Broadcast radio and, later, broadcast TV have defined wireless for two generations. The ability for radio waves and TV signals to go anywhere and be heard and seen by anyone has provided huge benefits to the general public since the early twentieth century. If you are the receiver this broadcast capability is very attractive, but sometimes for the sender these broadcast qualities can be a major disadvantage.
The military were the first to address the disadvantage of being heard by everyone. To protect communications over radio, the military adapted secret codes that had for many years been used to protect written messages. Techniques such as spread spectrum transmission were invented to try to prevent unwanted reception. Catalyzed by the need to protect wireless communication during the Cold War (1950 to 1980), huge advances were made in secure communications, but the general public did not receive any direct benefits from this work.
Because wireless technology has advanced and dropped in price, now almost everyone uses both radio receivers and transmitters—in mobile phones, cordless phones, Wi-Fi LANs, and a host of other equipment. However, along with this proliferation in use, over the past few years millions of people in industry and at home have had to face up to a basic conflict. They want the wireless advantage, “receive anywhere,” without the wireless feature of “send to everyone.”
This book specifically addresses Wi-Fi security. Wi-Fi is the most popular wireless method for networking computers, and people use it widely both in corporate locations and in the home. Typically a Wi-Fi “adapter card” is inserted into a computer so data can be sent to other computers or the Internet via a short-range radio link to a Wi-Fi access point. It means you can work at your desk or in a conference room, in your home office or in the family room. It provides freedom. Increasingly, Wi-Fi “access zones” in shops or hotels also provide Internet access to people “on the road.”
Wi-Fi is not the only wireless technology available. For short-range communications Bluetooth or HomeRF[1] can be used. Cellular modems can also be used if a low connection speed is acceptable. However, Wi-Fi provides simple wireless broadband access and has become the market leader.
“Wi-Fi” is a brand name coined by the Wi-Fi Alliance. The purpose of the brand is to identify products that have been tested to ensure interoperability between vendors. Wi-Fi products include plug-in adapter cards, network adapters connected by USB, access points, and integrated devices such as personal digital assistants (PDAs) or even cellular phones. The Wi-Fi Alliance has established a testing program that operates all products bearing the logo in conjunction with a range of products from other vendors. As a result, customers can be confident that products will work outside the store. Wi-Fi products must be designed using an industry standard, known as IEEE 802.11.[2] There are various subgroups within IEEE 802.11, and each one is assigned a letter. For example, IEEE 802.11b is the standard on which many Wi-Fi systems are based today.
You may have used Wi-Fi systems already. Perhaps you have become addicted to the convenience of working wherever suits you best, but you are wondering how to maintain the privacy of your information and you may have tried some of the security features built into your Wi-Fi system. Because you are reading this book, you are probably still concerned about the level of protection you have. You are right to be concerned. As you read through this book, you will realize that the tools provided with most Wi-Fi systems to date are not adequate to protect you. Although some of your data might not be important enough to attract any serious attack, the availability of downloadable attack tools means that even the kid next door might be able to get at your data. Our goal is to not only guide you to a secure solution but also to ensure that you get a good understanding of the problems of security and how they are solved.
We once took a tour of a well-known brewery in St. Louis, Missouri. We mention this not just because we enjoyed it, but because the tour, like this book, was divided into three parts. In the first part of our tour we were informed about the issues of beer—the difficulties of producing good flavor and the importance of good ingredients. In the second part we walked the factory floor and looked at the machinery, the tanks, and pipes involved in the production process. Finally, we met the real thing as we were given the opportunity to drink the product.
In a similar way the three parts of this book address the theory, implementations, and reality concerning Wi-Fi security. If you are not interested in the mechanics, you can skip the finer details. Likewise, you may be comfortable with the theory and want to focus on how it is put into practice. Either way, you do not have to read the book from cover to cover to realize its benefits.
Part I examines the security problem in general. Initially we look at the general principles on which security is built and then specifically at why Wi-Fi and other wireless LAN technologies are vulnerable to attack. We discuss where attacks might come from and the types of people who might carry them out. Finally we look at the types of tools that attackers use to break into systems. This section of the book is not highly technical, but it should help you understand how vulnerable a Wi-Fi system can be.
In Part II we head to the factory floor to look at the machinery that can protect you. In the overview of how Wi-Fi systems work, we do not discuss such issues as how to install the software drivers or how to plug in the USB connector. Instead, we go right into the IEEE 802.11 protocol to look at the messages being transmitted between systems. It is at this level that the attack tools work, and it is only at this level that you can get an understanding of how the security defenses work. The original IEEE 802.11 standard did provide a security method called “WEP.” Many people relied on WEP for protection and were alarmed to discover that it was not effective. Part II includes a chapter that details how WEP works and why it was broken. Look here for a useful lesson in understanding security.
The remainder of Part II describes the security technologies that are being introduced to provide real protection. There are many pieces to the picture, and successive chapters deal with the solutions from the lowest layers up. You may have seen jargon words and acronyms used in relation to Wi-Fi security. You will find them explained here.
Part III moves to real implementation issues. We look at the special requirement of public access networks such as hotspot zones. We review attacks that have been performed against Wi-Fi systems and analyze how they worked. We let you sit in the attacker's seat and, if you wish, try out some of the attack tools yourself. This is a good way to test whether you can break into your own system. Finally, we look at an open source implementation of wireless LAN security. We do not provide step-by-step guides to installing particular brands of equipment. When you understand how all the pieces fit together, you will be much better positioned to understand and successfully follow the installation instructions that come with the products you purchase.
We describe many techniques for attacking Wi-Fi systems and even provide step-by-step instructions on how to use attack tools. Some people are uncomfortable with this approach, but we reject the argument that it assists people who have bad intent. Those people will find out what they need to know one way or another. It is the honest people who will be left in the dark unless these details are exposed. Unless you are familiar with your enemies' weapons, you cannot set up a proper defense.
Also, there is an emotive debate about the word “hacker.” This word was originally coined to describe honest, hardworking, and very inventive programmers. It is still used with this meaning by some in the industry, who prefer the word “cracker” to describe security attackers. The general public, however, uses the word “hacker” to mean a person who attacks computers with malicious intent. We use the word “hacker” in this sense, and we apologize for any irritation this causes.
Finally, to avoid confusion, we'd like to clear up the relationships among the terms Wi-Fi, wireless LAN, and IEEE 802.11.
Wireless LAN is a general term used for short-range, high-speed radio networks. Wi-Fi is one kind of wireless LAN.
IEEE 802.11 is the formal technical standard that defines how Wi-Fi systems operate.
Wi-Fi is the industry standard for products based on IEEE 802.11 as defined by the Wi-Fi Alliance. Wi-Fi products are tested for compatibility among different manufacturers.
Broadly speaking, IEEE 802.11 and Wi-Fi refer to the same thing, but some parts of the IEEE 802.11 standard are not implemented by Wi-Fi systems and, conversely, some extensions are added. If you have any doubts, substitute “Wi-Fi” every time you see “wireless LAN” or “IEEE 802.11.”
[1] HomeRF was a market competitor during 2000–2001 but lost out to the more successful Wi-Fi technology.
[2] The IEEE (Eye-triple-E) is a nonprofit, technical professional association of more than 377,000 members in 150 countries. The full name is the Institute of Electrical and Electronics Engineers, Inc., although the organization is most popularly known and referred to by its acronym.