Configuring Our Community Users On the user’s side, we will leverage the PPTP client already built into Windows. Our example will use Windows XP to demonstrate the setup.The configuration is similar between all versions, from Windows 95 up to the most recent version. 1. Click the Start | Network Connections. As seen in screen Figure 3.14, the Network Connections window will appear with your current network adapters already visible. 2. Click the Create a new connection link on the upper-left side of the window.As seen in Figure 3.15, the New Connection Wizard will appear. www.syngress.com 50 Chapter 3 • Securing Our Wireless Community Figure 3.14 Clicking the Start | Network Connections Screen Figure 3.15 The New Connection Wizard Welcome Screen 308_Wifi_Hack_03.qxd 9/30/04 1:44 PM Page 50 3. Click the Next > button, and the Network Connection Type dialog will appear.As seen in Figure 3.16, select the Connect to the network at my workplace radio button. 4. Clicking the Next > button brings up the Network Connection screen. As seen in Figure 3.17, select the Virtual Private Network connection option. 5. Clicking the Next > button brings up the Company Name prompt. Enter a description for your PPTP connection here. As seen in Figure 3.18, we entered PPTP to Community Wireless. www.syngress.com Securing Our Wireless Community • Chapter 3 51 Figure 3.16 Selecting the Connect To The Network At My Workplace radio button Figure 3.17 Selecting the Virtual Private Network Connection option 308_Wifi_Hack_03.qxd 9/30/04 1:44 PM Page 51 6. Clicking the Next > button may bring up an Automatic Dial dialog. If this occurs, select the Do not dial the initial connection option. 7. Clicking the Next > button brings up the Server Name or Address dialog. As seen in Figure 3.19, we entered the IP address of our m0n0wall.This is the address of the LAN interface on the m0n0wall. In our example, we used 10.13.37.1. (This address can be found in our m0n0wall by clicking the Interfaces | LAN menu item from the m0n0wall Web configuration.) www.syngress.com 52 Chapter 3 • Securing Our Wireless Community Figure 3.18 Description Entered for PPTP Connection Figure 3.19 Entering the IP Address of Our m0n0wall 308_Wifi_Hack_03.qxd 9/30/04 1:44 PM Page 52 8. Clicking the Next > button brings up the Create this connection for: dialog. If we want all users to use this connection, select Anyone’s use; otherwise, select the My use only option.This is largely left to the discretion of the community member using the PPTP connection. 9. Clicking the Next > button brings up the Completing the New Connection Wizard. Optionally, we can add a shortcut to the desktop. 10. Clicking the Finish button brings up a PPTP authentication box, as seen in Figure 3.20. To test our settings, enter the username we specified in the previous m0n0wall configuration. 11. Clicking the Connect button brings up the Connecting dialog, as seen in Figure 3.21. 12. If we configured everything correctly, we will get a dialog box telling us we are registering on the network. Figure 3.22 shows this dialog box. Congratulations, our PPTP VPN is working! www.syngress.com Securing Our Wireless Community • Chapter 3 53 Figure 3.20 The PPTP Authentication Box Figure 3.21 The Connecting Dialog Box 308_Wifi_Hack_03.qxd 9/30/04 1:44 PM Page 53 Hacking the Mind of a Wireless User Good security starts with users.The community’s users must take extra steps, like using good pass- words, to make any of our optional security mechanisms work. All the mechanisms discussed up to this point focus on technology. In the world of computers, another skill known as social engineering comes into play. We define social engineering as the art of influencing people’s actions through uncon- ventional means. While social engineering is often associated with black hats or bad hackers, not all social engineering causes damage. Many of the same skills employed by black hats can be used to achieve positive results.The very concept of this book embodies this principle. Hacking has taken on a bad persona as the news media hypes up cases of bad acts performed by hackers.The term hacker originally meant someone doing unconventional things to innovate and create new solutions. (Hence, the title of our book, Wireless Hacking). We too seek to push the tech- nological “edge of the envelope” and help find new ways of creating a secure environment for our community network. The word community implies social contact.This contact forms one of the fundamental ways for us to enjoy the community and share ideas.This channel offers us another pathway to promote secu- rity and educate our users on how to stay safe while enjoying the wireless park we create. Preparing for the Hack Building good supporting documentation helps users quickly learn to configure and manage their devices. With a limited volunteer force, the community network relies on friendly members taking the time to help others. Much of this help comes in the written form. Much like this book, our sup- port documentation can help promote a strong community and good security. Performing the Hack: The Beginning and the End Strong security grows from a smart user base. Building this knowledge requires patience and a friendly demeanor. When a user approaches us with a question, we choose to think about the problem from their perspective and try to integrate their feedback into our network design. For example, we chose PPTP for the ease of implementation on the user’s part. As users start to understand wireless technology, and hear news about various wireless security components, they will grow curious. With well-developed help content, the user will have a place to www.syngress.com 54 Chapter 3 • Securing Our Wireless Community Figure 3.22 Registering on the Network 308_Wifi_Hack_03.qxd 9/30/04 1:44 PM Page 54 research and learn. SoCalFreeNet uses the captive portal pages as a jumping off point for users to learn more about security and their role. The user should take a few simple precautions when joining the community network: ■ Always use a personal firewall.These firewalls often sit on the user’s laptop or desktop. Windows XP comes with a newly enhanced firewall built-in. ■ Use strong passwords to make password attacks more difficult. ■ Even good passwords fall short sometimes. Many Web-based e-mail programs send the pass- word through the network in cleartext. In our wireless network, this means other users might see a user’s e-mail password. Users should make sure the little lock is sitting in the bottom-right corner of their browser when going to sensitive sites.This lock indicates the site uses SSL. ■ Believe it or not, even the little lock isn’t a full proof way to protect us. Some attacks use a man-in-the-middle device and can still see our encrypted traffic. For this reason, we encourage users to authenticate to the PPTP tunnel and make sure the lock appears as well. ■ For highly sensitive browsing, consider doing this through more conventional means. ■ Patch your systems on a regular basis. Users may want help understanding how to evaluate and implement patches. ■ Teach your kids about the Internet and how to stay safe in the cyber world. ■ If you get an uneasy feeling when browsing a Web site, stop and think about the security. Follow your instincts.The Internet mirrors life in many ways, and the cyber world has its own ghettos and undesirable areas.Avoid online merchants with poor reputations or poor- quality sites.They often treat security as non-essential. While the SoCalFreeNet architects continue to seek and offer secure alternatives, the real security lies in the hands of the users. If users choose to ignore the security options we offer, our effort has gone to waste. Our socialization of security into the community serves as the most fundamental element of good security. Making security important and easy for users yields the best results. If we use hacking to help our users learn security, we stand a better chance of securing our community network. NEED TO KNOW…SECURITY AWARENESS The list provided only covers the highlights of SoCalFreeNet’s security awareness communica- tion. We realize a great deal of material exists for helping users, and this list could grow many fold. The list provided serves as a sample. www.syngress.com Securing Our Wireless Community • Chapter 3 55 308_Wifi_Hack_03.qxd 9/30/04 1:44 PM Page 55 Other Hacks Your community network may come with other interesting challenges. Here are a few other ideas to consider when building a safe environment for your network: ■ Squid Proxy An opensource tool called Squid Proxy can be employed to prevent users from getting to inappropriate sites.These sites might include pornography or hate sites.This tool is highly rated, and in addition it can help reduce the amount of traffic consumed on our broadband link through Website caching. www.squid-cache.org ■ Snort Another opensource tool called Snort conducts intrusion detection. By scanning the traffic passing over the network, Snort can alert us to attacks coming from the wireless net- work. Recently, the Snort team added specialized functionality to help detect wireless attacks. www.snort.org ■ OpenSSH Setting up an OpenSSH VPN. OpenSSH offers a feature called port for- warding. By using a non-interactive login with port forwarding, we can create a very nice VPN with security beyond our PPTP solution. If we have the infrastructure, a hierarchical mutually authenticated solution like EAP-PEAP offers maximum protection. www.syngress.com 56 Chapter 3 • Securing Our Wireless Community 308_Wifi_Hack_03.qxd 9/30/04 1:44 PM Page 56 Hacking Projects Part II 57 308_WiFi_Hack_04.qxd 9/30/04 1:46 PM Page 57 308_WiFi_Hack_04.qxd 9/30/04 1:46 PM Page 58 Wireless Access Points Topics in this Chapter: ■ Wi-Fi Meets Linux: Linksys WRT54g ■ Soekris Single-Board Computers ■ Hacking a Proxim 8571 Chapter 4 59 308_WiFi_Hack_04.qxd 9/30/04 1:47 PM Page 59 [...]... now SSH’d into your Linksys device! Just for fun, try typing cat /proc/cpuinfo and you should see the following output: BusyBox v1.00-pre9 (1975.08 .30 - 23: 34+0000) Built-in shell (ash) Enter 'help' for a list of built-in commands (none):[~]# cat /proc/cpuinfo system type : Broadcom BCM947XX processor : 0 cpu model : BCM 330 2 V0.7 www.syngress.com 65 66 Chapter 4 • Wireless Access Points BogoMIPS : 199.47... http://sourceforge.net /projects/ newbroadcom For more information about Sveasoft licensing issues, visit www.sveasoft.com/modules/phpBB2/viewtopic.php?t =30 33 Again, upgrading to NewBroadcom is done via the Web browser management interface.You can download the binary firmware file here: http://sourceforge.net/project/showfiles.php?group_id=1150 03, and follow the same instructions for upgrading firmware as found in... sweet spot for wireless applications.Two models are available: the net4526-20 and the net4526 -30 .The net4526-20 has a 100 MHz CPU (AMD ElanSC520), 32 MB of RAM, and 16 MB of on-board Compact Flash.The net4526 -30 has a 133 MHz CPU (AMD ElanSC520), 64 MB of RAM, and 64 MB of on-board Compact Flash Both models feature one Ethernet port, one serial (console) port, two Mini-PCI slots, and 802.3af PoE support... to be inserted for the reflashing Static RAM cards were often expensive and difficult to obtain (this project was covered in detail in Chapter 14 of Hardware Hacking: Have Fun While Voiding Your Warranty, ISBN 1 932 266 836 , published by Syngress) For more information about the OpenAP project, please visit http://opensource.instant802.com/ Linksys WRT54g One of the most popular modern APs for Linux reflashing... 44-pin IDE www.syngress.com 79 80 Chapter 4 • Wireless Access Points connector (for adding a hard drive), a Mini-PCI slot, and a 3. 3V PCI slot.That is an amazing amount of power for a board measuring 5.2” x 5.7”, with an operating temperature range of 0–60˚C Although it is clearly overkill for making a simple AP, this device is ideal as a communications appliance for other needs, such as a faster firewall,... rc_startup and rc_shutdown settable from the web Status Wireless signal strengths for clients, AP’s, WDS links Internal Modifications BPAlogin fixes Static DHCP leases Added approximately 20 iptables filters - include P2P, connection tracking Added Quality of Service (for bandwidth mgmt) Rewrote networking code for better stability Added wireless connections daemon for client mode and WDS Upgraded PPPD to 2.4.2... interface grows in popularity for 802.11 cards, this device is ideal for use as a wireless router Keep in mind that the net4526 does not include a Compact Flash slot (the CF memory is built into the board) Therefore, be sure to select the model with enough CF memory for your application.The advantage of integrated CF memory is that you don’t need to spend extra money for a CF card, and it allows the... 133 MHz It includes 64 MB RAM, three Ethernet ports, two serial (console) ports, a Compact Flash slot, one Mini-PCI slot, and a 3. 3V Figure 4.12 net4501 without a Case www.syngress.com Wireless Access Points • Chapter 4 PCI slot.The size of the board (without case) is a mere 4.85” x 5.7” and supports an operating temperature of 0–60˚C Figure 4.12 shows a photo of a net4501 without a case Figure 4. 13. .. out a large lot.You can find the 8571 as low as $20 or $30 by using price search engines such as www.pricegrabber.com or auction sites such as eBay The 8571’s features include: I Detachable antenna connectors (SMA-female) I Support for three channels in U-NII 2: 56 (5.280 GHz), 60 (5 .30 0 GHz) and 64 (5 .32 0 GHz) www.syngress.com 83 84 Chapter 4 • Wireless Access Points I SNMP support (disabled by default;... will be the AP.The second (and beyond) will be the client For the AP, you can mount the 8571 in a Tupperware container (for short-term testing purposes), as shown with the lid removed in Figure 4.22 and in close-up in Figure 4. 23 Figure 4.22 8571 with the Lid Removed www.syngress.com Wireless Access Points • Chapter 4 Figure 4. 23 8571 Close-up View For longer-term deployments, the device should be mounted . Chapter 3 • Securing Our Wireless Community 30 8 _Wifi_ Hack_ 03. qxd 9 /30 /04 1:44 PM Page 56 Hacking Projects Part II 57 30 8 _WiFi_ Hack_04.qxd 9 /30 /04 1:46 PM Page 57 30 8 _WiFi_ Hack_04.qxd 9 /30 /04 1:46. Web configuration.) www.syngress.com 52 Chapter 3 • Securing Our Wireless Community Figure 3. 18 Description Entered for PPTP Connection Figure 3. 19 Entering the IP Address of Our m0n0wall 30 8 _Wifi_ Hack_ 03. qxd 9 /30 /04 1:44 PM. will have a place to www.syngress.com 54 Chapter 3 • Securing Our Wireless Community Figure 3. 22 Registering on the Network 30 8 _Wifi_ Hack_ 03. qxd 9 /30 /04 1:44 PM Page 54 research and learn. SoCalFreeNet