Wireless Network Security

Wow, did I learn a lesson tonight, let me tell you about it. My wife and I were over at a friends house tonight for dinner. After dinner I powered up my laptop and copied over some files from my laptop to his desktop PC (WinXP SP2, wallpaper files, TrendMicro Internet Security 12 beta, Spybot and video files). While my system was up and I was waiting for him to install the files copied over I powered up my wireless network card (Intel 2200BG) just to see if I could pickup anyone. Although no wireless networks showed up right away, after a few minutes one did. I had a very poor signal from my friends office in the house, however, if I stepped outside on the back porch I had a great signal and could surf the web as well as check my e-mail, which I did! I got ready to go home and packed up the laptop in the bag. I bid my friends good night and jumped in my car. I went down the street a little and powered up my laptop, just curious if there were any other networks. Sure enough there was another network, this time a "g" network (the last one was a "b" network) that was also unprotected so I could jump on the network after receiving a valid IP address from the access point (or other device in the network). A quick IP scan showed me that there were two computers behind this access point. A quick port scan showed me what OS and services/applications running on these two computers. I was amazed at how quickly I was able to find this information out all because these access points were un-protected. I packed up my laptop and headed home in the next town. I live in the sticks outside of town, about 6 miles, so I've never been too concerned about my wireless access point, in fact I don't have any security on it either. As I was pulling into town I got to wondering how many access points were un-protected and how many I could find just driving down the street. I pulled over and powered up the laptop. Using a copy of NetStumbler I was able to drive down a few streets and record at least 35 wireless access points (this is called WarDriving), at least 3/4 were un-protected (no WEP or MAC filtering). All provided me a valid IP address and I'm sure would have allowed me to surf the 'net or do a IP/port scan. I was amazed by this for two reasons.

1. I couldn't believe how many people had wireless access points running, it was amazing. The majority were 2Wire units which, according to my knowledge, are used for SBC DSL service here in Michigan. They must come configured by default with WEP as they all reported having it setup, which is a good thing, while the other name brand ones (3Com, SMC, Linksys) didn't have any encryption!
2. I couldn't believe how many people's networks were wide open and were accessible!

After about an hour of driving around doing this I headed home. This certainly has helped me to realize just how easy and insecure these wireless networks can be as well as the range they have, even though the most of them being "b" networks with shorter range. Living in the "sticks" I pickup no other wireless networks, but maybe for those living in the city this is a common thing to find, so many wireless access points and open. Needless to say when I arrived home I re-configured my wireless router with more secure settings. While the wireless networking has it's place and is very convenient, it certainly can become VERY dangerous if your home network machines have little or no security! Based on all of this, I personally recommend three security settings for every wireless access point (WAP).

1. Disable the SSID broadcasting - although NetStumbler still finds them.
2. Enable WPA encryption if available, if not, 128-bit WEP encryption then. To use WPA your computers must have Windows XP with Service Pack 1 as well as the WPA patch that is available from Microsoft. (FYI: when setting up the encryption in XP's wireless settings, the "Data Encryption" setting should be "TKIP" if your using WPA)
3. Use MAC filtering on your wireless access point. Although this can be somewhat tricky to find the MAC or physical address of each network card, I think it provides some of the best security, although I know someone could "clone" a valid MAC address if they were to find it out.

So there you have it, my lesson learned about wireless network security. Perhaps this has been an eye opener for you as well or maybe you have a different feeling about wireless security, either way let me know!