Wireless Security


This is not meant to be authoritative but is offered as a primer to anyone whom it may help.

"Wireless" in its most general sense includes any technologies which use the electromagnetic spectrum (light or radio waves)... cell phones carry security risks, as do wireless keyboards. Shockingly, even keypresses on wired keyboards can be detected from as far as 20 feet, although the last-named attack may only be at the proof-of-concept stage.

Any wireless network you would join has the possibility of already having been infiltrated by "bad guys". The fact that those in charge of the network may have "hidden" it (by not publishing its "SSID") is no real barrier to the bad guys, who can detect it by sampling the wireless data stream. Networks which still use the obsolete security algorithm WEP can only trivially repel bad guys, on account of the WEP cipher being able to be cracked within about 60 seconds. The stronger WPA (and more resource-intensive WP2) certifications are better able to repel bad guys through technical means, but even the enhanced versions (WPA2 using CCMP/AES, or with TKIP and <nop>QoS [Quality of Service] disabled) will not keep bad guys out when these people -- through social engineering or other means -- will have gotten into the network, for example after a purchase of coffee in a cyber cafe.

Vulnerabilities within the cyber cafe remain as follows:


- if your computer has any open ports
- if your computer's wireless adapter will promiscuously auto-connect to stronger signals, which may be under the control of bad guys
- if your computer may get misdirected, via compromised network machines or software or ISPs, to forged sites
- if you would transmit or receive any sensitive unencrypted information (userids, passwords, and content) which might be of interest to anyone else in the range of the cyber cafe network

Avoid being taken over:

The first thing that you want to do before entering into wireless territory is to bulletproof your computer as best you can. Assuming that no-one is meant to establish any incoming connection to your computer, you will want to assure that your computer's personal firewall is running ("up") and that your ports are all closed. internet tools (for example "Shields Up!" at grc.com) can test the device that is connected to the Internet, however since most computers sit behind a router, it would be the router that gets tested, and any such testing of a router must only be done by permission of those responsible for it.

Especially if you might browse sites that may be untrusted,

  • protect yourself from clicking on invisible buttons. Use Firefox with the NoScript extension, which provides such protection, even with Java scripting fully allowed
  • if you can tolerate to do so, run your browser with Javascript off by default (using for example NoScript?), enabling JavaScript? for trusted sites on a per-site basis

If you are running Windows XP as a user with Admin privileges, prevent these privileges getting extended to internet-facing (email, browser) processes by installing and setting up "Drop My Rights", and/or running within SandboxIE or other suitable sandboxing program.

Avoid being misdirected:

If you are running Windows XP, you will want to assure that Microsoft's Wireless Client Update KB917021 has been run, in order to limit the chance of a bad guy ascertaining the networks to which you have been previously connected, to use that information to dupe you to connect from your computer. This update may also reduce how often you experience a "dropped" wireless connection in busy, multi-network areas.

Keep your secrets:

Whenever you are guest on any network (since you cannot know who might be sampling the data stream), you should ensure that you can encrypt any and all sensitive data traveling to and from your computer. Web connections should be https (not http) for web mail and for any other online accounts that you may access via your browsers, not just for the log-in step, but for the reading and sending of any potentially sensitive information. Non-browser based connections (if they would not be https) should be via SSH or other suitable encrypted tunnel technology including VPN.

Additional security:

Keyloggers are a big problem since they can stealthily capture and later communicate any data that you would enter... userids, passwords, account numbers. This can be protected-against if your authentication requires a one-time password generation, as can be done with a Yubikey or Perfect Paper Passwords.
Topic revision: 13 Jan 2009, JamesBusser
 
Download.png
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback
Powered by Olark