Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking > NetSparsh - Viral Content you Love & Share

Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom
----------------------------------------
As a network security consultant, I travel quite frequently. At times, it seems like the airport is my second home. I actually like to fly, it's a moment in time where no one can reach me by e-mail, or mobile phone.

It never fails that something interesting happens to me at the airport. I've even met some famous people during my travels. A few months ago, I ran into Frank Bielec, from the TLC show, Trading Spaces. But one of my favorite things to do at the airport is browse the wireless Ethernet waves. I'm never really surprised at what I find. I'm just glad I know more about wireless Ethernet than the average road warrior.

The Dangers Of Ad-Hoc Wireless Networking
-----------------------------------------
Most people who have wireless Ethernet at home, or the office, connect to the wireless network by attaching to a wireless Access Point, or AP. This method of wireless networking is called "Infrastructure Mode". If you have a secure wireless network configured in "Infrastructure Mode" you are using MAC address filtering, some level of encryption, and have made some additional changes to your AP in order to prevent just anyone from using it or capturing data. For more information on configuring your "Infrastructure Mode" wireless network take a look at the "Wireless Network Security" page at Defending The Net.

Links
-----
http://www.defendingthenet.com/WirelessNetworkSecurity.htm

However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of.

A wireless Ad-Hoc network allows you to communicate with other wireless Ethernet systems without using a wireless access point. It's kind of a peer to peer configuration and it works rather well. The problem is, most people just set it up, and forget about it. At home, it's not a huge problem, but when your on the road, it could cause you a great deal of grief. The airport is probably the best place to find Ad-Hoc networks. Business men and women, delayed once again, power up their laptops and get to work completing the days tasks, or planning tomorrows agendas.

I can't tell you how many systems I find in the airport configured this way. Not just in the terminal, but on the plane. About three months ago, just after we reached cruising altitude and were allowed to use our "approved electronic devices", I found that the gentleman two seats up from me had a laptop configured as Ad-Hoc. He walked by me about ten minutes later and commented on how much he liked my laptop. I thanked him, and asked if his laptop was on, and configured to use wireless Ethernet, he said yes.

To make a long story short, I showed him that I could see his laptops wireless Ethernet and informed him of the danger. He asked me if I could access his hard drive, and I told him that it might be possible. He asked me to see if I could, so I obliged. After configuring my laptop to use the same IP address class as his, and typing "net use * hiscomputersIPAddressc$ "" /USER:administrator", I received a notice that the connection was successful and drive Z: was now mapped to his computer. I performed a directory listing of his hard drive and the guy almost had a heart attack!

After this, he moved up to the seat next to mine and we spent the next hour or so configuring his laptop securely, starting with securing his computers local administrator account. At one point during the configuration, he made the statement that I got real lucky because his local admin account did not have a password. My response to him was, I get lucky quite often.

Who Else Has Your Client List
-----------------------------
Just think of the possibilities. What do you have to lose if someone is able to just peruse the files and data on your laptop? Do you maintain your customer list on your laptop (Do you want this in the hands of a competitor)? How about your personal finances (Identity theft ring a bell)? So many people I talk to initially say, "I really don't have anything of great importance on this system". Then they think a little bit and start rattling of things they never really thought about before. All of a sudden, they get concerned.

The fact is, whether it be "Infrastructure Mode", or "Ad-Hoc" wireless Ethernet communications, if not properly configured and secured, can pose a significant risk. There are thousands of articles on the Internet about the dangers of improperly configured wireless networks, yet the number of unsecured networks seems to be getting greater, not less.

Strength And Posture Does Reduce Your Risks
-------------------------------------------
Keep in mind that your objective should be to reduce the chances that you will become a target for computer compromise. When I was growing up in South Philadelphia, I remember my father telling me that when you walk down the street, especially in the evening, to walk tall, and project a position of strength and authority. Why, because thugs typically pick out those who look like an easy target. The same thing goes for computer security. Reduce the risks of becoming a target buy configuring your system with a strong security policy.

When I perform security assessments, I create a list of potential targets, and potential methods of compromise. I then prioritize that list by which system, with a particular vulnerability, may be easiest to compromise. Those at the bottom of the list typically never come on my radar screen; the best scenario it to keep of the radar altogether.

Conclusion
----------
If your are using wireless Ethernet, no matter what configuration, follow a few rules and keep yourself secure against most common types of compromise.

1. Above all, make sure all your user accounts have strong passwords, especially those that have administrative control over your system;

2. Configure your wireless network to use some sort of encryption. I know there is a lot of concern about the "crackability" of WEP, but if this is all you have to work with, and then use it. It is still helpful;

3. If possible, use MAC addresses filtering to restrict unwanted systems from attaching to your wireless network;

4. Make sure the firmware for your AP's and wireless Ethernet cards are up to date. These updates can be found on your card or AP's support site.

Remember, if you are compromised over your wireless network it can be near impossible to track down where the attack came from. Worse yet, think about how many systems become compromised, and no one ever knows it?

About The Author
----------------
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Darren you can e-mail him at [email protected] or [email protected].

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

WIRED

The TSA Is Testing New Scanners to Make Airport Security More ...
WIRED
US airports are starting trials of new CT scanners that will let TSA agents virtually unpack bags, keeping everyone safe and on the move.
TSA is testing new scanners that make security line faster - Business ...Business Insider

all 3 news articles »

Department of Defense

Marshall Center Hosts Security Policy Seminar for Romanian Parliamentarians
Department of Defense
Dorel Caprar, chairman of the Defense, Public Order and National Security Committee of the Chamber of Deputies of Romania, asks a question, Nov. 16, 2017, during a tailored seminar on security policy for 13 Romanian parliamentarians held Nov. 16-17 at ...

and more »

ABC News

TripAdvisor accused of censoring posts about security concerns
ABC News
Back now with new questions about the popular website TripAdvisor. And whether they censured posts warning them about potential dangers coming before cyber Monday when 27% more hotel rooms are booked than any other day of the year and ABC's gio ...

and more »

French parliament plans investigation into nuclear security
Reuters
Barbara Pompili, the head of the parliament's sustainable development committee and a member of centrist President Emmanuel Macron's LREM party, told reporters on Wednesday that an investigation into nuclear security would be launched before the end ...

and more »

Voice of America

Security Tight for Thanksgiving Parade in Terror-wary New York City
Voice of America
This year's security plan includes dozens of city sanitation trucks, which weigh about 16 tons empty and up to twice that with sand, that will be lined up as imposing barriers to traffic at every cross street along the parade route stretching from ...
Tight Security In Place For Macy's Thanksgiving Day Parade Balloon InflationCBS New York
Security Tight for Thanksgiving Parade in Terror-Wary NYCU.S. News & World Report
Security beefed up for Macy's Thanksgiving Day Parade, balloon inflationWABC-TV

all 330 news articles »

FRANCE 24

France calls UN Security Council meeting over Libya slave auctions
FRANCE 24
France on Wednesday called an emergency meeting of the UN Security Council over slave-trading in Libya as President Emmanuel Macron blasted the auctioning of Africans as a crime against humanity. "France decided this morning to ask for an urgent ...
France calls UN Security Council emergency meeting over Libya slave-tradingDeutsche Welle
France calls UN Security Council meeting over Libya slaveryGeo News, Pakistan

all 109 news articles »

Fox News

Uber slammed by security experts over data breach that exposed data on 57 million customers
Fox News
The names and driver's license numbers of around 600,000 drivers in the U.S. were also accessed. External forensics experts brought in by Uber have found no evidence that trip location history, credit card numbers, bank account numbers, Social Security ...
Uber hid a security breach affecting 57 million customers' dataTNW
Uber Security Breach Exposed Personal Data Of 57 Million Customers And DriversJalopnik
Uber suffered massive data breach, then paid hackers to keep quietNaked Security
Bloomberg -WIRED -CNBC
all 668 news articles »

Bloomberg

Victoria's Secret Meets China's Security
Bloomberg
Despite having previously hosted the likes of Justin Bieber and the Rolling Stones without much incident, Chinese authorities scrutinized television crews trying to film promos outside Shanghai's Mercedes-Benz Arena as though they were national ...

and more »

BBC News

Tbilisi gunfire as Georgia security forces mount siege
BBC News
Explosions and gunfire have broken out in the Georgian capital Tbilisi as counter-terrorism forces lay siege to a block of flats where suspected militants are holed up. The security service said several members of a "terrorist group" had refused to ...
Georgian policeman, three terrorism suspects killed in police operation - state securityeuronews

all 39 news articles »
Google News

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More

Watch Out For That Scam

The IFCC (Internet Fraud Complaint Center) received over 200,000 complaint... Read More

Computer-Virus Writers: A Few Bats In The Belfry?

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to... Read More

Reclaim Your PC from the Internet Spies

Viruses are, however, not the only malicious software programs out... Read More

How to Fight Spyware

If you are wondering how to fight spyware for safe... Read More

Information Security for E-businessmen: Just a Couple of Ideas

If you constantly deal with bank or electronic accounts, it... Read More

Phishing: An Interesting Twist On A Common Scam

After Two Security Assessments I Must Be Secure, Right? ---------------------------------------... Read More

Protecting Your Identity On The Internet

Afraid that someone is monitoring your PC or installed a... Read More

How To Give Away Your Personal Information

Identity Theft and Your Personal Information -------------------------------------------- Identity theft is... Read More

How Free Scripts Can Create Security Problems

With the Internet entering our lives in such an explosive... Read More

Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing

The Internet offers a global marketplace for consumers and businesses.... Read More

5 Tips For An Unbreakable Password

Despite the current wave of identity theft and corporate security... Read More

Identity Theft Offline -- So Many Possibilities

Chris Simpson, head of Scotland Yard's computer crime unit was... Read More

8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft

Ebay is a great site and is used by many... Read More

Protect Your Little Black Book

The movie Little Black Book features a young woman, Stacy,... Read More

The Bad Guys Are Phishing For Your Personal Information

Do you know what "phishing" is?No, it doesn't mean you... Read More

Protecting Your Children On The Internet

If you are a parent, as am I, I think... Read More

Protection for Your PC - Painless and Free!

Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More

3 Steps to Ending Scams and Virus Problems

Watching how the traditional media covers the latest virus or... Read More

The Top Twelve Threats No Computer User Should Ignore

The internet is undoubtedly a fantastic resource for families and... Read More

Burning Bridges is Bad, But Firewalls are Good

When you signed up for that ultra-fast DSL or Cable... Read More

Three-pronged Trojan Attack Threatens Security on the Internet

Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names... Read More

Free Spyware Removal - Its Not As Easy As It Sounds

Nobody wants to pay to remove spyware. At the very... Read More

Wireless Network Security

Working from home has its advantages, including no commute, a... Read More

Click Here To Defeat Evil

Microsoft routinely releases new security updates, many of which are... Read More