In: Categories » Computers and technology » Hardware » IBM Wireless Security Auditor
|
WSA is an IBM research prototype of an 802.11 wireless LAN security auditor, running under Linux on an iPAQ PDA. WSA automatically audits a wireless network for the proper security configuration to help network administrators close any vulnerabilities before hackers try to break in. Although there are other 802.11 network analyzers out there (wlandump, ethereal, Sniffer), these tools are aimed at protocol experts who want to capture wireless packets for detailed analysis. WSA is intended for the more general audience of network installers and administrators— those who want to easily and quickly verify the security configuration of their networks, without having to understand any of the details of the 802.11 protocols. 802.11 Security IssuesThe current 802.11 standard defines two security protocols: shared key authentication was designed to provide secure access control, and WEP encryption was designed to provide confidentiality. (Some vendors also try to claim that the SSID and station MAC addresses provide secure access control. As the SSID and MAC addresses are transmitted in the clear, they really don't provide any meaningful security, and are easily bypassed.) There are several security issues with these protocols. Most importantly, WEP and shared key are optional, and turned off by default in access points. If these protocols are not turned on in even one access point, it is trivial for hackers to connect to the network, using standard wireless cards and drivers. The 802.11 signal can travel surprisingly large distances from the access point, often a thousand feet or more, allowing hackers to connect from outside the building, such as from a parking lot, or from the street. If, as is often the case, the wireless network is connected directly to a corporate intranet, this gives hackers direct access to the intranet, bypassing any Internet boundary firewalls. The problem of "open" access points is made more difficult because of the low cost and easy availability of access points, and the difficulty of detecting them. It is not uncommon to find individuals or groups within a company who have installed rogue access points without the knowledge of the normal networking group, and without properly configuring the access point(s). These rogue access points are often difficult to detect with normal network monitoring tools, as access points are normally configured as Layer 2 bridges. In addition, the WEP and shared key protocols have been shown to have significant cryptographic errors that permit cryptographic attacks on both the confidentiality and access control functions. (For details, see the Wagner/Goldberg paper at http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html, and the Arbaugh paper at http://www.cs.umd.edu/~waa/attack/v3dcmnt.htm). Note that while WEP and shared key are flawed, they should still be turned on, as attacks are much easier with them off. Vendors and the IEEE are responding to the flawed protocols with fixes in several stages. In the short term, vendors are adding new authentication/key management protocols that provide secure authentication, and new WEP keys for each card, per session. In addition, in the near term, vendors are working on a tweak to WEP to make attacks more difficult, as well as a long-term complete fix. From a management perspective, network administrators need a tool to verify that all access points are at the desired firmware revision so that they have the most current version of these 802.11 fixes. 802.11 Management IssuesA network administrator needs a convenient way to answer these questions:
The wireless network needs to be checked periodically, as access points are easily added and modified, and as updates will be rolled out frequently. The wireless auditing tool needs to look at the actual wireless signals, as the needed information might not be available from the wired side. To monitor the wireless data, the auditor needs to be small and lightweight so it can be easily carried around a site to ensure complete analysis and review. What Does WSA Do?Most importantly, we wanted WSA to be easy to use, and to require absolutely no knowledge of the 802.11 protocols. WSA is not a packet dump/analyzer. Rather it does all the necessary packet monitoring and analysis, and provides the user with just the answers to the important management questions. The results are color-coded (green is good, red is bad) for rapid and easy understanding. WSA features the following functionalities and features:
ComponentsWSA currently runs under Linux, on either a notebook or an iPAQ PDA. We currently support the Cisco/Aironet PCMCIA 802.11 cards, either the old Prism I-based cards or the current Prism II-based cards. On the iPAQ, we are using the Familiar Linux distribution with the fltk library, and on thinkpads, we are using RedHat 7.1. StatusWSA is a research prototype, and no definite decision has been made whether to make it a full product or to release it as open source. (The necessary "airo" driver module modifications have already been open-sourced.)
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
This article discusses a type of hard disk that is more popular in high-end machines (servers) than in personal desktop computers. First, I will discuss SCSI and some of its benefits. Then I will take a look at the steps involved in configuring SCSI devices. SCSI overview SCSI is an acronym for Small Computer System Interface. The important part of this term is “small computer.” SCSI environments use a SCSI controller that is responsible for managing all SCSI devices and ...
|
|
DRAM is the most popular type of memory used in systems today. It is also the most popular type of memory that computer users are adding to their computers for the purpose of upgrading memory. Therefore, you must understand the different types of DRAM and what types of DRAM outperform others. Standard DRAM Memory is organized into rows and columns like a spreadsheet. The information is stored in the different cells or blocks that make up these rows and columns. With standard RAM, the CPU reques...
3. An Overview of IDE Devices ~ IDE versus EIDE devices ~ The Master Slave Concept
In this article, you will learn to install and troubleshoot IDE devices. First, you’ll be given an overview of IDE devices and some of their features, and then you’ll be shown a number of different configurations for installing IDE devices into a computer system. IDE overview The hard drive controller is responsible for converting signals made by the system CPU to signals that the hard disk can understand. These signals include instructions on where to find data and how to...
4. How Does a Printer Work ~ The printing process ~ Types of Printers
Although many different manufacturers make printers, you’re likely to encounter only three real categories of printers (so far). The three types of printers discussed in this article are: Laser Printers Inkjet Printers Dot-matrix Printers The exam touches base on each of these, but the wise technician should focus on laser printers, not only for the exam’s sake, but because these printers are the most common type in today’s computing environm...
5. Pocket PC Installation
Installing Pocket PC programs is fairly straightforward. Palmtop computers use an interface with a hosting laptop or desktop computer. The handheld is updated and installed through this interface. This interface also provides a means to install third-party programs onto the iPAQ. The procedure typically is as follows: The program is downloaded to the desktop. The user installs program from desktop, just like any other program. ...
6. General Bus Architectures
On the system board are a number of expansion slots that are used to expand on the computer’s capabilities. When it is first purchased, a computer only has so many capabilities—the nice thing is that you can expand on those capabilities. Expansion slots expand on what the computer can do. The problem is that there are different types of expansion slots in the system, so when you go to purchase that sound card or network card, you have to make sure that you purchase the right type. In the following sections...
7. Basic Motherboard Components
When you look at the motherboard inside your computer, you notice that there are a number of different items connected to this board. The memory sockets are installed on this board; the CPU socket is located on the motherboard, and the BIOS chip is also located on the motherboard. In this section, we will identify the different system board components. Processor One of the easiest items to recognize on the motherboard is the processor. The processor is usually the l...
8. Managing Windows Services from the Command Line
You can manage services through the command-line interface as well as the GUI; in some cases, the command line can be faster and easier. There are two ways to do this. The first is with the net command. The commands net start servicename and net stop servicename start and stop a service on the local computer. If the service name has spaces in it, you must enclose the name in quotation marks ("), and you can specify either the service's Display Name (the name listed in the Services management display), or the shorter S...