Infrastructure Security: Devices and Media • Chapter 6  377

                 covered in this section.Wireless technology provides a convenient method of
                 accessing a network by eliminating the cables that are generally associated with net-
                 work connectivity.While this can be a great convenience to laptop users, it intro-
                 duces a whole new world of security vulnerabilities to a network.
                    The primary devices associated with wireless networking are wireless access points
                 and the wireless network cards used to communicate with the access points.There are
                 other devices such as signal boosters, but they are not a component of this exami-
                 nation.Wireless network cards are designed to communicate with either other
                 wireless network cards or to a wireless access point. Card-to-card communication is
                 considered an “ad-hoc network” and are commonly used to quickly link two sys-
                 tems together without the use of either a hardware or software access point.
                    A new attack technique that has risen in the popularity of wireless networks is
                 war driving.This involves a hacker driving around with a laptop equipped with a
                 wireless network card looking for wireless cells to connect to. Usually they will
                 have a high-powered antenna to increase the effective range of their scans. In
                 recent news, war drivers have been able to easily connect to corporate and govern-
                 ment networks using this technique.The vulnerabilities that were exploited on
                 these networks could have been negated if the implementation of the wireless net-
                 work had included adequate security measures. In some cases, war driving has
                 evolved to the point that war drivers mark vulnerable locations by marking the
                 sidewalk with chalk (war chalking) or other means just to make it easier on the next
                 war driver.
                    Wireless access points have a limited range (which differs by model and antenna
                 type) within which they can effectively communicate with client systems. Keeping
                 this range in mind when planning a wireless implementation significantly improves
                 the corresponding security implementation. Planning the placement of the wireless
                 access points so that the outer range of their transmission distance corresponds with
                 the walls of the building, prevents external access to a wireless network.
                    In addition, both incoming and outgoing wireless transmissions can also be
                 stopped by the walls of a building.When planning a wireless implementation
                 within a new construction, it is important to work with the designers to make sure
                 that the external walls contain metal studs that are grounded. Using thin layers of
                 aluminum under the drywall creates what is effectively a wireless shield, which will
                 block most radio transmissions into and out of the building.This will also interfere
                 with pager and cellular phone usage.
                    Proper placement of wireless access points and appropriate shielding within the
                 building where possible, will substantially decrease the vulnerability of a wireless




                                                                              www.syngress.com