Understanding the enemy

The wireless network’s inherent vulnerabilities aren't necessarily bad. The true problem lies with all the malicious hackers out there just waiting to exploit these vulnerabilities and make your job — and life — more difficult. 

In order to better protect your systems, it helps to understand what you’re up against — in effect, to think like a hacker. Although it may be impossible to achieve the same malicious mindset as the cyberpunks, you can at least see where they’re coming from technically and how they work.

For starters, hackers are likely to attack systems that require the least amount of effort to break into. A prime target is an organization that has just one or two wireless APs. Our findings show that these smaller wireless networks help stack the odds in the hackers’ favor, for several reasons:

• Smaller organizations are less likely to have a full-time network administrator keeping tabs on things.
• Small networks are also more likely to leave the default settings on their wireless devices unchanged, making them easier to crack into.
• Smaller networks are less likely to have any type of network monitoring, in-depth security controls such as WPA or WPA2, or a wireless intrusion detection system (WIDS). These are exactly the sorts of things that smart hackers take into consideration.

However, small networks aren’t the only vulnerable ones. There are various other weaknesses hackers can exploit in networks of all sizes, such as the following:

• The larger the wireless network, the easier it may be to crack Wired Equivalent Privacy (WEP) encryption keys. This is because larger networks likely receive more traffic, and an increased volume of packets to be captured thus leads to quicker WEP cracking times. 
• Most network administrators don’t have the time or interest in monitoring their networks for malicious behavior.
• Network snooping will be easier if there’s a good place such as a crowded parking lot or deck to park and work without attracting attention.
• Most organizations use the omni directional antennae that come standard on APs — without even thinking about how these spread RF signals around outside the building.
• Because wireless networks are often an extension of a wired network, where there’s an AP, there’s likely a wired network behind it. Given this, there are often just as many treasures as the wireless network, if not more.
• Many organizations attempt to secure their wireless networks with routine security measures — say, disabling service-set-identifier (SSID) broadcasts (which basically broadcasts the name of the wireless network to any wireless device in range) and enabling media-access control (MAC) address filtering (which can limit the wireless hosts that can attach to your network) — without knowing that these controls are easily circumvented.
• SSIDs are often set to obvious company or department names that can give the intruders an idea which systems to attack first.

Many hackers don’t necessarily want to steal your information or crash your systems. They often just want to prove to themselves and their buddies that they can break in. This likely creates a warm fuzzy feeling that makes them feel like they’re contributing to society somehow. On the other hand, sometimes they attack simply to get under the administrator’s skin. Sometimes they are seeking revenge. Hackers may want to use a system so they can attack other people’s networks under disguise. Or maybe they’re bored, and just want to see what information is flying through the airwaves, there for the taking.

The “high-end” uberhackers go where the money is — literally. These are the guys who break into online banks, e-commerce sites, and internal corporate databases for financial gain. What better way to break into these systems than through a vulnerable wireless network, making the real culprit harder to trace? One AP or vulnerable wireless client is all it takes to get the ball rolling.

There’s no such thing as absolute security on any network — wireless or not. 

It’s basically impossible to be completely proactive in securing your systems since you cannot defend against an attack that hasn’t already happened. Although you may not be able to prevent every type of attack, you can prepare, prepare, and prepare some more — to deal with attacks more effectively and minimize losses when they do occur.