Published: 01 Jan 2002
Betcha didn't know that wireless networks in Seattle are more secure than those in Los Angeles. Why? Simple. When rainwater collects on a window, it essentially decreases the strength of a wireless signal. The glass becomes more like a mirror, deflecting packets and reducing the range and persistence of any wireless connection-including rogue ones.
How do I know this? Last month the folks at MSSP Guardent invited me on a war driving tour of Boston and Cambridge, and with this month's cover story in mind, I happily accepted. I've read a lot about how easy it is to intercept wireless transmissions and LAN-jack access points, but I wanted to see it for myself.
So I took a little drive with James Foster, a Guardent senior consultant who used to do security work for the Pentagon, the NSA and the U.S. Navy. He brought along a laptop loaded with a wireless Ethernet card and NetStumbler, a shareware sniffer for wireless networks. Once NetStumbler detects an 802.11 connection, it logs the MAC address of the access point along with the network name, SSID, manufacturer and various data about the signal. The software also logs whether WEP is enabled, though it doesn't attempt to crack WEP-encoded packets. Unlike some war driving expeditions, Foster didn't bring an external gain antenna or a parabolic dish to pick up transmissions. As I later found out, he didn't need to.
It was raining cats and dogs as we cruised down the 128 corridor, and we didn't pick up much initially. Zipping past companies like BMC Software, Symantec, Sprint PCS and Terra Lycos, I fully expected NetStumbler to go bananas -- but, alas, the rain did us in.
Finally, as we headed east on the Mass Turnpike toward Cambridge, Mother Nature began to cooperate. As the skies cleared, NetStumbler started snagging dozens of WLAN connections, one after the other. Some of the captured traffic came from personal or home networks, but the bulk of it connected directly to the "soft gooey insides" of Greater Boston businesses. I promised Foster I wouldn't name names, but suffice it to say we're talking about some of the largest and most visible companies and universities in the world. Get a map and use your imagination.
So far, this sounds like your typical war driving adventure. Still, I learned a few things along the way:
Numbers speak louder than words. In a half-hour of driving and walking around Boston, NetStumbler grabbed 163 connections. With an antenna, we would have picked up dozens more. Only 18 of the 163 were WEP-enabled. You typically hear that 30 or 40 percent of wireless connections use WEP. Don't believe it.
WEP-whacked. Not that WEP affords you much protection in the first place. As most techies know by now, the protocol's key generation and management scheme is flawed, making WEP-encrypted traffic easy prey for cracker software like AirSnort. Companies like RSA Security have developed "WEP patches" that address this flaw, but that's only a temporary workaround. Until the IEEE finalizes a more robust WEP protocol, the number of "secure" access points we ran across was more like, well, zero.
Profiling. A couple of weeks after my war driving adventure, I met with John Grossman, head of the High Tech and Computer Crime Division at the Massachusetts Attorney General's Office. Grossman admitted that war driving is a tough nut for law enforcement to crack, especially with all the kiddie porn and Internet harassment cases his office is handling. Still, he said it's easier to track down war drivers than "basement crackers" using wired connections, for the simple reason that they're out in the open. In fact, Grossman is asking state and local police in Massachusetts to start profiling war drivers. "I tell them, 'If you see some guy walking around with a laptop and a dish antenna, call me,'" he says. "We'll get a warrant and trail them."
The upshot. In the final analysis, wireless security is improving, but at a snail's pace -- certainly much slower than wireless technology and WLAN deployment. So what do you do about rampant wireless insecurities? For starters, read this month's cover story, which outlines several steps for fortifying your company's wireless devices and access points.
Or, you could always move to Seattle.