Wireless attacks are a growing threat that is affecting enterprises and small businesses. In the past, wireless security was often overlooked because it was assumed to be a “lesser” threat. This perception has changed. With the increasing popularity of wireless technologies, such as 802.11 Wi-Fi, 802.11b/g, and Bluetooth, wireless attacks are occurring on an almost daily basis.
Wireless Attacks and Mitigation Tips
What makes wireless attacks so effective is that they can occur from the comfort of the attacker’s home or even from thousands of miles away in some cases. The following sections provide several tips for securing against all types of wireless attacks.
Disable SSID Broadcast
Wireless access points advertise themselves by broadcasting their SSID (Service Set Identifier) to any wireless device within range of their network. The SSID is simply a unique identifier for the network, which many devices (especially operating systems) use to automatically connect to the network when in range and without specifying an SSID.
Use MAC-Based Authentication
Most access points come with default settings that allow anyone within range of the network to connect without requiring any type of authentication or encryption protection.
To protect your network from illegal access, you should change your access point settings to only allow access from those devices. Perhaps whose MAC (Media Access Control) addresses are already stored in your access point’s list of authorized MAC addresses.
If possible, this list should change every 30 days or sooner. Perhaps if necessary, to prevent attackers from spoofing addresses on their machines and gaining authorized status.
Perform Proper Configuration Management
Protecting your configuration files can help prevent attackers from gaining unauthorized access to critical system components such as user accounts, services, and passwords that could allow them to take control over or destroy your system or network. You should protect these files by storing them in a secure location where only authorized users can access them.
Wireless Attacks and Mitigation Tips
Many commercial operating systems provide a means of protecting these configuration files by encrypting them or restricting access to them. Linux, for example, uses the standard “passwd” file for storing user passwords and the “shadow” file for storing user account information. Both of these files are in the /etc directory and are secure using the standard Linux “shadow” password protection system.
The /etc/shadow file is secure using traditional encryption methods; while the /etc/passwd file is secure by storing its contents in an encrypted format. This way, any unauthorized users that gained access to this directory would not be able to read the contents of either file unless they knew the appropriate decryption method.
In addition to protecting your system configuration files, you should also protect your log files. Most operating systems provide several means of logging activity on your system. These logs can contain a wealth of information about what is happening on your network, such as who is connecting to which host, when they connected to it, and how often they connected.
Accessing these logs can be extremely valuable when trying to discover who is behind a network attack because it will show you exactly what happened, who did it, and when it was done. With this level of detail from your logs, you should never have to rely on memory alone to determine what happened in your network during an attack.
