Types of Wireless Network Attacks: Interception
Although wireless networking offers many possibilities in the way of establishing new businesses, cost-savings and compatibility, the technology itself presents a significant problem in the area of security. Any type of wireless communications that is not secured with encryption can be intercepted with a combination of trivial tools such as an inexpensive laptop computer, a wireless network card and free packet sniffing software. The practice of war driving has become increasingly popular as more potential hackers have resorted to driving around in search of insecure wireless access points.
Any wireless network using a username and password to allow entrance into a local network is susceptible to interception and traffic monitoring attacks. Many of the sniffing tools used to accomplish this task function by capturing the initial part of the connection, the area that usually includes a username and password. Equipped with these credentials, the intruder can then masquerade as a legitimate user and access the network.
The Hackers Are Close in Proximity
Successful wireless sniffing calls for the intruder to be in close proximity of the targeted wireless traffic. This is typically about 300 feet, although newer wireless equipment is capable of delivering signals much further. At first glance, this feature appears to be advantageous to the user, allowing them to access their network and surf the web further away from the base station. Unfortunately, it also creates a tremendous security risk as intruders can also conduct their attacks from a greater distance. If the intruder is able to sniff out wireless traffic, it is also possible that they can insert false traffic into the connection. From there they can hijack the session by issuing commands on the user's behalf.
Interception Strategies Used to Attack Your Wireless Network
Arpspoof is another popular cracking tool used to exploit wireless networks. It can be easily configured to trick a network into forwarding sensitive information from the backbone directly through the intruder's wireless client. This not only provides them with a way to intercept data, but a way to hijack TCP (Transmission Control Protocol) sessions as well.
A similar method involves tricking a legitimate client into making a connection to a compromised base station set up by the attacker. This is effective because a legitimate user could easily log onto the unauthorized server, sign into fraudulent login screens and unknowingly give away critical data to outsiders. In this scenario, a hacker typically uses a wireless LAN (local area network) program to monitor and intercept information. This type of software gives them the ability to capture both plaintext and encrypted text of a shared key used to authenticate users. After determining the correct response, the intruder can then create a new algorithm using a different exploit to make a network connection as the legitimate user.
The best wireless security protection against interception exploits is strong encryption. WEP (Wired Equivalent Protocol), the original wireless encryption protocol, is no longer considered reliable due to major flaws in it's design. In fact, WEP encryption can be cracked in under one minute's time. WPA (Wi-Fi Protected Access) is the new protocol and highly recommended by security experts. While neither solutions are foolproof, some protection is better than none and WPA offers the better protection out of the two.
Post a comment