Anyone interested in gaining a deeper knowledge of wireless security and exploiting vulnerabilities will need a good set of base tools with which to work. Fortunately, there are an abundance of free tools available on the Internet. This list is not meant to be comprehensive in nature but rather to provide some general guidance on recommended tools to build your toolkit.
Finding Wireless Network tools
Locating a wireless network is the first step in trying to exploit it. There are two tools that are commonly used in this regard:
Network Stumbler a.k.a NetStumbler – This Windows based tool easily finds wireless signals being broadcast within range – A must have. It also has ability to determine Signal/Noise info that can be used for site surveys. I actually know of one highly known public wireless hotspot provider that uses this utility for their site surveys.
Kismet – One of the key functional elements missing from NetStumbler is the ability to display Wireless Networks that are not broadcasting their SSID. As a potential wireless security expert, you should realize that Access Points are routinely broadcasting this info; it just isn’t being read/deciphered. Kismet will detect and display SSIDs that are not being broadcast which is very critical in finding wireless networks.
Attaching to the Found Wireless Network
Once you’ve found a wireless network, the next step is to try to connect to it. If the network isn’t using any type of authentication or encryption security, you can simply connect to the SSID. If the SSID isn’t being broadcast, you can create a profile with the name of the SSID that is not being broadcast. Of course you found the non-broadcast SSID with Kismet, right? If the wireless network is using authentication and/or encryption, you may need one of the following tools.
Airsnort – This is a very easy to use tool that can be used to sniff and crack WEP keys. While many people bash the use of WEP, it is certainly better than using nothing at all. Something you’ll find in using this tool is that it takes a lot of sniffed packets to crack the WEP key. There are additional tools and strategies that can be used to force the generation of traffic on the wireless network to shorten the amount of time needed to crack the key, but this feature is not included in Airsnort.
(Screenshot of Airsnort in Action)
CowPatty – This tool is used as a brute force tool for cracking WPA-PSK, considered the “New WEP” for home Wireless Security. This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key.
(Cowpatty Options Screenshot)
ASLeap – If a network is using LEAP, this tool can be used to gather the authentication data that is being passed across the network, and these sniffed credentials can be cracked. LEAP doesn’t protect the authentication like other “real” EAP types, which is the main reason why LEAP can be broken.
(Asleap Options Screenshot)
Sniffing Wireless Data
Whether you are directly connected to a wireless network or not, if there is wireless network in range, there is data flying through the air at any given moment. You will need a tool to be able to see this data.
Wireshark (formerly Ethereal) – While there has been much debate on the proper way to pronounce this utility, there is no question that it is an extremely valuable tool. Ethereal can scan wireless and Ethernet data and comes with some robust filtering capabilities. It can also be used to sniff-out 802.11 management beacons and probes and subsequently could be used as a tool to sniff-out non-broadcast SSIDs.
(Screenshot of Ethereal in Action)
(Yahoo IM Session being sniffed in Ethereal)
The aforementioned utilities, or similar ones, will be necessities in your own wireless security toolkit. The easiest way to become familiar with these tools is to simply use them in a controlled lab environment. And cost is no excuse as all of these tools are available freely on the Internet.
Protecting Against These Tools
Just as it’s important to know how to utilize the aforementioned tools, it is important to know best practices on how to secure your Wireless Network Against these tools.
NetStumbler – Do not broadcast your SSID. Ensure your WLAN is protected by using advanced Authentication and Encryption.
Kismet – There’s really nothing you can do to stop Kismet from finding your WLAN, so ensure your WLAN is protected by using advanced Authentication and Encryption
Airsnort – Use a 128-bit, not a 40-bit WEP encryption key. This would take longer to crack. If your equipment supports it, use WPA or WPA2 instead of WEP (may require firmware or software update).
Cowpatty – Use a long and complex WPA Pre-Shared Key. This type of key would have less of a chance of residing in a dictionary file that would be used to try and guess your key and/or would take longer. If in a corporate scenario, don’t use WPA with Pre-Shared Key, use a good EAP type to protect the authentication and limit the amount of incorrect guesses that would take place before the account is locked-out. If using certificate-like functionality, it could also validate the remote system trying to gain access to the WLAN and not allow a rogue system access.
ASLeap – Use long and complex credentials, or better yet, switch to EAP-FAST or a different EAP type.
Ethereal – Use encryption, so that anything sniffed would be difficult or nearly impossible to break. WPA2, which uses AES, is essentially unrealistic to break by a normal hacker. Even WEP will encrypt the data. When in a Public Wireless Hotspot (which generally do not offer encryption), use application layer encryption, like Simplite to encrypt your IM sessions, or use SSL. For corporate users, use IPSec VPN with split-tunneling disabled. This will force all traffic leaving the machine through an encrypted tunnel that would be encrypted with DES, 3DES or AES.
Definition: An SSID is the name of a wireless local area network (WLAN). All wireless devices on a WLAN must employ the same SSID in order to communicate with each other.
The SSID on wireless clients can be set either manually, by entering the SSID into the client network settings, or automatically, by leaving the SSID unspecified or blank. A network administrator often uses a public SSID, that is set on the access point and broadcast to all wireless devices in range. Some newer wireless access points disable the automatic SSID broadcast feature in an attempt to improve network security.
SSIDs are case sensitive text strings. The SSID is a sequence of alphanumeric characters (letters or numbers). SSIDs have a maximum length of 32 characters.
A SSID (service set identifier) identifies the wireless network and the SSID for your wireless WLAN card must match the SSID for any access point that you want to connect with. If the value does not match, you are not granted access to the network. Each SSID can be up to 32 characters long and is case-sensitive.
The SSID (Service Set IDentifier) is a token that identifies a 802.11 (Wi-Fi)network. The SSID is a key that the wireless network administrator sets. Users must know the SSID to connect to an 802.11 wireless network. However, network sniffing/scanning allows users to determine the SSID. By default, the SSID is part of the packet header for every packet sent over the WLAN.
SSID access points continuously broadcast radio signals that enabled client machines receive. Based on the automatic or manual configuration, the client can connect to the access point. An SSID is generally 32 bits long, but when displayed to the user, it is projected into a human readable ASCII format. Multiple access points can possibly share the same SSID if they are for the same wireless network. Many wireless access points support broadcasting multiple SSIDs, permitting the formation of Virtual Access Points. Such Virtual Access Points partition a single physical access point into many logical access points, each of which can have a special set of security and network settings.
Multiple Access Points with the Same SSID
Muliple access points can have the same SSID and in most cases this configuration is known as an extended service set (ESS) when the two access points are connected to the same wired network. Sharing the same SSID can be an issue if the two access points are in close proximity but are not owned or part of the same wired network. In this case end user devices may connect to the incorrect SSID.
How to Discover Non-Broadcasting SSIDs
If the SSID is not being broadcasted, finding the hidden SSID is possible but requires special software that is able to look at wireless data frames to extract the SSID. There are many commercial products that have this RFMON capability and several open source products such asKismet.
Securing your wireless network is important thing to do. Sure you don’t want other people who unconcerned be able to access your data on your devices ( such as computers, laptops, etc). And Surely you don’t want suddenly your internet access became slow because some people stealing your internet connection.To prevent it, check out some tips and tutorials below how to secure your wireless networks.
Here are some tutorials how to secure wireless network:
1. Secure your wireless router or access point administration interface
You must know that always a methods and tools to access wireless networks, even if you already secure your wireless network. If your wireless network is so important to your work and daily live, So you must always update your knowledge in securing your wireless network to protect it from being access from other people.
For you who usual to connect to a wired networks, you just only need to connect the ethernet cable to your lan card and then your pc will connect to the network (internet). but for those who not familiar to connect to wireless network, maybe it will be difficult for the first time and sometimes you forgot how to do it right. So, in this article I collect some of tutorial how to setting up a wireless network in windows 7, windows Vista, windows XP, Mac and linksys.
Here are the tutorials:
1. setting up a wireless network on windows 7.
for you who use windows 7, you may refer to this tutorial from official microsoft site at here…
2. setting up a wireless network on windows Vista.
for they who use windows vista, they may refer the tutorial at here …
3. setting up a home network XP.
for they who still use windows xp (like my self) please refer to this tutorial from the official microsoft site at here …
4. setting up a wireless network on Mac (video tutorial).
In computer networking, a wireless access point (WAP or AP) is a device that allows wireless communication devices to connect to a wireless access point network using Wi-Fi, Bluetooth or related standards. The WAP usually connects to a wired network, and can relay data between the wireless devices (such as computers or printers) and wired devices on the access point network.
Prior to wireless access point network, setting up a computer network in a business, home, or school often required running many cables through walls and ceilings in order to deliver network access to all of the network-enabled devices in the building. With the advent of the Wireless Access Point network, network users are now able to add devices that access the access point network with few or no new cables. Most WAPs use IEEE 802.11 standards.
Common WAP - wireless access point network Applications.
A typical corporate use involves attaching several WAPs to a wired network and then providing wireless access to the office LAN. A Hot Spot is a common public application of WAPs, where wireless clients can connect to the Internet without regard for the particular networks to which they have attached for the moment. A collection of connected Hot Spots can be referred to as a lily-pad access point network.
The majority of WAPs are used in Home wireless access point network. Home networks generally have only one WAP to connect all the computers in a home. Most are wireless routers, meaning converged devices that include a WAP, router, and often an ethernet switch in the same device. In places where most homes have their own WAP within range of the neighbors’ WAP, it’s possible for technically savvy people to turn off their encryption and set up a wireless community network, creating an intra-city communication access point network without the need of wired networks.
A WAP may also act as the network’s arbitrator, negotiating when each nearby client device can transmit. However, the vast majority of currently installed IEEE 802.11 networks do not implement this, using a distributed pseudo-random algorithm called CSMA/CD instead.
While wired networks are the still the champion on the subject of speed and efficiency, a wireless access point network is easy to get going and offers total mobility to any computer community. It is also necessary to know that a handheld access point may look much like a wireless router still both are equally necessary in establishing a quality home or office access point network. Various Linksys wireless products are equipped for supporting data speeds all the way to 300 Mbps, which is all about three times as fast for 802. The advanced Linksys wireless-N device allows you to connect wireless-N, wireless-G and wireless-B devices a powerful established network. This might also give your network raised protection and privacy like all wireless transmissions can be screened and monitored from the Wireless-N access point. Linksys wireless devices are easy to setup and install and enables you to enjoy the merits of your fast and dependable multilevel. .Among the difficulties for enterprises to look after their branch offices utilizing less technical IT encourages is extending the secure system on their branch offices. In present day businesses with multiple side offices, integrating the communication system amongst the head quarter and branch offices is usually a must to support business productivity. However, connecting the branch offices that are fitted with low security design can just make security holes and vulnerabilities for the central office and to enterprise network by and large. One of the vulnerabilities that give rise to security holes to branch offices may be the deployment of wireless access point network that is not properly designed with security in the mind. Providing the wireless access to the internet to company guests devoid of limiting the access point network discover can compromise system security. Providing no data encryption for wireless communication may be very dangerous for the system which will cause the un-authorized customers gain access easily with the system. Many network directors have difficulties in giving out the security protection from well secured wired circle to wireless networks. Moreover, security becomes the last aspect to consider when deployments of the wireless for some network administrators. It might be therefore, selecting the premium handheld access points in setting up wireless networks for branch offices could be very essential to mitigate the security compromise. The access points that could be integrated with your recent secure wired networks. Juniper AX411 Wireless LAN Access Point which is combined with the Juniper SRX series could be ideal solution for office offices and helps network administrators to manage and design both ” cable ” and wireless security.
Wireless Access Point Network – Quick Way to Create Wireless Network.
Wireless access point is a wireless device that you can use to quickly create a wireless network. It’s commonly used to expand existing wired home network.
The setup is pretty simple, connect the access point’s LAN port to network router’s LAN port. After that configure the IP address, netmask and gateway on access point, so that it can be connected to existing wired home network. Please note you need to set the IP as part of existing network with same netmask, and the gateway IP is network router’s LAN IP. You can do this configuration manually or automatically (the network info would be assigned by DHCP enabled network router automatically).
Finally configure the wireless network setting on the access point by configuring SSID, channel, wireless standard, encryption, operation mode and other wireless access point network settings. Now you can configure the laptop’s wireless adapter to join the wireless network.