Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Home
>
Internet Security
>
Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Road Warrior At Risk: The Dangers Of Ad-Hoc Wireless Networking

Airport Menace: The Wireless Peeping Tom
As a network security consultant, I travel quite frequently. At times, it seems like the airport is my second home. I actually like to fly, it's a moment in time where no one can reach me by e-mail, or mobile phone.

It never fails that something interesting happens to me at the airport. I've even met some famous people during my travels. A few months ago, I ran into Frank Bielec, from the TLC show, Trading Spaces. But one of my favorite things to do at the airport is browse the wireless Ethernet waves. I'm never really surprised at what I find. I'm just glad I know more about wireless Ethernet than the average road warrior.

The Dangers Of Ad-Hoc Wireless Networking
Most people who have wireless Ethernet at home, or the office, connect to the wireless network by attaching to a wireless Access Point, or AP. This method of wireless networking is called "Infrastructure Mode". If you have a secure wireless network configured in "Infrastructure Mode" you are using MAC address filtering, some level of encryption, and have made some additional changes to your AP in order to prevent just anyone from using it or capturing data. For more information on configuring your "Infrastructure Mode" wireless network take a look at the "Wireless Network Security" page at Defending The Net.

Links
http://www.defendingthenet.com/WirelessNetworkSecurity.htm

However, for those who are not using "Infrastructure Mode", and are configured to communicate from machine to machine, or "Ad-Hoc", there are a few things you should be aware of.

A wireless Ad-Hoc network allows you to communicate with other wireless Ethernet systems without using a wireless access point. It's kind of a peer to peer configuration and it works rather well. The problem is, most people just set it up, and forget about it. At home, it's not a huge problem, but when your on the road, it could cause you a great deal of grief. The airport is probably the best place to find Ad-Hoc networks. Business men and women, delayed once again, power up their laptops and get to work completing the days tasks, or planning tomorrows agendas.

I can't tell you how many systems I find in the airport configured this way. Not just in the terminal, but on the plane. About three months ago, just after we reached cruising altitude and were allowed to use our "approved electronic devices", I found that the gentleman two seats up from me had a laptop configured as Ad-Hoc. He walked by me about ten minutes later and commented on how much he liked my laptop. I thanked him, and asked if his laptop was on, and configured to use wireless Ethernet, he said yes.

To make a long story short, I showed him that I could see his laptops wireless Ethernet and informed him of the danger. He asked me if I could access his hard drive, and I told him that it might be possible. He asked me to see if I could, so I obliged. After configuring my laptop to use the same IP address class as his, and typing "net use * hiscomputersIPAddressc$ "" /USER:administrator", I received a notice that the connection was successful and drive Z: was now mapped to his computer. I performed a directory listing of his hard drive and the guy almost had a heart attack!

After this, he moved up to the seat next to mine and we spent the next hour or so configuring his laptop securely, starting with securing his computers local administrator account. At one point during the configuration, he made the statement that I got real lucky because his local admin account did not have a password. My response to him was, I get lucky quite often.

Who Else Has Your Client List
Just think of the possibilities. What do you have to lose if someone is able to just peruse the files and data on your laptop? Do you maintain your customer list on your laptop (Do you want this in the hands of a competitor)? How about your personal finances (Identity theft ring a bell)? So many people I talk to initially say, "I really don't have anything of great importance on this system". Then they think a little bit and start rattling of things they never really thought about before. All of a sudden, they get concerned.

The fact is, whether it be "Infrastructure Mode", or "Ad-Hoc" wireless Ethernet communications, if not properly configured and secured, can pose a significant risk. There are thousands of articles on the Internet about the dangers of improperly configured wireless networks, yet the number of unsecured networks seems to be getting greater, not less.

Strength And Posture Does Reduce Your Risks
Keep in mind that your objective should be to reduce the chances that you will become a target for computer compromise. When I was growing up in South Philadelphia, I remember my father telling me that when you walk down the street, especially in the evening, to walk tall, and project a position of strength and authority. Why, because thugs typically pick out those who look like an easy target. The same thing goes for computer security. Reduce the risks of becoming a target buy configuring your system with a strong security policy.

When I perform security assessments, I create a list of potential targets, and potential methods of compromise. I then prioritize that list by which system, with a particular vulnerability, may be easiest to compromise. Those at the bottom of the list typically never come on my radar screen; the best scenario it to keep of the radar altogether.

Conclusion
If your are using wireless Ethernet, no matter what configuration, follow a few rules and keep yourself secure against most common types of compromise.

1. Above all, make sure all your user accounts have strong passwords, especially those that have administrative control over your system;

2. Configure your wireless network to use some sort of encryption. I know there is a lot of concern about the "crackability" of WEP, but if this is all you have to work with, and then use it. It is still helpful;

3. If possible, use MAC addresses filtering to restrict unwanted systems from attaching to your wireless network;

4. Make sure the firmware for your AP's and wireless Ethernet cards are up to date. These updates can be found on your card or AP's support site.

Remember, if you are compromised over your wireless network it can be near impossible to track down where the attack came from. Worse yet, think about how many systems become compromised, and no one ever knows it?

About The Author
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Darren you can e-mail him at Darren.Miller@ParaLogic.Net or DefendTheNet@ParaLogic.Net.

In The News:

pen paper and inkwell

cat break through

Check Out That Privacy Policy

Before you enter your name, address or any other data... Read More

Spyware Attacks! Windows Safe Mode is No Longer Safe

Many of us have run into an annoying and time-consuming... Read More

Whats All This I Hear About Firewalls?

At this point, if you've got the whole "turning the... Read More

A Basic Introduction To Spyware

Spyware is the most troublesome software to appear on the... Read More

Network Security 101

As more people are logging onto the Internet everyday, Network... Read More

Email Scams ? Ten Simple Steps To Avoiding Them

According to the Anti-Phishing Working Group (APWG) email scams also... Read More

Spyware Protection Software

Spyware protection software is the easiest way of removing spyware... Read More

3 Steps to Ending Scams and Virus Problems

Watching how the traditional media covers the latest virus or... Read More

Types Of Computer Infections

Computer infections can be broken up into 4 main categories... Read More

Cybercriminals Trick: Targeted Trojan-Containing Emails

Threats we ordinary Web users face online leave us no... Read More

Firewall Protection - Does Your Firewall Do This?

The first thing people think about when defending their computers... Read More

How to Prevent Online Identity Theft

Identity theft rates one of the fastest growing crimes in... Read More

Viruses and Worms: The Problems and Their Solutions

History and BackgroundThe virus was one of the first ever... Read More

Protection for Your PC - Painless and Free!

Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More

Lets Talk About Antivirus Software!

Nowadays more and more people are using a computer. A... Read More

Hacking Threats and Protective Security

The 1998 Data Protection Act was not an extension to,... Read More

8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft

Ebay is a great site and is used by many... Read More

Its Time to Sing the Encryption Song - Again!

Yes, I'm wearing my encryption hat again. Why you may... Read More

Dont be a Dork ? Protect Yourself

There are folks out there who use their powers for... Read More

Arming Yourself Against Spyware

While clicking from site to site on the internet you... Read More

Internet Shopping - How Safe Is It?

Millions of people make purchases online, but many people are... Read More

Instant Messaging ? Expressway for Identity Theft, Trojan Horses, Viruses, and Worms

Never before with Instant Messaging (IM) has a more vital... Read More

Phishing ? Its Signs and Your Options

Phishing is the act of some individual sending an email... Read More

Protecting Your Identity On The Internet

Afraid that someone is monitoring your PC or installed a... Read More

Viruses and Worms, Protection from Disaster

Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More

Is Spyware Watching You?

Imagine my surprise when I received a phone call from... Read More

All About Computer Viruses

Your computer is as slow as molasses. Your mouse freezes... Read More

Mail Forwarding - Why Would You Do It?

First of all we need to get some terms stated.... Read More

How To Cover Your Tracks On The Internet

Every single time you access a website, you leave tracks.... Read More

5 Simple Steps to Protect your Digital Downloads

A couple of days ago, I was searching for a... Read More

Phishing - A High Tech Identity Theft With A Low Tech Solution

Have you ever got an email asking you to confirm... Read More

An Open Letter From a So-called Stupid

Someone recently told me, "You would have to be a... Read More

Internet Identity Theft - How You Can Shield Yourself

With the advent of the World Wide Web, a whole... Read More

dog break through

pen books and inkwell

Online Shopping: 10 Tips For Safe Online Shopping

Have you ever bought a product or service from the... Read More

How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer

If you use the internet, you have probably been infected... Read More

Three-pronged Trojan Attack Threatens Security on the Internet

Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names... Read More

Protection for Your PC - Painless and Free!

Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More

Phishing-Based Scams: A Couple of New Ones

Phishing in its "classic" variant is relatively well-known. Actually, 43.4... Read More

Cyber Crooks Go Phishing

"Phishing," the latest craze among online evil-doers, has nothing to... Read More

Lets Talk About Antivirus Software!

Nowadays more and more people are using a computer. A... Read More

Is the Internet Insecure Because of You?

Long gone are the days that we could feel secure... Read More

Is My PC Vulnerable on the Internet?

No longer are viruses the only threat on the internet.... Read More

Do You Know What your Kids Are Doing Online?

It's a sad statistic, but hundreds of unsuspecting kids are... Read More

Crack The Code - Thats A Direct Challenge

I Challenge You To Crack The Code ------------------------------------- I had... Read More

Firewalls: What They Are And Why You MUST Have One!

A firewall is a system or gateway that prevents unauthorized... Read More

Delete Cookies: New-Age Diet or Common Sense Internet Security?

No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More

Dont Get Hacked - A Guide to Protecting Your Business from Thieves

You've seen it in the news - 40 million credit... Read More

Phishing - A High Tech Identity Theft With A Low Tech Solution

Have you ever got an email asking you to confirm... Read More

DOS Attacks: Instigation and Mitigation

During the release of a new software product specialized to... Read More

Another Fine Mess!

I'm in the Anti-Spyware business, and I'm doing a lot... Read More

How to Manage Your Username and Password The Easy and Secure Way

Have been an Internet user for more than 9 years,... Read More

Website Security - Creating a Bulletproof Site in 5 Easy Steps

When it comes to a secure website and passwords it... Read More

The Attack of the Advertiser - Spy Mother Spy

The menacing campaigns that drive the corporate spyware and adware... Read More

Backup and Save your business!

There you are busily typing away on your PC or... Read More

Web Conferencing Readers - So What Do We Do with the PAYPAL SPAMMER

From: "Paypal Security" Subject: New Security Requirements Date: Tue, 26... Read More

Reporting Internet Scams

When it comes to reporting Internet scams most of us... Read More

Top Five Spyware Fighting Tips

Spyware and adware are becoming major problems for online surfers... Read More

How To Give Away Your Personal Information

Identity Theft and Your Personal Information Identity theft is... Read More

The One Critical Piece Of Free Software Thats Been Overlooked

Can You Prevent Spyware, Worms, Trojans, Viruses, ... To Work... Read More

Wells Fargo Report Phishing Scam

First off I should explain what phishing is. Phishing is... Read More

Internet Shopping - How Safe Is It?

Millions of people make purchases online, but many people are... Read More

Pharming - Another New Scam

Pharming is one of the latest online scams and rapidly... Read More

How to Protect Yourself Against Online Criminals

Credit card fraud is a growing problem for online businesses... Read More

8 Surefire Ways to Spot an E-Mail Identity Theft Scam!

The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More

Five Excellent Indie Encryption And Security Solutions You Have Not Heard About

Geek SuperheroGeek Superhero watches your computer for changes, immediately notifying... Read More

Ransom Trojan Uses Cryptography for Malicious Purpose

Every day millions of people go online to find information,... Read More

Access Info Hub | Privacy Policy | Contact |

FTC Required Website Disclosure: You should assume that the Owner of this Website has an affiliate relationship and/or another material connection to the providers of goods and services mentioned in this website and may be compensated when you purchase from a provider. You should always perform due diligence before buying goods or services online. The Owner does not accept payment or merchandise in exchange for the reviews themselves. They are written objectively and with honesty.

Amazon Affiliate Disclaimer: AccessInfoHub.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.