Page 237 - StudyBook.pdf
P. 237

Communication Security: Wireless • Chapter 4  221

                 Protecting Against Sniffing and Eavesdropping

                 As networking technology matured, wired networks were able to upgrade from
                 repeaters and hubs to a switched environment.These switches would send only the
                 traffic intended for a specific host over each individual port, making it difficult
                 (although not impossible) to sniff the entire network’s traffic. Unfortunately, this is
                 not an option for wireless networks due to the nature of wireless communications.
                    The only way to protect wireless users from attackers who might be sniffing is
                 to utilize encrypted sessions wherever possible: SSL for e-mail connections, SSH
                 instead of Telnet, and Secure Copy (SCP) instead of File Transfer Protocol (FTP).
                    To protect a network from being discovered with NetStumbler, it is important
                 to turn off any network identification broadcasts and, if possible, close down the
                 network to any unauthorized users.This prevents tools such as NetStumbler from
                 finding the network. However, the knowledgeable attacker will know that just
                 because the network is not broadcasting information, does not mean that the net-
                 work cannot be found.
                    All an attacker needs to do is utilize one of the network sniffers to monitor for
                 network activity.Although not as efficient as NetStumbler, it is still a functional
                 way to discover and monitor networks. Even encrypted networks show traffic to
                 the sniffer. Once they have identified traffic, the attacker can then utilize the same
                 identification techniques to begin an attack on the network.

                 Spoofing (Interception)
                 and Unauthorized Access

                 The combination of weaknesses in WEP and the nature of wireless transmission has
                 revealed spoofing to be a real threat to wireless network security. Some well-publi-
                 cized weaknesses in user authentication using WEP have made authentication
                 spoofing just one of an equally well-tested number of exploits by attackers.
                    One definition of spoofing is the ability of an attacker to trick network equip-
                 ment into thinking that the address from which a connection is coming is a valid
                 machine from its network.Attackers can accomplish this in several ways, the easiest
                 of which is to simply redefine the MAC address of the attacker’s wireless or net-
                 work card to be a valid MAC address.This can be accomplished in Windows
                 through a simple Registry edit. Several wireless providers also have options available
                 to define the MAC address for each wireless connection from within the client
                 manager application that is provided with the interface.






                                                                              www.syngress.com
   232   233   234   235   236   237   238   239   240   241   242