Be aware of this wireless security threat

by Michael "Mullins CCNA, MCP" | Oct 20, 2005 7:00:00 AM

Tags: Wi-Fi, NETWORKING, Michael Mullins CCNA, MCP, Wireless Access, wireless security, network, wireless, AirPwn, security, Security Solutions Newsletter

Takeaway: By staying up to date on black hats' arsenal of available tools, security professionals can better arm themselves in the security war. To help you in this reconnaissance, Mike Mullins introduces you to AirPwn, a new tool that threatens wireless security.

Wireless access has become much more feasible in recent years, but that doesn't mean that security has kept up with its progress. Sure, you may be able to connect to a wireless access point from your local Starbucks and read your e-mail while sipping a cup of joe—but who else is out there enjoying the recent e-mail installment from your sister's vacation or perusing your latest bank statement?

To remain protected against such black hats, you need to stay on top of the latest wireless security threats—and make sure your users do the same. For example, most security professionals are aware of the man-in-the-middle attack, which occurs when a black hat is able to read, insert, and modify messages between two machines without either party knowing that someone has compromised the link between them.

This type of attack has somewhat faded due to physical security and the complexity of the current switched networks that usually reside between the two end points. But make no mistake: This type of attack is not obsolete.

The threat

In fact, a relatively new wireless tool is helping revive the man-in-the-middle attack. AirPwn, which debuted at DEFCON 12 in July 2004, requires two 802.11b network interface cards—one for listening and the other for injecting. It is currently only available for POSIX operating systems (i.e., Linux, BSD, and other UNIX flavors).

Using this tool on an open wireless network can yield a couple different results. But neither situation is good news for the user. Let's look at the possibilities:

• AirPwn can completely capture an entire wireless session. If a user logs on to check e-mail and isn't working over an SSL connection, someone else can read everything he or she does while online. This includes capturing session tokens and hijacking a session after the user has logged in.
• AirPwn can inject and redirect traffic to another machine. If a user browses to a Web site, a black hat can use AirPwn to inject content from a different location to the user's browser. This content could include anything from text, pictures, or harmful code, which could compromise the machine.

The defense

AirPwn is a plague to the open wireless networks that exist all over the world. This is one more reason to teach users that they can't expect privacy while using a public network.

It's imperative that users understand the risks of using public access. In addition, they can increase their level of data protection by following one simple rule:

Limit the type of transactions conducted when connected to a public network.

When you leave your home or corporate network and connect to an open wireless network, your expectation of privacy and security should drop dramatically. There is no such thing as a trusted open network.

If you didn't configure the network and you can't identify everyone connected to the network, that means it's an open network. Remember that whenever you use an open network, someone could be listening and manipulating the information you see and send to others. If you have to log on to a site from an open wireless connection, make sure you use an encrypted connection.

Final thoughts

It's important that security professionals remain aware and knowledge about the tools the enemy has available. Just as vital is sharing this information with users and educating them about defending themselves.

I recommend visiting black hat sites and seeing what types of tools they have to use against you. The bad guys are certainly watching you—it's time you started watching them. Then, pass on that knowledge to the people you support.

Miss a column?

Check out the Security Solutions Archive, and catch up on the most recent editions of Mike Mullins' column.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.

Print/View all Posts Comments on this article

Worse than dsniff! grephead | 10/21/05

You could always TonytheTiger | 10/21/05

Are two cards better than one? larrywl | 10/21/05

Once again... JesusS | 10/21/05

Not just for wireless larrywl | 10/21/05

Agreed... JesusS | 10/24/05

Detection lvolkjr | 10/26/05