Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Mobile/Wireless Computing
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

BONUS LINKS

Laptops
Toshiba Laptops with Intel® Centrino® Duo. Free Shipping

Wireless Hacking Techniques

Dr. Cyrus Peikari and Seth Fogie   Today’s Top Stories   or  Other Mobile and Wireless Stories  
 

Sign up to receive Mobile and Wireless Resource Alerts

May 17, 2004 (Computerworld) -- In this excerpt, from Chapter 6 of their new book Maximum Wireless Security, authors Dr. Cyrus Peikari and Seth Fogie review techniques used by hackers to compromise wireless networks. The excerpt is published with permission from Sams Publishing.

Contents of this excerpt:

Diverse Hacker Attack Methods
Social Engineering
The Virtual Probe
Lost Password
Chatty Technicians
Social Spying
Garbage Collecting
Sniffing
How Does a Sniffer Work?
How Hackers Use Sniffers
How to Detect a Sniffer
How Can I Block Sniffers?

Chapter 6: Hacking Techniques

A typical hacker attack is not a simple, one-step procedure. It is rare that a hacker can get online or dial up on a remote computer and use only one method to gain full access. It is more likely that the attacker will need several techniques used in combination to bypass the many layers of protection standing between them and root administrative access. Therefore, as a security consultant or network administrator, you should be well versed in these occult techniques in order to thwart them. This chapter, which will be a review for advanced users, will introduce the main types of hacker attacks. Expert users will want to skip ahead to the next chapter (Chapter 7, "Wireless Attacks") and go straight for the goodies.

The following techniques are not specific to wireless networks. Each of these attacks can take multiple forms, and many can be targeted against both wired and wireless networks. When viewed holistically, your wireless network is just another potential hole for a hacker. Therefore, this chapter will review hacking techniques from a generic perspective.

Diverse Hacker Attack Methods

The stereotyped image conjured up by most people when they hear the term "hacker" is that of a pallid, atrophied recluse cloistered in a dank bedroom, whose spotted complexion is revealed only by the unearthly glare of a Linux box used for port scanning with Perl. This mirage might be set off by other imagined features, such as dusty stacks of Dungeons and Dragons lore from the 1980s, empty Jolt Cola cans, and Japanese techno music streaming from the Net.

However, although computer skill is central to a hacker's profession, there are many additional facets that he must master. In fact, if all you can do is point and click, you are a script kiddie, not a hacker. A real hacker must also rely on physical and interpersonal skills such as social engineering and other "wet work" that involves human interaction. However, because most people have a false stereotype of hackers, they fail to realize that the person they are chatting with or talking to on the phone might in fact be a hacker in disguise. In fact, this common misunderstanding is one of the hackers' greatest assets.

Social Engineering

Social engineering is not unique to hacking. In fact, many people use this type of trickery every day, both criminally and professionally. Whether it be haggling for a lower price on a lawn mower at a garage sale, or convincing your spouse you really need that new toy or outfit, you are manipulating the "target." Although your motives might be benign, you are guilty of socially engineering the other party.

The Virtual Probe

One example of social engineering that information technology managers face on a weekly basis is solicitation from vendors. An inimical form of sales takes the form of thinly disguised telemarketing. Straying far from ethical standards of sales technique, such vendors will attempt to trick you into giving them information so they can put your company's name on a mailing list.
Here is one such attempt that we get regularly:
"Hi, this is the copier repair company. We need to get the model of your copier for our service records. Can you get that for us?"

Now, this sounds innocent enough, and there are probably many that fall for this tactic. However, they are simply trying to trick you into providing sensitive information-information that they really have no business knowing.

Like the scam artist, a hacker often uses similar techniques. A popular method that hackers use is pretending to be a survey company. A hacker can call and ask all kinds of questions about the network operating systems, intrusion detection systems (IDSs), firewalls, and more in the guise of a researcher. If the hacker was really malicious, she could even offer a cash reward for the time it took for the network administrator to answer the questions. Unfortunately, most people fall for the bait and reveal sensitive network information.

Lost Password

One of the most common goals of a hacker is to obtain a valid user account and password. In fact, sometimes this is the only way a hacker can bypass security measures. If a company uses firewalls, intrusion detection systems, and more, a hacker will need to borrow a real account until he can obtain root access and set up a new account for himself. However, how can a hacker get this information? One of the easiest ways is to trick someone into giving it to them.

For example, many organizations use a virtual private network (VPN) that enables remote employees to connect to the network from home and essentially become a part of the local network. This is a very popular method of enabling people to work from home, but is also a potential weak spot in any security perimeter. As VPNs are set up and maintained by the IT department, hackers will often impersonate an actual employee and ask one of the IT staff for the password by pretending to have lost the settings. If the IT employee believes the person, he willingly and often gladly hands over the keys. Voila! The hacker now can connect from anywhere on the Internet and use an authorized account to work his way deeper into the network. Imagine if you were the lowly IT staff person on call and the CEO rang you up at 10:30 p.m. irate about a lost password. Would you want to deny her access, risking the loss of your job? Probably not, which makes this type of fear a hacker's best friend.

Chatty Technicians

If you are a home user and think you have nothing to fear from this type of impersonation, think again-you are actually targeted more often by scammers and hackers alike. This is because many Internet newcomers (newbies) will believe anything someone appearing to be their ISP's tech support personnel tells them. For example, hackers will often send out mass messages to people, or sit in chat rooms and wait for a newbie to come along. They will then set up a fake account or use simple tricks to make it appear as if an AOL employee is chatting with them. What the newbies do not realize is that they are actually talking with a hacker in disguise. So, they willingly hand over everything from credit cards to user names and passwords. See Figure 1 for an example of how a fake request might appear.

Continued...
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Blogs

"There is no doubt that iPhone 2.0.x software is buggier and slower (in contact browsing for instance, not Internet speed)..." Read more...
Read more Mobile & Wireless posts or See all Blogs

Cellular operators say they're ready for Gustav
Psystar calls Apple a 'monopoly' in antitrust charges
Doubt cast on Seinfeld as Windows TV ads near
More top stories...
IT workers hit hardest by offshore outsourcing, survey finds
Microsoft: No more Windows Live Mail crashes with IE8 Beta 2
Microsoft warns of IE8 lock-in with XP SP3

Telecommuting: 6 questions to ask before you say yes
Telework can change office dynamics in ways you hadn't anticipated. Proceed cautiously.
Wi-Fi tweaks for speed freaks
Got a painfully slow connection or random dead spots? Our tips will help you get the most out of your wireless network.
5 ways to drive your best workers out the door
Listen up, managers: Employees don't quit the job; they quit you.
Ultraportable laptops: Their rise and possible fall
Netbooks, ultraportables, mini-notebooks — whatever you call them, they've been grabbing headlines. Are they here for the long term or just a flash in the pan?

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.

IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
The File Data Management Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Business Intelligence and Analytics Zone
Windows Protection Zone
Identity & Security Management Zone


Ads by TechWords

See your link here
Mobility @ the Speed of Business
Download this new tech briefing, free, compliments of HP.
(Source: Computerworld) Enterprises have a keen interest in making sure their increasingly mobile workers can get information when they need it, where they need it - not just when there is a Wi-Fi hotspot around. Many are turning to embedded broadband modems as the most cost-effective, easiest to manage solution to connect workers to the right applications. The results speak for themselves in this new tech briefing.
Download this executive briefing download
Virtualization Everywhere
Download this white paper, free, compliments of Citrix.
(Source: Citrix) Adoption of virtualization is concentrated among large enterprises, while adoption by mid-sized companies has been much slower. For these companies, the cost and complexity of server virtualization solutions has been a barrier.

In this paper, we'll discuss how Citrix XenServer" provides simple, economical server virtualization for any size company. Download now!

Download this white paper go
The Promise of Mobile Unified Communications
The Promise of Mobile Unified Communications
Download this webcast, free, compliments of RIM.
Go to the webcast 
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Archiving Compliance with Sunbelt Exchange Archiver
The Impact of Messaging and Web Threats
Advanced Load Balancing: 8 Things You Need to Handle Today's Network Traffic
View more whitepapers 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map