Page 211 - StudyBook.pdf
P. 211

Communication Security: Wireless • Chapter 4  195


                   received IP address configuration and associated with the wireless net-
                   work, simply by being in close proximity to the network. That is, without
                   any intent on their part, the person using a wireless-equipped computer
                   can use the services of the wireless network, including access to the
                   Internet. Assume the person used this automatic configuration to gain
                   access to the Internet through the wireless network. Technically, this
                   could be considered theft of service in some jurisdictions although the
                   person has been, for all intents and purposes, welcomed on to the wire-
                   less network. Regardless of this “welcome,” however, if the laws in that
                   jurisdiction prohibit all unauthorized access, the person may be charged.
                   Most such statutes set the required culpable mental state at “intentional
                   or knowing.” Thus, if the person knows they are accessing a network,
                   and does not have permission to do so, the elements of the offense are
                   satisfied.
                        Where a wardriver crosses the line from a “semi-legal” to an illegal
                   activity is when they collect and analyze data with malicious intent and
                   cause undesirable interference with the operation of a network. Cracking
                   WEP keys and other encryption on a network is almost universally illegal.
                   In this case, it is presumed that malicious intent to steal data or services
                   or interfere with operations can be established, since it requires a great
                   deal of effort, time, and planning to break into an encrypted network.
                        The onus to exercise due care and diligence to protect a wireless net-
                   work falls squarely on the administrator, just as it is the responsibility of
                   corporate security personnel to ensure that tangible property belonging
                   to the company is secure and safe from theft. That is, it is up to the
                   administrator to ensure that the network’s data is not radiating freely in
                   such a way that anyone can receive it and interpret it using only licensed
                   wireless devices. This much is clear: administrators who do not take care
                   to protect their wireless networks put their companies at risk.

                    Passive attacks on wireless networks are extremely common, almost to the point
                 of being ubiquitous. Detecting and reporting on wireless networks has become a
                 popular hobby for many wireless wardriving enthusiasts. In fact, this activity is so
                 popular that a new term,“war plugging,” has emerged to describe the behavior of
                 people who wish to advertise the availability of an AP and the services they offer,
                 by configuring their SSIDs with text such as “Get_food_here.”

                 Wardriving Software

                 Most wardriving enthusiasts use a popular freeware program called NetStumbler,
                 which is available from www.netstumbler.com.The NeStumbler program works



                                                                              www.syngress.com
   206   207   208   209   210   211   212   213   214   215   216