« Google Reader Shares Stuff Its Users Shared, Outrage Ensues | Main | Google Retooling How Sharing Works »

December 27, 2007

Flush Out Rogue WAPs and Weak Passwords with Aircrack-ng and Linux

Paul Rubens is plowing ahead with his series on building a portable network security tool with the eeePC and Ubuntu Linux. This week he hits Aircrack-ng and shows how to use it to ferret out rogue APs, weak WAP passwords and more:

"Rogue access points and weak passwords are the bane of any network administrator's life: all it takes is one user setting up a consumer-grade wireless router somewhere in the cubefarm so he or she can use a PDA or whatever, and you've got yourself a potentially serious security risk. It’s quite possible that the wireless signal is leaking out into the street, and anyone passing by could get access to your network – even if they are using WEP, WPA or WPA2 encryption.

"But it’s not just rogue APs that are a worry. If you're not using WPA-Enterprise or WPA-Enterprise (both of which use a RADIUS server) in your organization, then any wireless networks you are running using WEP, WPA or WPA2 are also at risk.

"That's where Aircrack-ng can be useful. This open source suite of applications can help you locate all the access points in your offices, check that the networks are protected by encryption, and test the strength of the keys or passphrases that are in use. If any networks uses WEP encryption, it will usually find the relevant WEP key in under a couple of minutes, demonstrating that WEP is totally ineffective."

E-mail   0 Comments    Digg This    add to del.icio.us

Posted by mhall at 5:10 PM | Add Comment

Leave a comment

Name

Email Address

URL

Remember personal info?

Comments (You may use HTML tags for style)

Captcha:

Type the characters you see in the picture above.