Erica’s CWNA Study Guide PWO-100

AirMagnet web site provides product-independent background information and offers the AirWise Community Forum.

Troubleshooting tip: Fluke Networks’ new AirCheck™ Wi-Fi Tester was designed to quickly and easily troubleshoot 802.11 a/b/g/n Wi-Fi networks – all in a dedicated hand-held tester [flash interactive demo].

AirMagnet WiFi Analyzer:

  • Provides “root-cause” for reported Wi-Fi problems
  • Maximize 802.11n efficiencies and investment
  • Complete visibility of all Wi-Fi traffic
  • Never miss any rogue device or security threat
  • Independent ROI analysis of WLAN Infrastructure options
  • Audit-ready compliance status
  • Audit tool to verify network connectivity and application performance

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It can sniff 802.11b; 802.11a, 802.11g, and 802.11n traffic and supports raw monitoring system and plug-ins which allow sniffing other media.

TamoSoft’s CommView for WiFi is available as an evaluation version.

MetaGeek’s inSSIDer is an open source wireless network scanner.

Azulstar’s Wireless Wizard “improves the use and reliability of any WiFi, LTE, Wireless Fiber, 3G, or 2G wireless networks. It allows you to aim your wireless adapter, measure network performance and quickly identify and fix wireless broadband problems. The Wizard includes a Wi-Fi analyzer to easily identify the best channel and resolve interference issues.”

Bench Software’s Wireless Key Generator “Encrypting your wireless internet access requires an encryption key, and Wireless Key Generator not only can provide you with this it can save your key to a text file ready for storing on a usb memory stick or CD. Giving you a simple means of entering your key on each wireless device requiring a secure internet access. Although Wired Equivalent Privacy (WEP) is supported it is no longer recommended due to the number of programs available that can crack and determine the encryption key within seconds. So Wi-Fi Protected Access (WPA/WPA2) should be used if possible on all wireless access points and routers.”

WeFi helps you locate free wireless hotspots throughout the world. “WeFi app eliminates the need of manually selecting and trying out every WiFi networks. Instead, Through WeFi, you’re Wi-Fi enabled device will automatically locate a strong Wi-Fi spot and connect you to it, no questions asked.” (sic) Android, PC/Netbook and Symbian

Change from WEP to WPA, but use strong keys as well.

Problem: You enabled WPA2 using strong pre-shared keys (PSK, or WPA2-Personal). You can copy your strong key to a USB drive and use the USB drive to paste it to your other computing devices. You then learn that entering these strong keys on your mobile phone or other wireless-capable device is difficult to impossible. Do you choose to use weaker keys and expose yourself to a simple dictionary attack, or do you struggle with entering the difficult key?

Anyone can upload a packet capture to WPA CRACKER and have it return the WPA pre-shared key (PSK) in about 20 minutes for $17. Compare with $1,199 for “Elcomsoft Wireless Security Auditor allows network administrators to verify how secure a company’s wireless network is by executing an audit of accessible wireless networks. Featuring patent-pending cost-efficient GPU acceleration technologies, Elcomsoft Wireless Security Auditor attempts to recover the original WPA/WPA2-PSK text passwords in order to test how secure your wireless environment is.” Weak keys are the failure point in any encryption scheme. Get a strong key using Steve Gibson’s free password generator. Don’t worry that you cannot recall such a password; you rarely re-enter it. You rarely change it as well, which is another reason to use a very strong password (and another reason to think that there must be a better solution).

Do not advertise your SSID. Some things you do not advertise. You know your SSID and your key.

Discover hidden SSIDs (and perform many un-neighborly attacks) with MDK3. Watch on Vimeo.

Turn off your wireless access point when it is not in use.

WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the ‘Wireless Zero Configuration’ service of Windows XP and by the ‘WLAN AutoConfig’ service of Windows Vista.

Do not leave plug-and-play enabled on your wireless router. Do not configure your wireless router to be in transparent mode. Do not configure your wireless router (and your firewall) to enable peer-to-peer file sharing. Too often people enable unsolicited network traffic to reach the end device. Too often the wireless router is breached and the firewall is breached because they are someone has configured them to leave little protection.

Is this a corporate, not home implementation? Have a concern about your perimeter? Don’t like the idea of someone sitting in your parking lot, sniffing your traffic? You’ve implemented WPA with strong encryption AND strong keys (because an easily guessed password defeats any encryption) and you’re not broadcasting your SSID, so you should be safe. Just in case, though, take that old b/g router and put it a little way into the parking lot, just far enough that eavesdroppers get this router; just far enough that it has the strongest signal. While rogue access points may be considered “evil twins” when the evil-doer has inserted them, you can turn that idea to your advantage. These “tar pit routers” would be configured like production routers. They get power but they don’t get a network drop. Don’t put these “tar pit routers” on your corporate network.

The trick you’re exploiting is: eavesdroppers cannot choose the device they connect to; they get these nearby “tar pit router” devices. When connect successfully (because they’re disgruntled ex-employees, perhaps), they cannot get interesting information. They get stuck on these “tar pit routers”.

Now you need a way to protect these “tar pit routers” from being disconnected from power or stolen. They will be discovered. Alarm them and include them within the range of your security cameras. Do not give in to the temptation of connecting them to the facility network to send an alert when they go off-line. Do not give eavesdroppers a way to acquire more information.

For additional considerations, see:

Have a b/g router? (performance tip) Bear in mind that when an 802.11b device connects (at up to 11 Mbps), the 802.11g devices operate at reduced throughput (up to 11 Mbps, not the desired 54 Mbps). Get rid of your 802.11b devices and switch the router to 802.11g only.

Better yet: Move your wireless network to the 802.11a (5 GHz frequency) and get out of the crowded unregulated 2.4 GHz frequency that 802.11b/g/n, garage door openers, handsets, appliances and other consumer devices use.

Wireless Access Point (WAP) tools

  • Ekahau HeatMapper, a free Wi-Fi coverage mapping site survey tool.
  • Xirrus WiFi tools. Ultra-geeky, and very useful information. Xirrus WiFi Inspector Xirrus Wi-Fi Inspector and Xirrus Wi-Fi Monitor Gadgets/Widgets to troubleshoot 802.11 and detect rogue access points.
  • MetaGeek’s free InSSIDer 2 open-source Wi-Fi scanning software. Inspect your WLAN and surrounding networks to troubleshoot competing access points (replacing NetStumbler).

Infrastructure components/elements in mobile IP networks:

  • GGSN
  • SGSN
  • PDSN
  • HA
  • FA
  • VLR
  • HLR
  • RNC
  • MSC
  • MGW
  • NodeB
  • BSC
  • PCF

Interfaces in mobile IP networks:

  • A8
  • 89
  • A10/A11
  • R-P
  • P-I
  • AAA
  • Gn
  • Gi
  • Gb

Services/applications in mobile IP networks:

  • WAP
  • MMS
  • LBS
  • AAA
  • UMTS
  • GPRS
  • 1XRTT
  • EVDO

AirPatrol Wireless Threat Management products

AirMagnet – Enterprise Wireless Network Security and Troubleshooting

With Karmetasploit [tar.gz] the attacker is a fake access point which responds to any discovery request by wireless clients and announce it self with the SSID of the request. In this way it intercepts and manipulate all traffic. See PaulDotCom Security Weekly episode 208.

In Linksys WAP610N, a SOHO wireless accessing point, unauthenticated remote textual administration console has been found that allow an attacker to run system command as root user. This vulnerability can be exploited by using telnet1111 client.

One Response to Wireless

  1. […] also: Wireless for wireless network tools GA_googleAddAttr("AdOpt", "1"); GA_googleAddAttr("Origin", "other"); […]