Breaches can still be caused by a poorly written policy, improper configurations, coding mistakes, unauthorized access points (APs) and other WLAN vulnerabilities. To catch them, administration policies on continuous surveillance and periodic assessments should be in place.
It’s not possible to conduct a more thorough assessment with just one tool, no matter how great an administrator thinks the tool is. Each tool has its own inherent pluses and minuses. The administrator needs to build a defense-in-depth kit of many tools: some simple, some sophisticated; some free, some not. What’s in the toolkit depends on the tool pluses, network size, risk tolerance, budget and personal preference.
Here is our suggested list of free or highly affordable wireless security test tools for your mobile devices.
Aircrack-ng: Common WiFi client exposures include weak configurations (e.g., accepting ad hoc requests or probing for free public WiFi hotspots) and authentication mistakes. Many free tools, including Aircrack-ng, are readily available to “crack” WEP keys or WPA/WPA2-PSKs. Aircrack-ng is an open source suite of tools that comes in handy for many tasks, including discovery, packet capture and WEP/PSK analysis.
CommView for WiFi: Sometimes WiFi exposures can go undetected. Many utilities are available to help administrators capture packets from the rogue APs. CommView for WiFi (free evaluation) provides a list of WiFi stations, per-node and per-channel statistics, ports, sessions and protocol distribution charts. It lets the administrator specify WEP or WPA keys to decrypt the encrypted packets. He can configure the alarms on suspicious packets, unknown addresses and rogue APs.
RF Explorer: Figuring out what causes WiFi to go wrong can be tedious. To make the diagnostic tasks easier, many lightweight tools are available for troubleshooting WiFi networks. RF Explorer’s WiFi Combo Model is a simple RF spectrum analyzer that allows administrators to detect sources of RF interference and pick up rogue transmitters. The analyzer runs from an affordable hand-held device. It can be hooked up to a PC running sophisticated data acquisition and analysis software.
Vistumbler: Sometimes the administrator may suspect the location of a rogue AP is from a distant place. To find the location, the administrator should consider a stumbler/sniffer tool that supports GPS. One such tool is Vistumbler, an open source Windows application that displays the basic AP details and graphs of signal levels. In addition, the administrator can export access point GPS locations to a Google Earth kml file or GPX (GPS eXchange format). Live Google Earth will show the source of APs.
Homedale: It’s not an easy task to figure out where WiFi APs are located so you can determine their signal strength. Homedale is a convenient way of searching for APs and monitoring their signal strength. This free tool shows the administrator a summary of all available APs with their signal strength, encryption (WEP/WPA/WP2), speed and channel. She can switch to a graph that dynamically shows the signal strength of detected APs. Right-clicking the mouse makes it possible to start logging and capture a screen shot.
Kismet: An assessment that shows the SSIDs makes it easier for the administrator to locate the networks. Kismet, an open source WiFi sniffing tool, finds “hidden” networks by listening to the transmissions from the APs. The discovered wireless packets can be imported into Wireshark, and TCPdump. Well suited for many wireless adapters for Mac OS X and Linux, Kismet only works with CACE AirPcap wireless adapters in Windows.
WiFi Survey: Sometimes administrators want to examine wireless network speeds and place speed test markers on a digital floor plan. This is possible with the free WiFi Survey that is designed for iPad and can support any iOS device. For a larger view of the floor plan, the administrator can use a projector connected to the device camera. To get WiFi signal information, the WiFi Survey Agent is run on Windows, Mac OS or on Android device. The information is sent to the WiFi Survey App via the wireless network.
Netspot: Dead zones without WiFi coverage can be difficult to uncover in an area of existing WiFi networks. Netspot, a free tool, uses a map on Mac OS to locate an empty channel with no wireless networks. It helps the administrators identify wireless interference and configuration issues and find sources of excessive noise in existing WiFi networks. After fixing the issues, the administrator can determine where the new WiFi hotspots should be optimally located.
WiFi Surveyor: Graphical charts on RF environment are better viewed on a laptop than on a handheld device. The affordable WiFi Surveyor creates these charts with data collected from a handheld RF Explorer spectrum analyzer. It helps the administrators detect sources of RF interferences. Included in this tool is Wi-Fi Scanner that lets the administrator see how far an AP’s signal strength is from the point of measurement he selects on the map. Comparing snapshots on existing AP’s details at different times makes it possible to properly locate new WiFi RF devices to avoid RF interferences.
WirelessNetView: In a multi-task environment, running WirelessNetView in the background helps to keep track of the changes in the activity of WiFi networks. When a new network is discovered, this freeware tool triggers a beep. For each detected network, it shows if security has been enabled and CCMP is supported by a WiFi network. The administrator can download an external file of company names associated with the MAC address for each WiFi device. The file must be in the same folder of the WirelessNetView application.
Wrapping up: Wireless Security
Building a defense of depth kit of tools helps the administrators to take advantage of each tool’s strengths. New tools can be added to the kit to strengthen the hardening of the wireless networks.
Judith M. Myerson is the editor of?Enterprise System Integration?(second edition). Having more than 15 years of experience covering enterprise technology, she has published articles on cloud, enterprise and mobile security issues, including data loss prevention, network management, and secure mobile application development. She is the former ADP security officer/manager at a now-closed naval facility.