|
What Wi-Fi Eavesdroppers See on Unsecured Networks
By Eric Geier (NoWiresSecurity Founder
& CEO) - originally published on
Datamation.com
When I discuss Wi-Fi security, I try
to show an example of what a Wi-Fi eavesdropper or hacker could see
from an unencrypted wireless network. This way you can imagine what
someone from the parking lot or nearby can see of the data traveling
between you and the access point (AP). The underlying reason is to
help you understand why you need to encrypt your wireless
connections. I usually stick with examples on how email messages and
login details can be sniffed. But I thought I'd show you more.
In this article, we'll look at several different online and network
services or communication types that are vulnerable to sniffing or
capturing by eavesdroppers. Plus along the way, I'll give tips on
how you could secure them, over and above encrypting the entire
link.
What we'll discuss mainly applies when you are using public Wi-Fi
hotspots or wired Internet ports you plug into. Though you can have
the same types of vulnerabilities when using private networks,
enabling WPA or WPA2 encryption scrambles all the communication from
Wi-Fi eavesdroppers. So make sure your Wi-Fi network is using this
encryption!
Websites you are visiting
First we'll look at the simplest service, http connections. In other
words, the communication between a web browser and web servers on
the Internet when you're browsing the web. Eavesdroppers can see
what websites you are visiting. The addresses are always mentioned
in the network packets. However, this is a crude method to snoop.
They just see the URLs along with the raw html, php, or other web
code. Figure 1 shows what the web page (of my site) pictured in
Figure 2 might look like in a network analyzer.
Figure 1:
Figure 2:
However, if an eavesdropper wanted to go a step further, they could
use a sniffer that captures the network packets and resembles the
files or code. This way they could actually see the web pages you're
visiting. Figure 3 shows an example, based off the page previously
shown in Figure 2. Remember, they have the same data you've accessed
store on their computer. They can export or save individual files
(images, pages, documents) to their computer.
Figure 3:
Remember, data from any secured web connection is scrambled and they
can't see it. For example, when you access your banking, PayPal, and
most other important accounts online, the connection between your
computer and their server is usually totally secure. This is the
case when the site uses SSL encryption, indicated by a https address
rather than the usual http. Plus web browsers display a yellow pad
lock in the lower right corner or around the address bar on top,
when the connection is secure.
You shouldn't have to worry about non-secured sites when on your
private network, since you should be using WPA or WPA2 encryption.
However, when on public networks, if you want connections to
non-secured sites protected, you can use a VPN. I'll list some VPN
providers later.
Files being transferred over the network
Any files you transfer between computers on an unsecured network, or
files you open from network locations, can be captured by
eavesdroppers. They could review the raw packets to see the contents
of clear-text files. Again, they could also use a special sniffer to
export and save the file(s). This includes database files,
documents, zip files, images, audio files, everything.
Figure 4 shows an example of what the plain text file pictured in
Figure 5 would look like in an analyzer.
Figure 4:
Using WPA/WPA2 encryption on your private Wi-Fi network solves this
problem. For public or unsecured networks, you shouldn't be sharing
files. You should actually disable file and printer sharing in the
network connection properties in Windows XP or select the public
network type in Vista.
Figure 5:
Email login credentials and messages
In previous articles of mine, such as How To Secure Your E-mail,
I've used the email example with Outlook. Check it out if you
haven't yet.
Don't forget about web-based email. Like described earlier about
non-secured sites, accessing web-based email without SSL encryption
means your messages can be captured. Some email sites always offer
secured access, while others can be optional or non-existent.
Currently, the default for Gmail is no encryption. Figure 6 shows an
example of what an eavesdropper can sniff when you send an email
from your Gmail account, using an unsecured connection.
Figure 6:
To find out if your web-based email provider offers encrypted
access, throw a S after the HTTP. For example, instead of http://mail.google.com,
it would be https://mail.google.com/. Securing POP3 accounts that
use a client, such as Outlook, is a bit more involved. Refer to my
article on securing email for more information.
Using WPA/WPA2 encryption on your private Wi-Fi network protects
unsecured email from eavesdroppers. If you can't or don't want to
secure your email when using public networks, you could use a VPN to
encrypt your communications.
FTP login credentials and transferred files
If you upload or download files to or from a FTP server, on a
unprotected network, sniffers can capture the file(s). Plus just
like with the email server, the login credentials are also sent in
clear-text (see Figure 7) for the eavesdropper to see.
Figure 7:
Unfortunately, it is not possible to secure or encrypt FTP
connections. However, using FTP on your private network is fine when
using Wi-Fi encryption. Unless you use a VPN, you should not use FTP
connections while on public networks. If you are the server
administrator, you might look into other secure methods, such as
SFTP.
Instant messaging conversations
Most instant messaging and chat programs, including ICQ and IRC,
send and receive in clear-text. So if you are on a public network,
eavesdroppers can see the conversations with your loved-ones,
friends, or business associates. Figure 8 shows an example of an
Yahoo Messenger IM and Figure 9 shows what it looks like in a
sniffer. Again, to prevent this on unsecured networks, you can use a
VPN.
Figure 8:
Figure 9:
Telnet login credentials
Don't forget about Telnet; it also sends and receives in clear-text.
Again, don't connect to servers or computers via Telnet on
unencrypted networks, unless using a VPN. You should really look
into using SSH instead, which is secure.
Keeping it secure
We've discovered several Internet and network services that are
vulnerable to sniffing on unprotected and public networks. Anyone
within range could possibly see websites you are visiting and the
files you are downloading or transferring. Email messages, files
transferred using FTP, and Telnet sessions are also vulnerable,
along with their login credentials. Finally, we saw that instant
messaging conversations can also be captured.
I'll leave you with some tips on how to keep these types of services
secure:
-
Enable WPA or WPA2 encryption
on your network: Then you won't have to worry about the
issues we've discussed, when on your own network.
-
Independently secure services:
Try to use encryption for the services that can be optionally
secured, such as your email. Use alternatives when possible,
such as SSH instead of Telnet and send files via secured email
instead of FTP. Plus make sure access to sensitive online
accounts is via HTTPS/SSL.
-
Use a VPN when on a public
network: This encrypts all your Internet communications from
local Wi-Fi eavesdroppers on public and unsecured networks.
AnchorFree offers free web-based SSL VPN service. Paid service
is available from WiTopia and HotSpotVPN.
-
Don't use same password for
everything: If your credentials for a particular service are
comprised, you want to make sure the hacker can't get into your
other services or accounts. There are password management
utilities out there that can help you securely manage all your
passwords.
|
