Categories
Attacks Tech

The Basics of Wireless Security

Wireless connectivity is probably best described to give convenience to its users. Having a wireless access point on your home gives you the comfort to position yourself almost anywhere provided your devices are within the range of each other—on your living room, on your bedroom, and even on the kitchen. There are still many concerns about having this type of connection, however, and most of them is about security.

Since laptops, smartphones and PDAs, provide for the needs of busy mobile consumers,[1] and most of them gadgets are now being equipped with Wi-Fi, it has no doubt become the next big target of crackers—much like what happened to Microsoft Windows being targeted on exploits and vulnerabilities, and to bluetooth-enabled mobile phones being targeted with worms and malware when they became popular.

Common things done by crackers to wireless-enabled devices and networks include piggybacking, wardriving, man-in-the-middle attacks, and spying, among others. Explanations are as follows:

  • Piggybacking refers to the act of obtaining access to resources on a wireless device, which include Internet access. Open networks on public places and services, such as hotels and cafés, usually permit this,[2] but some networks even on the said places[3] as well as on homes generally do not.
  • Wardriving is the act of looking for wireless networks usually with the aid of a vehicle,[4] and a powerful antenna on a wireless-capable device, much like what people with radio scanners do to receive police and military transmissions. After connection with the device has been established, the wardriver could possibly do anything to the network or its users. Some has been ethical, however, and act as a tiger team telling the administrator or owner that the network could easily be breached.
  • Man-in-the-middle attacks are somehow sophisticated that includes a cracker acting as the network access point the victims are trying to connect to. He then connects to the real AP himself transmitting and receiving data both ways to seem invisible. But, in fact, he now controls and sees every bit of information the victims are sending and receiving that seem to them to be secure.
  • Spying has been the most critical and publicized problem existing today—even surpassing the popularity of virus and worm attacks today, IMO. Anti-spyware tools just popped up one after the other from nowhere, haven’t they? And we thought it would have ended with just Web browsing with credit card information, but it obviously haven’t.

Wired LANs probably seem more secure since the only ones receiving data are the ones connected by wire—of which the owners control—while WLANs have access points and terminals that emit signals that could be received by anyone near the devices. However, this concept is somehow wrong. Wired networks with terminals having an active insecure Wi-Fi device could be entered by these crackers to gain access onto the network as well—much like providing the cracker a jack to plug into.

Having set up a wireless network at home myself, and after trying to configure each and every option presented to me by my router’s Web interface, I’ve searched through forums, blogs and info sites to find ways of maintaining my network security. Here are some basic instructions:

  • Wi-Fi Protected Access (WPA or WPA2) is the secure authentication and encryption method for wireless networks and should always be enabled. Most consumer wireless devices are capable of using at least WPA and WEP (an earlier security method that has known limitations). But, try to utilize WPA2 first, if it is available. It is an implementation of the IEEE 802.11i standard, and WPA is just its subset.
  • MAC address filtering is a feature from routers and access points that permits or blocks certain devices based on the hardware-embedded MAC addresses on their network adapters. Some NICs allow changing the MAC address to match an accepted one, also known as spoofing, so this should not be the only security measure utilized.
  • Change the router’s default settings such as Web interface password, SSID, and IP address. These settings are known by crackers and would immediately tell them if the user has an insecure network. These changes would at least make it harder for the cracker to find the network configuration and administration interface.
  • Most routers come with a hardware firewall that blocks potentially malicious and corrupted signals. This should never be turned off.
  • DMZ forwards all ports to a terminal so that all connections may pass. This is usually used for applications where the user does not know which ports are being used. The Port Forwarding feature, which is as common as DMZ, is more secure since it only forwards the applications’ required ports. Ask support from the application developers to know which ports should be forwarded, and avoid using DMZ.

There are many more types of security concerns and prevention, but these are the most common ones. Please note that until Windows Vista, Microsoft OSs have not supported an implementation of WPA2. But, a WPA2 update for genuine users of Windows XP SP2 is available for free download. After installing the update, an option to turn off broadcasting of the preferred wireless network list will be available and this would add to security.

I wasn’t able to test Linux wireless security as I have Ubuntu only on my desktop, which is on a wired connection. You may (and please) reply if you have information about wireless security in these and other operating systems. Thank you.

One very important rule to security in any digital environment is strong passwords. Choose them wisely; they should not be any dictionary word or phrase, at least one character must not be a lowercase letter, and you should not use one password on every digital account you use.

Footnotes:

  1. ^ Who are now practically everywhere—students, business people, posers, and everyone else who just have the money.
  2. ^ And are probably not considered as such act.
  3. ^ Where access is restricted to clients and customers only.
  4. ^ The term is usually used on the act using motor vehicles, while warbiking and warwalking are used to refer to wardriving on motorcycles or bicycles, and wardriving on foot, respectively.
Categories
Attacks WWW

Phishing Warning

I’ve just received two attempted attacks of phishing from two of my bloggermates in my Yahoo! Messenger contact list. I guess their accounts are being hacked the time I’ve received those messages, so I want to warn those of you who want to protect your accounts.

For those who do not know, phishing literally means fishing [for passwords], as the letter f is usually replaced by ph in 13375p34k. Another definition could be password harvesting or fishing

There are many methods of phishing attacks, usually through email that, most probably, directly goes to your spam directory [if you have any]. But ones through YM or any other IM accounts that really look like your friends are referring to you to go to are somehow really mind-controlling.

The method I’ve encountered used a spoof of the Yahoo! Photos Web site inside a Yahoo! Geocities Web page requiring you to sign in with your username and password in the attempt to trick you that your friends’ photos are posted post-login. Please take note that Yahoo! Geocities Web pages are user-controlled, meaning other people just made up that Web page.

The two URIs that was given to me was:

Apparently, those two sites that were IMed to me were already reported and were taken down. Some may still be out there, [or are currently being made] so please watch out still.

Note: Do NOT enter your login details there.

If you take a look at both the main frames’ source pages (the frames with the sign in page displayed), you will see that the form input will go to a mailform (http://www2.fiberbit.net/form/mailto.cgi) with the same email address input of smoke.beer@gmail.com. (Now, spam that bastard!) It just means that your login information will go to his GMail inbox.

The primary solutions for this is within you. You should basically:

  • Never trust login forms inside a frame of user-controlled Web page.
  • Try to login directly from the site, with secure (HTTPS) connection if possible. (e.g., Yahoo! Login, Google Accounts)
  • Never trust friends’ URI referrals unless you really know the site or have checked for security flaws/issues.

I know I haven’t fully discussed what could be done to prevent such intrusions to your accounts, you might even want to change your passwords regularly. Just remember to be aware of such possibilities when visiting untrusted Web sites. Or else, you may be giving them permission to hack you.

More about Phishing: