great site and is used by many... Read More

3 Pervasive Phishing Scams

Scams involving email continue to plague consumers across America, indeed... Read More

Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is

A week or so ago, I received an inquiry from... Read More

The Importance of Protecting Your PC from Viruses and Spam

Today the internet is a mine field of malicious code... Read More

Consumers: Shop Online and Get Information Safely

Do you really have to know how feeds work? Not... Read More

Watch Out For That Scam

The IFCC (Internet Fraud Complaint Center) received over 200,000 complaint... Read More

How To Prevent Spyware Attacking Your Computer

Spyware is software or hardware installed on a computer without... Read More

Steganography ? The Art Of Deception & Concealment

The Message Must Get Through ----------------------------- The year is 300A.D.,... Read More

New CipherSend Online Security Service Thwarts Email Address Theft And Soothes Password Fatigue

In 1997, I decided after 15 years as a practicing... Read More

The Saga of the Annoying Adware

When we think of adware, what comes to mind are... Read More

Dont Allow Hackers to Take Out Money from Your Bank Account

If you know what is the 'Fishing' then it's very... Read More

How To Avoid Hackers From Destroying Your Site?

Recently, my site and other internet accounts ( http://www.nabaza.com/sites.htm )... Read More

What is Spyware?

The most frustrating part of having Spyware on your computer... Read More