Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking > NetSparsh - Viral Content you Love & Share

Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom
----------------------------------------
As a network security consultant, I travel quite frequently. At times, it seems like the airport is my second home. I actually like to fly, it's a moment in time where no one can reach me by e-mail, or mobile phone.

It never fails that something interesting happens to me at the airport. I've even met some famous people during my travels. A few months ago, I ran into Frank Bielec, from the TLC show, Trading Spaces. But one of my favorite things to do at the airport is browse the wireless Ethernet waves. I'm never really surprised at what I find. I'm just glad I know more about wireless Ethernet than the average road warrior.

The Dangers Of Ad-Hoc Wireless Networking
-----------------------------------------
Most people who have wireless Ethernet at home, or the office, connect to the wireless network by attaching to a wireless Access Point, or AP. This method of wireless networking is called "Infrastructure Mode". If you have a secure wireless network configured in "Infrastructure Mode" you are using MAC address filtering, some level of encryption, and have made some additional changes to your AP in order to prevent just anyone from using it or capturing data. For more information on configuring your "Infrastructure Mode" wireless network take a look at the "Wireless Network Security" page at Defending The Net.

Links
-----
http://www.defendingthenet.com/WirelessNetworkSecurity.htm

However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of.

A wireless Ad-Hoc network allows you to communicate with other wireless Ethernet systems without using a wireless access point. It's kind of a peer to peer configuration and it works rather well. The problem is, most people just set it up, and forget about it. At home, it's not a huge problem, but when your on the road, it could cause you a great deal of grief. The airport is probably the best place to find Ad-Hoc networks. Business men and women, delayed once again, power up their laptops and get to work completing the days tasks, or planning tomorrows agendas.

I can't tell you how many systems I find in the airport configured this way. Not just in the terminal, but on the plane. About three months ago, just after we reached cruising altitude and were allowed to use our "approved electronic devices", I found that the gentleman two seats up from me had a laptop configured as Ad-Hoc. He walked by me about ten minutes later and commented on how much he liked my laptop. I thanked him, and asked if his laptop was on, and configured to use wireless Ethernet, he said yes.

To make a long story short, I showed him that I could see his laptops wireless Ethernet and informed him of the danger. He asked me if I could access his hard drive, and I told him that it might be possible. He asked me to see if I could, so I obliged. After configuring my laptop to use the same IP address class as his, and typing "net use * hiscomputersIPAddressc$ "" /USER:administrator", I received a notice that the connection was successful and drive Z: was now mapped to his computer. I performed a directory listing of his hard drive and the guy almost had a heart attack!

After this, he moved up to the seat next to mine and we spent the next hour or so configuring his laptop securely, starting with securing his computers local administrator account. At one point during the configuration, he made the statement that I got real lucky because his local admin account did not have a password. My response to him was, I get lucky quite often.

Who Else Has Your Client List
-----------------------------
Just think of the possibilities. What do you have to lose if someone is able to just peruse the files and data on your laptop? Do you maintain your customer list on your laptop (Do you want this in the hands of a competitor)? How about your personal finances (Identity theft ring a bell)? So many people I talk to initially say, "I really don't have anything of great importance on this system". Then they think a little bit and start rattling of things they never really thought about before. All of a sudden, they get concerned.

The fact is, whether it be "Infrastructure Mode", or "Ad-Hoc" wireless Ethernet communications, if not properly configured and secured, can pose a significant risk. There are thousands of articles on the Internet about the dangers of improperly configured wireless networks, yet the number of unsecured networks seems to be getting greater, not less.

Strength And Posture Does Reduce Your Risks
-------------------------------------------
Keep in mind that your objective should be to reduce the chances that you will become a target for computer compromise. When I was growing up in South Philadelphia, I remember my father telling me that when you walk down the street, especially in the evening, to walk tall, and project a position of strength and authority. Why, because thugs typically pick out those who look like an easy target. The same thing goes for computer security. Reduce the risks of becoming a target buy configuring your system with a strong security policy.

When I perform security assessments, I create a list of potential targets, and potential methods of compromise. I then prioritize that list by which system, with a particular vulnerability, may be easiest to compromise. Those at the bottom of the list typically never come on my radar screen; the best scenario it to keep of the radar altogether.

Conclusion
----------
If your are using wireless Ethernet, no matter what configuration, follow a few rules and keep yourself secure against most common types of compromise.

1. Above all, make sure all your user accounts have strong passwords, especially those that have administrative control over your system;

2. Configure your wireless network to use some sort of encryption. I know there is a lot of concern about the "crackability" of WEP, but if this is all you have to work with, and then use it. It is still helpful;

3. If possible, use MAC addresses filtering to restrict unwanted systems from attaching to your wireless network;

4. Make sure the firmware for your AP's and wireless Ethernet cards are up to date. These updates can be found on your card or AP's support site.

Remember, if you are compromised over your wireless network it can be near impossible to track down where the attack came from. Worse yet, think about how many systems become compromised, and no one ever knows it?

About The Author
----------------
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Darren you can e-mail him at Darren.Miller@ParaLogic.Net or DefendTheNet@ParaLogic.Net.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

NPR

Week Of Trump Reversals Puts 2018 Election Security In The Spotlight
NPR
With less than four months to go, how much are this year's midterm elections at risk for the kind of interference sowed by Russia in 2016? It's a question that's coming up again because of President Trump's seemingly shifting positions this week about ...
DHS chief won't denounce white supremacist charged with Charlottesville killingNew York Post
Assessing Russian Activities and Intentions in Recent US Elections - Office of the Director of National IntelligenceOffice of the Director of National Intelligence

all 166 news articles »

Why Security Startups Fly – And Why They Crash
Dark Reading
Businesses want security against common and complex cyberthreats – and venture capitalists have their eyes on startups promising it. The latest fundings have permeated security news: Most recently, BitSight raised $60 million in Series D, Social ...


TechCrunch

UK government panel issues inconclusive Huawei security report
TechCrunch
Huawei's had a rough go of it here in the States, after concerns around ties to the Chinese government have left the company scrambling to gain a commercial toehold. Over the past several years, top U.K. security officials have also put the company ...
UK security officials warn of 'new risks' from HuaweiCNNMoney
Huawei hardware may be a UK security riskTechRadar
UK oversight board discloses potential Huawei security issuesEngadget
BBC News -Telegraph.co.uk -Gov.uk -BBC News
all 90 news articles »

Chicago Tribune

Macron's security aide, filmed beating activist, detained
Chicago Tribune
Paris investigators on Friday detained for questioning one of President Emmanuel Macron's top security aides who was caught on camera beating a protester in May, a turn of events that is evolving into the biggest political crisis to hit the president ...
Macron to fire security aide who was filmed beating activistNew York Daily News
Macron accused of cover-up over violent security officialThe Guardian

all 206 news articles »

WIVB-TV News 4

Security video shows waitress fighting back after apparent groping
WIVB-TV News 4
Seen on a security camera, a woman appears to have fought back after a man apparently groped her at a restaurant in Georgia. The video, courtesy of CBS contributing station WTOC, shows the incident. According to WTOC, the video shows 21-year-old ...
Security camera catches Savannah waitress fending off apparent groperKPTV.com

all 136 news articles »

The Verge

Wyze's $20 connected security camera now supports Amazon Alexa
The Verge
The $20 Wyze Cam security camera may not be the best option out there for a connected home security device, but it's certainly the cheapest. And now it's getting even more useful with an update that adds support for Amazon's Alexa voice assistant, via ...


Deadline

Whoopi Goldberg: Jeanine Pirro Cursed 'The View' Bookers And Security Guards
Deadline
Instead, Goldberg said, Pirro “did leave here cursing at the people who book the show, cursed at the guys who do the security for the show.” “For 20 years the show has always had people on with different views, like Newt Gingrich, Corey Lewandowski…

and more »

Newsweek

White Owner of Detroit Clothing Store Spits in Black Security Guard's Face
Newsweek
The co-founder of a store in Detroit has issued an apology for spitting in a black security guard's face during an event. Ibrahim Mission told The Detroit Free Press that he was working security for a meeting of community and social justice leaders on ...
'Made in Detroit' brand co-founder recorded spitting in face of security guard over parking dispute apologizes for ...New York Daily News
White Detroit Business Owner Spits on Black Man Working Security at Event Over Parking DisputeThe Root
White Detroit Mercantile owner under fire for spitting on young black man over parking disputeDetroit Metro Times

all 10 news articles »

Arlo IPO: 5 things to know about the Netgear security-camera spinoff
MarketWatch
Arlo makes home-security cameras that can be accessed remotely, and it also sells additional security services. Hardware companies with IPO dreams can look to Roku Inc. ROKU, +1.14% for recent inspiration. Roku is best known for its sales of devices ...


Russian space agency confirms security agency search
ABC News
Russia's space agency is confirming that federal security agents have searched two of its daughter operations, following a report that their workers were suspected of treason for cooperating with the West. The respected business newspaper Kommersant ...

and more »
Google News

Personal Firewalls - Secure Your Computer

There has not been a time in the history of... Read More

Click Here To Defeat Evil

Microsoft routinely releases new security updates, many of which are... Read More

What Every Internet Marketer Should Know About Spyware

If you run any type of Internet business, Adware and... Read More

Is Your Email Private? Part 1 of 3

In a word, no - an email message has always... Read More

Beware of Imitations! Security, Internet Scams, and the African Real Estate Agenda

Fishing on the Internet has come a long way. However,... Read More

Phishing: An Interesting Twist On A Common Scam

After Two Security Assessments I Must Be Secure, Right? ---------------------------------------... Read More

Traditional Antivirus Programs Useless Against New Unidentified Viruses!

Every now and then you can read about a new... Read More

A New Era of Computer Security

Computer security for most can be described in 2 words,... Read More

Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is

A week or so ago, I received an inquiry from... Read More

Virus Prevention 101

Blaster, Welchia, Sobig, W32, Backdoor, Trojan, Melissa, Klez, Worm, Loveletter,... Read More

Protection for Your PC - Painless and Free!

Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More

Parental Control - Dangers To Your Child Online & Internet Child Safety Tips

Did you know...? 1 in 5 children who use computer... Read More

Identity Theft ? Beware of Phishing Attacks!

"Dear Bank of the West customer", the message begins. I've... Read More

Phishing

Recently I have received email from my bank/credit Card Company,... Read More

Top Spyware Removers Considerations

Only the top spyware removers are successful at detecting and... Read More

Pharming - Another New Scam

Pharming is one of the latest online scams and rapidly... Read More

Five Excellent Indie Encryption And Security Solutions You Have Not Heard About

1. Geek Superhero http://www.deprice.com/geeksuperhero.htmGeek Superhero watches your computer for changes,... Read More

A Painless Plagiarism Solution

A crowded marketplace can lead to unethical webmasters using underhand... Read More

Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk

The trash folder in my main inbox hit 4000 today.... Read More

8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft

Ebay is a great site and is used by many... Read More

How to Fight Spyware

If you are wondering how to fight spyware for safe... Read More

What is Hacking? Are You a Hacker?

WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only... Read More

Protecting Your Home Both Inside and Out

If you are a parent, you have probably wondered at... Read More

Spyware Attacks! Windows Safe Mode is No Longer Safe

Many of us have run into an annoying and time-consuming... Read More

Phishing: A Scary Way of Life

The Federal Bureau of Investigation has identified "phishing" as the... Read More