Printed from www.pcpro.co.uk
Hacks in the city
Posted on 14 Mar 2002 at 10:53
Pringles hacking session in London finds unsecured wireless networks aplenty
On a sunny morning in central London a minibus packed with journalists and security experts set off for a tour of the financial heart of the city. The aim - to find out whether IT managers have bothered to implement even the basics of security on their wireless networks.
The 'hackers' were armed with only the most rudimentary tools - a Pentium II laptop (£400), some free software, a wireless network card (£69) and a directional antenna (made from an empty Pringles carton, worth less than £1.50.)
For more images of this event check the news index.
Within 25 minutes the laptop's screen had registered more than 50 wireless networks. Less than 30 per cent had WEP encryption enabled, and most were still using the manufacturer's default SSID code, potentially increasing the chances of discovery (see below). The Pringles carton picked out new networks from every block on the short trip, details of which were logged. One network that looked to be worth further examination was tantalisingly called, "IT Projects Room".
Security company I-SEC, who coordinated the war-driving episode, warned that unsecured networks were at risk from eavesdropping and abuse of e-mail servers as spam relays.
It has published a security checklist, reproduced in part below. We've covered this sort of thing before, but it has now been proved that not everyone is covering even the basic points on their internal LANs!
1. Disable the broadcast probe facility on the wireless access point - this makes them invisible to war-driving software.
2. Don't use default settings for passwords, SSIDs or encryption keys.
3. Don't use an SSID that describes your department.
4. Don't place an access point near external walls, or walls adjacent to other offices in a shared building.
5. Use 128-bit WEP - ultimately it's crackable but its use will put off all but the most determined hacker. Use IPSec where possible.
6. Turn off SNMP, Web and telnet configuration services.
7. Beware of laptops that come with wireless cards built-in.
8. Put a security policy in place that covers the installation of new technology.
9. Perform regular wireless checks. Visit www.netstumbler.com and download the software package available there.
10. Consider whether or not a wireless LAN is really necessary.
Author: Simon Edwards
advertisement
- Motorola pays Lucas for its Droid
- Where are the killer apps for Windows?
- Will you hit the Orange iPhone "unlimited" cap?
- USB 3 first benchmark - it's here, and it's fast
- Why Windows 7 has forced me to worry about security
- How Dixons is (under)selling Windows 7
- Do I like Windows 7 because it's so like a Mac?
- No Windows 7 drivers turn Dell M1330 into a doorstop
- Is Windows 7 good looking enough to sway an Apple fan?
- Typekit brings print-like typography to the web
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
- Building a better Google
- Beware HP's horrendous printer-driver glitch
- Microsoft debuts free Morro antivirus package
- Getting started with Search Server 2008 Express
advertisement
