“Across the United States, the proliferation of wireless networks is incredible, both in homes and businesses," says Matthew Hendren, a senior in electrical engineering at UMR. “Sadly enough, most people don’t understand either the ease in which an adversary could use their wireless network or the damage that adversary could cause by being allowed to use another’s wireless network."

Because wireless networks, known as 802.11 or Wi-Fi, use radio links instead of cables to connect computers, they are more vulnerable to hackers. Easy-to-buy tools allow hackers to listen in or transmit data on other people’s networks without the owner’s knowledge or permission.

“Attacks can range from disrupting the availability of a network connection to tricking users into submitting their confidential information, such as authentication credentials," says Sandeep Shrestha, a senior in computer engineering. “Because all the data the user is transmitting through the network is ‘floating through the air,’ a malicious entity with the means and time could capture the data, analyze it and use it."

Under the direction of Ann Miller, the Cynthia Tang Missouri Distinguished Professor of Computer Engineering at UMR, Hendren and Shrestha are looking at the various free tools being used to gain unauthorized access to the Wi-Fi networks and developing ways to defend the networks from such attacks. In particular, they are examining MAC Address spoofing, a technique used by several of these free tools to defeat the security mechanisms of the networks.

“This is a matter of technology advancing quicker than it was intended," Hendren explains. “Wi-Fi was originally developed without any inherent security measures built in; no encryption was included in the protocol. Since then, many fixes have been added on top of the protocol, such as the use of Wired Equivalent Protocol (WEP) keys and Wi-Fi Protected Access (WPA) keys, but as quickly as the security advances, so do the tools to break it."

Close to home

In November the UMR chapter of the Association of Computing Machinery (ACM) Special Interest Group Security (SIG Security) conducted a security audit of the wireless networks in use throughout Rolla.

SIG Security was broken into four teams in an attempt to audit the Rolla community during the span of one hour and 15 minutes. The audit relied on data gathered from wireless networks that publicly broadcast their identities. Only elements of data that wireless access points make public were recorded.

“There was no connection sniffing (for actual data being transmitted), password cracking or use of the networks during the audit," says Daniel Tauritz, assistant professor of computer science at UMR and advisor of the SIG Security group. “But this isn’t to say that such things couldn’t occur at the hands of less responsible individuals," warns Joshua Maib, a senior in information science and technology and SIG Security co-chair.

When the data from all four teams was pooled together and analyzed, SIG Security had recorded 589 unique wireless networks throughout Rolla. Of these, roughly 44 percent were protected, but the remaining 56 percent were completely insecure, says Jason Trent, a graduate student in computer science and SIG Security co-chair.

Some of the problems encountered with networks that are not protected by encryption and its SSID broadcasting can not only be annoying, but can be dangerous, Tauritz warns.

One reason to discourage the public from using your network is that “with access to your wireless network, anyone with a laptop computer and a wireless card can use your internet connection to send spam email, or even break into another computer through your internet connection," Woodard says. “And if caught, you would get the blame because it would be traced back to your network and computer, not the actual culprits." Trent adds, “Enabling encryption and disabling SSID makes it clear to outsiders that your network is not for public use."

Increase your protection
In response to its audit results, SIG Security suggests the following security practices for Wi-Fi users.

In response to its audit results, SIG Security suggests the following security practices:

To decrease the strength of the radio signal outside your intended coverage area, position wireless components away from windows and toward the center of your home. Avoid placing the wireless components near electrical equipment that can cause signal interference, like microwaves or cordless telephones.

Enable encryption such as Wired Equivalent Privacy (WEP) at the strongest complexity the device offers, or if available, the much stronger Wi-Fi Protected Access (WPA) protocol. “WEP is the most prevalent security implementation with wireless networking," says Tauritz. WEP authenticates anyone who wants to access your wireless network and encrypts or disguises any traffic it produces. “WEP/WPA must be configured on the access point (router) and each client (desktop, laptop, PDA etc.) that you expect to use on your network. The steps to enable WEP vary between hardware and software manufacturers, but are outlined in detail in owner’s manuals and at websites produced by the manufacturer of your wireless devices."

If your network consists entirely of notebooks and desktops, try disabling broadcast of the network’s Service Set Identifier (SSID). However, some devices such as cell phones and PDAs do not function properly without SSID broadcasts. “Your SSID is the identifying name assigned to your network, and is regularly transmitted in the open air to advertise its existence," Maib explains. “Stopping this process requires a client to know the SSID of his or her access point before connecting to it," says Laura Woodard, a sophomore in computer science from Manhattan, Kan. “An easy way to check and see if your SSID is broadcasting is to download netStumbler from www.netStumbler.com. This program will only be able to see networks that have the SSID broadcasting; it will not show passwords or even connect to an open broadcasting network. If your broadcast is off, it will not be found by netStumbler."

Disabling broadcast of SSID does not increase security, nor is it intended to. Instead, it reduces visibility and is an extra step to inform outsiders that the network is not open for their use. Because SSID is sent unencrypted in packets to authorized third parties, an attacker could use sniffing tools on a connection between the access point and an authorized third party to circumvent disabled broadcasts. Disabling SSID broadcast without enabling methods of encryption or authentication is futile.

SIG Security encourages those with – or considering the use of – wireless networks to follow the recommendations outlined here. “Simple preventative steps now may save you from complex headaches in the future," says Tauritz.

The group assumes the majority of wireless users aren’t aware of their security problem and don’t intend to share their service; however, in the audit, SIG Security found several locations that don’t mind sharing their wireless access points with the public. “Rolla has a few hotels currently advertising their open access wireless points," Woodard says. “If you are willing to share your wireless access point let the public know, it is great advertising!"

Do you WEP?
Microsoft Windows users can determine if their computers are WEP enabled by following these quick steps:

Click the Start button and choose Settings, and then Control Panel.

From the Control Panel, double-click the icon labeled Network or Network Connections.

In the box that appears, double-click on the icon corresponding to your wireless device.

Click on the Advanced or Change Advanced Settings tab and a list of properties should appear.

Click on the Wireless Networks tab.

With your network highlighted, click the Properties button.

Under Data Encryption there is a choice of WEP or disabled. If disabled is selected and no password is listed in the network key box, WEP must be enabled through the Access Point Settings dialog box.