Printed from www.pcpro.co.uk
Hacks in the city
Posted on 14 Mar 2002 at 10:53
Pringles hacking session in London finds unsecured wireless networks aplenty
On a sunny morning in central London a minibus packed with journalists and security experts set off for a tour of the financial heart of the city. The aim - to find out whether IT managers have bothered to implement even the basics of security on their wireless networks.
The 'hackers' were armed with only the most rudimentary tools - a Pentium II laptop (£400), some free software, a wireless network card (£69) and a directional antenna (made from an empty Pringles carton, worth less than £1.50.)
For more images of this event check the news index.
Within 25 minutes the laptop's screen had registered more than 50 wireless networks. Less than 30 per cent had WEP encryption enabled, and most were still using the manufacturer's default SSID code, potentially increasing the chances of discovery (see below). The Pringles carton picked out new networks from every block on the short trip, details of which were logged. One network that looked to be worth further examination was tantalisingly called, "IT Projects Room".
Security company I-SEC, who coordinated the war-driving episode, warned that unsecured networks were at risk from eavesdropping and abuse of e-mail servers as spam relays.
It has published a security checklist, reproduced in part below. We've covered this sort of thing before, but it has now been proved that not everyone is covering even the basic points on their internal LANs!
1. Disable the broadcast probe facility on the wireless access point - this makes them invisible to war-driving software.
2. Don't use default settings for passwords, SSIDs or encryption keys.
3. Don't use an SSID that describes your department.
4. Don't place an access point near external walls, or walls adjacent to other offices in a shared building.
5. Use 128-bit WEP - ultimately it's crackable but its use will put off all but the most determined hacker. Use IPSec where possible.
6. Turn off SNMP, Web and telnet configuration services.
7. Beware of laptops that come with wireless cards built-in.
8. Put a security policy in place that covers the installation of new technology.
9. Perform regular wireless checks. Visit www.netstumbler.com and download the software package available there.
10. Consider whether or not a wireless LAN is really necessary.
Author: Simon Edwards
advertisement
- Need a bit of extra Christmas cash? Grass up your boss, says BSA
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
