Hi,

I'm a security student, I was wondering about the threat of pro hackers who are looking to break into WLANs for industrial espionage/trade secrets/etc? (has there been any major incidents or have they gone unnoticed?)

I know there a sniffers freely available, which show open APs and WEP enabled nets. A hacker needs MAC spoofing & WEP Cracking tools to get past 802.11 basic security.

How secure are extended policies, like TKIP WEP, RADIUS-EAP, VPNs?

I know no-one will talk openly about hacking techniques, I am trying to gauge the level of threat any given company faces.

I am in the UK, and I am not mobile (car & computer sense). So I can't cruise with a sniffer to find some examples of open APs. I would love to see case study data from a US city, or even better an IT industrial zone. My project concentrates on enterprise WLAN security.

Thanks, any help greatly appreciated.

PuLSe.

Originally posted by PuLSe
How secure are extended policies, like TKIP WEP, RADIUS-EAP, VPNs?

Compared to what? WEP? Infinitely more secure. TKIP, RADIUS with the more advanced/secure protocols, VPNs are all partial solutions to wireless insecurity. Are they perfect? Of course not, over time people out there will figure out ways around all that. It's cat-and-mouse.

In the end, though, hackers still in many ways have much easier physical access to a network via wireless than wired because they generally just need to be in the vicinity of the AP, not wired to the hardware of the network. Personally, I feel physical security of APs or the vicinity within an APs range is relatively ignored as a security threat.

I know no-one will talk openly about hacking techniques, I am trying to gauge the level of threat any given company faces.


No, people aren't going to talk openly about those sorts of things in legitimate, professional forums. It's pretty irrelevant anyway if you aren't actually hacking (white or black) into networks. Reading synopses and other people's solutions to specific techniques will suffice for most admins.

It's especially moot with wireless since the big, big problem and concern is how to keep people out of your network in the first place, not what they might do after they gain access since after that point, 'regular' hacking techniques used on traditional wired networks apply.

The level of threat to companies using wireless networks is huge. It's even bigger because of relative user indifference towards computer security in general and a lack of understanding by end users about the unique risks of wireless network access. Put on top of this how overworked a lot of admins are already and now you place upon them more tasks now involving wireless and the need for training to defend wireless networks. It's a big deal for any company that has wireless access to their networks. It's still an issue for those that don't since users and ne'er-do-wells can often still add their own rogue AP to a network.