Increasing security awareness: visualizing WEP insecurity

    Date24 Feb 2004
    3938
    Posted ByAnthony Pell
    This article describes how one can setup and perform a small wireless demonstration that is quick and easy to perform with a good visual result to trigger the attention of your co-workers. The goal of the setup is to demonstrate a well-known WEP vulnerability. Note: in order to demonstrate the WEP vulnerability, we will use the OpenBSD operating system. You don t need any prior OpenBSD knowledge, all the information you need is in here. Note: this article will not describe the WEP vulnerabilities (again), if you want more information regarding this topic, see some added references at the end of the article. Note: for this demonstration, you do not need hours of traffic capturing. It can all be done within 30 minutes (maximum). . . .

    Introduction

    It is a simple fact; security awareness is a very important aspect of your security solution. It is confirmed every single day just take a look at the latest MyDoom infection rate.

    Failure to give attention to the area of security (awareness) training puts an enterprise at risk because the security of the enterprise resources is as much a human issue as it is a technological issue.

    Goal

    This article describes how one can setup and perform a small wireless demonstration that is quick and easy to perform with a good visual result to trigger the attention of your co-workers. The goal of the setup is to demonstrate a well-known WEP vulnerability.

    Note: in order to demonstrate the WEP vulnerability, we will use the OpenBSD operating system. You don t need any prior OpenBSD knowledge, all the information you need is in here.

    Note: this article will not describe the WEP vulnerabilities (again), if you want more information regarding this topic, see some added references at the end of the article.

    Note: for this demonstration, you do not need hours of traffic capturing. It can all be done within 30 minutes (maximum).

    Equipment

    Material used during our example test:

    - One 802.11b access point: ELSA ViaNect WLAN access point.
    - One OpenBSD 3.4 host ( attacker ):
    - - Compaq Armada 7790DMT (120Mhz CPU, 150 MB RAM).
    - - Linksys WPC11 PCMCIA wireless network adaptor (PRISM3, firmware 1.1.0).
    - One Compaq E500 with an ELSA WiFi wireless network adaptor, used to generate traffic on the wireless network. You can choose the operating system of this host, as long as it is able to join your WEP encrypted wireless network.

    Note: for the demonstration it is advised to use equipment that sticks to the WiFi standard as some vendors have added (or are offering on their devices) some additional enhancements to increase the security of the 802.11b communication.

    Note: this setup requires a PRISM based WiFi card in order to work with the bsd-airtools that we are going to use.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Has your email account ever been pwned in a data breach?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    12
    radio
    [{"id":"53","title":"Yes","votes":"7","type":"x","order":"1","pct":87.5,"resources":[]},{"id":"54","title":"No","votes":"1","type":"x","order":"2","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.