I’ve been wrestling with Father Time of late in getting a chance to get some more blog posts rolling out. As you may have noticed, the old man has been seriously overpowering me. But, then I got to thinking, I already generated a bit of content that could be re-purposed and posted here. This amazing thought came about as I was working on my most recent homework assignment for the Business Data Networks and Telecommunications (aka, INFS-750) class I’m taking this summer. It’s one of the core courses for the MSIS program at Dakota State University.
This really was one of the cooler assignments I’ve had to do so far for my Master’s program. I was required to go wardriving in my neighborhood and write-up my findings on “conducting the wireless survey,” which is just PC-speak for wardriving. So without further adieu, here is what I submitted for the assignment, with some minor edits, plus a bonus mention of a possible business venture/idea.
A couple other things to mention before starting in on the meat of things…
- This certainly isn’t ground-breaking research into the world of wireless network security. Other than the statistics from my survey, all of the information here has been widely known for some time. In fact, I could very well even have made some errors in my statements. Please let me know if I did by leaving a comment.
- I’ve added some more info via links at the bottom of the article. Feel free to check those out if you want to know learn more about wireless networks and/or wardriving.
- Until the end of post, the headings below are just the questions that needed to be addressed as part of my assignment. I could probably make them sound better for a blog post, SEO, etc., but I didn’t. Deal with it.
- In case you happen to be interested in copying my content for your own use, please don’t. I’m posting this here after the assignment deadline so at least no one from my class can plagiarize, but I really hope that won’t happen for any subsequent sections of the class or any other reason. Feel free to use it as information, but don’t do a copy+paste on it for your own purposes.
Describe your survey area in a short paragraph.
The area survey covered an approximately 2.7 mile stretch of the northern portion of the Groesbeck Neighborhood of Lansing, MI. The survey was conducted by driving the route shown below.
The path can be followed by a combination of the arrows and letter-based “destinations.” (The starting ‘A’ is behind the ‘G’ towards the lower right.) The survey included driving through the two noted apartment complexes indicated on the map, as well as on Lake Lansing Road, which has several businesses along either side.
Open VIStumbler on your mobile computer and determine how many wireless access points are found in your survey area and how many are active. Include a screen shot of the VIstumbler screen showing most of the found access points.
The screenshot does not indicate any of the active access points from the survey due to safety concerns of creating a screenshot while driving. However, several of the APs were noted as active while conducting the survey. A full screenshot of all the APs detected during the survey can be viewed at:
http://www.screencast.com/t/YTA1YWMx
How many access points did you find?
A total of 156 access points were detected while conducting the survey.
What percentage, or number, of the wireless access points was unsecured?
Of the access points surveyed, 39 (25%) had no security setup at all.
What percentage, or number, of the wireless access points was secured by encryption? (WEP is displayed even if it is secured by another method.)
The remaining 117 (75%) of detected access points had at least some form of encryption. The breakdown of encryption types is as follows:
| Encryption | Count |
| WEP | 51 |
| CCMP (WPA2) | 41 |
| TKIP (WPA) | 25 |
Please recommend what the users should do to their wireless access points. Include recommendations for securing the access.
In order to ensure proper security for a wireless access point, some form of adequate encryption should be turned on in order to gain access to the network. Adequate encryption no longer includes using wired equivalent privacy (WEP). Using WEP for wireless security can be cracked in minutes, allowing malicious attackers to easily gain access to the network. At a minimum, WPA encryption should be used, with WPA2 providing the highest grade of wireless encryption for general residential use. In either case, Personal WPA/WPA2 encryption using a pre-shared key (PSK)/personal mode requires a pass phrase of at least 20 characters to ensure adequate protection from cracking.
A final note is that if the user is not making use of wireless connectivity for their home network, either the wireless transmission from the router should be turned off or the AP should be entirely shutdown. This can be done either on a temporary or permanent basis.
What can the owner do to maintain open access and protect their home networks from this open access?
There are some methods of obfuscation that can be put to use on home networks in order to prevent light attempts to gain network access while maintaining an open access point. The first is to hide or not broadcast the service set identifier (SSID) for the AP. Any client trying to gain access to a wireless network needs to know the SSID in order to connect. However, the SSID, even if it is not broadcast, can still easily be discovered. Secondly, wireless APs can often restrict access to devices with approved/known MAC addresses. Any device without an approved MAC address will be rejected from authenticating on to the network. Again, any sophisticated attacker would be able to readily discover an approved MAC address and spoof it in order to penetrate the network. Just about any contemporary access point should have software that allows both of these features.
There are slightly more rigorous methods of protecting the network with an open access point. Using a virtual private network (VPN) is one of those methods. With a VPN connection, security is independent of the transmission path. Even if an attacker has gained access to the network, it would not be able to decrypt any of the traffic across the network. Another method would be to use a separate virtual LAN (VLAN) for the wireless devices. This would prevent any wireless connections from being able to communicate with any other devices outside the VLAN. This would allow any switched/hardwired connected devices to remain free of traffic interception from the open wireless network. Both of these methods usually require more sophisticated AP management software than what is typically provided by home use AP manufacturers. One recommendation would be to replace the AP’s firmware with DD-WRT software to enable this functionality. See http://dd-wrt.com for more information.
Amazing Business Idea!!!11oneone111
After seeing so many open/unprotected wireless networks lying around my ‘hood, I think there is a business opportunity for someone to improve the security situation. Chances are there would be a bit of education involved in getting people to understand the importance of proper security on their network and the risks of not using decent encryption. However, in the interest in making sure my neighbors are adequately protected from anyone wishing to get access to their networks, I think it would be worth the effort… for a small fee, of course. 
Additional Information
As mentioned above, I used VIStumbler as the software tool of choice for conducting the survey. It works on Vista and Windows 7. It’s older cousin, NetStumbler is what I used a while back on Windows XP. If you need something for Mac or Linux, try KisMAC or Kismet respectively. There also plenty of other free wireless survey tools.
There are certainly ethical implications of wardriving that you should be aware of before attempting to detect wireless networks. If you really get into it, you should learn warchalking to share your findings with others.
As noted above, hiding the SSID for your wireless access point is NOT an adequate form of protection from attackers. Be careful and make sure to protect your data, privacy and sanity.
Has anyone else gone wardriving recently? Share what you found in your neighborhood by making a comment below. Thanks for reading!
