Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.6  Wireless
           9  2.6.4  Vulnerabilities

Previous Topic/Section
Shielding issues
Previous Page
Pages in Current Topic/Section
Next Page
More 802.11b Lockdown Tips
Next Topic/Section

Unauthorized Access

As mentioned earlier, unauthorized access to wireless LANs is a significant issue.

One thing you can do is use hardware that allows you to specify the MAC addresses of devices allowed to have access to the network. Networks that are large enough to make pre-enrolling MAC addresses impractical should look at a VPN (How a VPN works is described in Encryption) before the connection to a wireless network. Options such as the Cisco Aironet utilize the Cisco Lightweight Extensible Authentication Protocol (LEAP) to ensure mutual authentication between wireless clients. This includes a back end RADIUS server, dynamic WEP keys, and changes the Initialization Vector (IV) on a per packet basis. Vendors such as Fortresstech offer products such as Airfortress251 that is placed between the Wired Access Point and the rest of the network. Other vendors have updated drivers for their wireless offerings to improve security on existing products.

Not worried enough about unauthorized access by “war-driving”252 users with Pringles can antennas? Let us tell you about a few more tools used by that crowd.

Netstumbler is a free windows-based wireless sniffer that looks for a SSID being broadcast. Note that, as we mentioned earlier, you must have the correct SSID to join a wireless network. Netstumbler is useful for finding the rogue access point that was set up without thinking of the ramifications. Additionally, a Linux based sniffer called Kismet is totally passive and can find a wireless network without revealing itself in the process. It is also able to capture data from signals too weak to fully participate in a wireless LAN. Kismet was created to work hand-in-glove with the free protocol analyzers such as Ethereal253 for Windows or tcpdump254 for Linux or Windows. Ethereal does an incredible job in many ways. As an example, check out their site255 to see how easy it is to see email messages.

Remember virtually everything needs to be watched for vulnerability. While suggesting tcpdump in the preceding paragraph, rapid7 found a hole in it256.

With so many sites running open wireless networks, it can be difficult for a busy war-driver to remember all the sites they have found. Kismet solves this issue by adding support for GPSDrive257 to map all the sites found. If you don’t have the time to try all this yourself, the creator of Kismet has done a great job of showing how all this can work together. Just point your browser to the footnote258.










Previous Topic/Section
Shielding issues
Previous Page
Pages in Current Topic/Section
Next Page
More 802.11b Lockdown Tips
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.