Wireless Networking Security

A few pointers to get started in UK it is illegal to connect to someones network without there permission however. Do you really need to connect to someones network to pickup the wireless traffic?

Now I've been unemployed for 12months I have a laptop and a wireless PCMCIA card. I would not consider myselft to be a security expert but feel most people don't even know what having a secure network means.

Points here....

Wardriving

This is a term used for people who like me drive around with the laptop running wireless scanning software. There is a misconception of wardriving due to media hype(as always). That wardriving means that someone who drives around wanting to hack your network... This is not true.
Most wardrivers run software like netstubler which allows you to scan for wireless access points and also log GPS coordinates so that you get cataloged into a database.

I normally rune windows 2000 when wardriving with a Netgear 511T card it is based on an Athenos chipset which works well in windows and is well supported in linux.
On the linux side I use Opensuse10.3 but mostly use Backtrack2. This is a bootable CD distro that will run directly from a CD.

Now when using Backtrack I use Kismet or airodump-ng to scan for networks. Interestingly when scanning for networks up at the local supermarket I was able to also detect people who drive around using other peoples networks.

So what can you do to protect your network?

1. Always use some form of encryption even if your router or access point only allows WEP.
2. Change the default settings on the router eg the login password. Never leave your AP or router showing the default details because if someone does gain access they can upload bad firmware to your router.(making it unusable)
3. Setup Mac addressing access now for someone who wants to access your network this wont really do much but for the script kiddy should keep them away a bit longer.
4. If your network is quite small then why use DHCP this will give automatically assign an IP address to whoever is connecting. So assign your machines IP Addresses.
5. Now as most people are aware the "WEP" encryption has been cracked and with the correct software you can crack a wep access point in around 4minutes. However WPA is stronger but has its own vulnerabilities. someone cracking WEP has to collect so many ARP packets now because of the WPA encrytion it is possible to send a disconnect request to a wireless user thus they then send a request to rejoin. This then allows a cracker to capture those packets and run a wordcracker like john the ripper to guess the password.

Now remember that if you have a obscure name for your access point it will make things harder. Always use strong passwords
Now these tips wont stop someone who is determined to access your network but it will make it more difficult.
If anyone has anything they would like to add please feel free...