| War drivers are in the business of finding | | | | will keep them occupied until you can track |
| wireless access points, documenting them and | | | | them down. There are many honeypot programs |
| uploading their locations to the web. Why | | | | free and commercial that will simulate |
| would someone do this, well for several | | | | networks or servers but are really just |
| reasons:First they want free internet access. | | | | recording all the hackers' information and |
| Next they could just be war driving as a | | | | types of attacks.6. Use a RADIUS Server - |
| hobby; finally they could be targeting your | | | | RADIUS servers require Wireless clients to |
| network for financial gain. | | | | authenticate with a username and password not |
| | | | just with a PSK (Pre- Shared Key). With out a |
| One of the most asked questions is how do | | | | RADIUS server you really don't know who is on |
| you stop hackers from trying to hack your | | | | your WLAN. With a RADIUS server you know who |
| wireless lan and how to catch them in the | | | | is accessing your WLAN and when they accessed |
| act.Stopping Wardrivers:1. Use directional | | | | it. Also a RADIUS server gives you the |
| antennas: One of the most under stated uses | | | | ability of creating policies for times your |
| of directional antennas are how they keep | | | | WLAN can be accessed and other required |
| your wireless signal within your area of | | | | security features the wireless clients must |
| operation. If you are using a Omni | | | | have enabled their computers.Now let's put |
| directional antenna that is causing half the | | | | this all together to catch our hacker. First |
| signal to travel outside your building, you | | | | you are going through your daily routine of |
| have a major security problem. Also while | | | | checking logs on your Kismet IDS server and |
| using your wireless directional antenna | | | | you notice the same MAC address probing |
| turndown transmit power to reduce your signal | | | | networks but not joining. Next you check your |
| strength if you can.2. Blend your wireless | | | | help tickets and notice that in one area of |
| antennas into your buildings architecture or | | | | the building clients were having trouble |
| keep them low profile. This is not expensive, | | | | connecting to the wireless network or they |
| the whole point is not letting your antennas | | | | had trouble staying connected. |
| stick out like a sore thumb so anyone driving | | | | |
| by doesn't say, wow they have a wireless | | | | Flags go up in your head, so you go over to |
| network. Once again the best way to stop | | | | your honeypot server and check that . You |
| people from trying to hack your wireless | | | | notice it was accessed around the same time |
| network is to keep it hidden.3. Use Kismet | | | | of the Kismet logs showed a client probing |
| or Airsnort - Make a cheap wireless Intrusion | | | | the network. The honey pot recorded the MAC |
| detection system. Use an older desktop | | | | address of the WAR driver and the operating |
| computer install Linux, install a USB | | | | system and the computer name.Next you check |
| wireless adapter or PCI wireless adapter and | | | | your security cameras for that time but don't |
| boom you have your wireless war driver | | | | really notice anything. So for the next |
| stopper. Both Kismet and airsnort will alert | | | | couple days you keep monitoring your honey |
| you when wireless clients are probing your | | | | pot server and watch the hacker try and crack |
| network. If a wireless client is using | | | | the WLAN and the database server. The whole |
| netstumber and not joining networks they will | | | | process of cracking wireless encryption is |
| be found by Kismet. Their wireless adapters | | | | actually two steps. The first step is |
| MAC address will be logged and other details | | | | gathering enough packets for your cracking |
| of the operating system. Most of the time | | | | program to crack. This whole process of |
| these could be false hits but if you notice a | | | | gathering enough packets can takes days or |
| pattern of the same MAC address probing | | | | weeks not five minutes. Now once you do have |
| networks you could have hacker issues.4. | | | | enough packets 64 bit WEP encryption can be |
| Security Cameras - No matter how hard you try | | | | cracked in less that five minutes. 128 bit |
| not to have your signal bleed outside your | | | | encryption can take many times longer, WPA |
| operations area it will...to a point. Probe | | | | with TKIP and AES encryption can takes months |
| your own network as if you were a wardriver. | | | | to crack.My whole point is that you have some |
| Don't just use a standard wireless adapter to | | | | time to catch your hacker because he will be |
| find out where you still can detect your | | | | back many times, assuming that you already |
| network. You will want to use a highly | | | | have at least the basic security features in |
| directional antenna to see how far away you | | | | place. |
| can detect your own network. Once you know | | | | |
| your weak points setup some cheap security | | | | Now once you have all your logs compiled and |
| cameras to monitor those areas.5. Setup a | | | | your honey pot data you should have a good |
| Honey Pot - Give the Wardriver what they | | | | idea how the hacker behaves. Check your |
| want, a network to hack. Take an access point | | | | security cameras and you probably notice the |
| connect it to a standalone switch with | | | | same car or person in the area around that |
| another junk computer connected to that | | | | time. Take that information to your in house |
| switch. Name the SSID something sounding | | | | security and tell them to watch for that |
| important like server WLAN and name the | | | | vehicle or person and call the police.If you |
| computer Database. Finally use a weak | | | | are lucky security or police will spot him |
| password or just leave the access point | | | | and apprehend him. Convicting him or her will |
| without any security. Script kiddies who say | | | | be tough but with your compiled logs and |
| they "hack networks" really are only | | | | video you should have a lot of evidence to |
| connecting to open wireless lans with no | | | | help your case.Simple and secure wireless |
| security. If you give them a "Important | | | | solutions. |
| sounding SSID with a "database to hack" this | | | | |