Following on from last week’s post where I covered encryption, mobile devices and wireless another major security weakness is the presence of rogue access points. These access points can be either setup via a malicious hacker or put in place by a user who is not aware of the ramifications of their actions.
Again I feel a scenario will help here. Say you have a user with a laptop who connects into the corporate network with a standard ethernet cable (fixed). They try to visit a website that is blocked by the company’s internet filtering policies. So they use Wi-Fi and find a free access point called “Wi-Fi free” and connect in – they can now access the website – however they have breached all of the company’s security controls. Not only could their traffic be sniffed by the access point (passwords, credit cards etc) but they have inadvertently provided a malicious hacker access to the network. There are also trojans out there which will turn on a wireless access point on a laptop so people can use it to breach into networks.
Another method hackers will use is to employ an access point with the exact same name as the company access point. This way a user may inadvertently connect to the hacker’s point instead of the corporate network. Most of the time these access points will be open with no encryption.
Again this all comes back to user awareness training.
SSID, Passwords & MAC filtering
Both commercial and private use Wi-Fi needs to be configured to block the SSID broadcast and need to be changed from their default name. I am forever seeing wireless networks called ‘Linksys’ or ‘Wi-Fi’. Hiding the broadcast of the wireless won’t stop the hacker but it will make it harder for some of the script kiddies.
Passwords should be at a minimum 10-12 characters and changed frequently, you should also employ mac filtering to make it harder for hackers to gain access.
In terms of downloads…well I feel I am repeating myself, but torrents are great, they can really assist in improving download speed, for example the Backtrack pen testing iso I use, to download via torrents is about 200% faster than from a site, but be weary of public torrent sites, and cracked software. Nine times out of ten they are filled with viruses and Trojans. The same goes with freeware / shareware.