Hacks in the city
By Simon Edwards
Posted on 14 Mar 2002 at 10:53
Pringles hacking session in London finds unsecured wireless networks aplenty
On a sunny morning in central London a minibus packed with journalists and security experts set off for a tour of the financial heart of the city. The aim - to find out whether IT managers have bothered to implement even the basics of security on their wireless networks.
The 'hackers' were armed with only the most rudimentary tools - a Pentium II laptop (£400), some free software, a wireless network card (£69) and a directional antenna (made from an empty Pringles carton, worth less than £1.50.)
For more images of this event check the news index.
Within 25 minutes the laptop's screen had registered more than 50 wireless networks. Less than 30 per cent had WEP encryption enabled, and most were still using the manufacturer's default SSID code, potentially increasing the chances of discovery (see below). The Pringles carton picked out new networks from every block on the short trip, details of which were logged. One network that looked to be worth further examination was tantalisingly called, "IT Projects Room".
Security company I-SEC, who coordinated the war-driving episode, warned that unsecured networks were at risk from eavesdropping and abuse of e-mail servers as spam relays.
It has published a security checklist, reproduced in part below. We've covered this sort of thing before, but it has now been proved that not everyone is covering even the basic points on their internal LANs!
1. Disable the broadcast probe facility on the wireless access point - this makes them invisible to war-driving software.
2. Don't use default settings for passwords, SSIDs or encryption keys.
3. Don't use an SSID that describes your department.
4. Don't place an access point near external walls, or walls adjacent to other offices in a shared building.
5. Use 128-bit WEP - ultimately it's crackable but its use will put off all but the most determined hacker. Use IPSec where possible.
6. Turn off SNMP, Web and telnet configuration services.
7. Beware of laptops that come with wireless cards built-in.
8. Put a security policy in place that covers the installation of new technology.
9. Perform regular wireless checks. Visit www.netstumbler.com and download the software package available there.
10. Consider whether or not a wireless LAN is really necessary.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
- Coping with Facebook changes
advertisement
Printed from www.pcpro.co.uk