Our small office WLAN uses WEP encryption and MAC address filtering. Are we protected from wireless hackers, or should we be doing something more?
First, upgrade your WLAN from WEP to either WPA-PSK or WPA2-PSK. WEP has been broken for years, and new tools and techniques keep shortening the time required to crack WEP keys. This month, Darmstadt University researchers demonstrated a new tool, aircrack-ptw, which can guess your WEP keys in as little as one minute. While WPA/WPA2 PreShared Keys (PSKs) are not impossible to crack, choosing a good (random, complex) passphrase that's at least 20 characters long will defeat PSK crackers.
Second, don't rely too heavily on your MAC address filters. MAC addresses are easily spoofed, using readily available freeware like Technitium MAC Address Changer, SMAC, or EtherChange. Someone who wants to bypass your MAC address filters can just use a wireless sniffer like WaveShark to observe a valid MAC address, then change their own MAC address to match. MAC address filters are best viewed as a "keep out" -- a way of discouraging casual war drivers or accidental associations by nearby neighbors.
Third, make sure that your wireless AP and hosts aren't vulnerable to probes and attacks over the WLAN. People often focus on link encryption and access control, but forget about protecting those wireless endpoints. For example, make sure your AP can't be reconfigured by wireless clients. If you cannot disable that interface, at least choose a hard-to-guess admin login and password. Safeguard your wireless clients like you would any host connected directly to the Internet -- specifically, disable file sharing, run a personal firewall to block all incoming requests, connect only to known networks in infrastructure more, and update your wireless adapter to the latest firmware/driver.
To learn more about WLAN threats and countermeasures, check out our Wireless Lunchtime Learning series of webcasts and tips.
This was first published in April 2007