Wireless Security

Rob Flickenger

Metrix Communication LLC

Why is security a problem?

Long distance attack

Invisible intruder

Security risks

Who creates security problems?


Protecting your network

Basic tools you can use to protect your wireless networks (by increasing protection and complexity):

Closed networks

By turning off beacons, you can prevent your network from being shown in network scan utilities.

Advantages: Standard security feature supported by virtually all access points.

Disadvantages: "Closed" networks are not easily found in a site survey, and are easily found by passive monitoring tools.

MAC filtering

A MAC filter may be applied to an access point to control which devices may be permitted to associate.

Advantages: Standard security feature supported by virtually all access points.

Disadvantages: MAC tables are inconvenient to maintain. Also, MAC addresses are transmitted in the clear (even when using WEP encryption), and are easily copied and reused.

Encryption basics

WEP encryption

Part of the 802.11 standard, Wired Equivalent Privacy provides encryption at layer two.

Advantages: Standard security feature supported by virtually all access points.

Disadvantages: Shared key, numerous security flaws, long-term maintenance impossible on large networks.

WEP problems in detail

Advanced 802.11 features


WPA encryption

While WPA (802.11i) will likely become the standard for protected Wi-Fi access, we are not there yet.

Advantages: Significantly stronger protection than WEP, open standard.

Disadvantages: Vendor interoperability problems, complex configuration, protection only on layer two.

Strong encryption software

Good end-to-end security software should provide strong Authentication, Encryption, and Key Management.

Examples include:


The main problem with implementing encryption at layer two is the possibility of man-in-the-middle (MITM) attacks.

Encrypted tunnels

End-to-end encryption provides protection all the way to the remote end of the connection.


In addition to providing simple shell access, SSH is a general-purpose tunneling tool.

Security tools

There are hundreds of free tools that will show you lots of information about your network:

Network ESSID scanners

NetStumbler: find networks

NetStumbler: signal strength




Protocol analyzers

There are a variety of wireless protocol analyzers available. Some include:


KisMac: details

KisMac: traffic

Kismet: networks

Kismet: info

Kismet: clients

Kismet on a Zaurus

Ethereal and Kismet: beacons

Ethereal and Kismet: filters

Ethereal and Kismet: WEP



Ethereal: http decode

Ethereal: TCP session







ntop: flows

ntop: info

In Summary

Using the proper tools, you can see precisely what is happening on your network.

By using strong end-to-end encryption, you can prevent others from using these tools to attack your networks.

The use of strong end-to-end encryption can also make it safe to use completely untrusted networks (from a public wireless AP all the way to the Internet).


Portions of this talk were adapted from Wireless Networking in the Developing World, http://wndw.net/