War Driving and Accessing data on a corporate LAN reviewed

A dear friend of mine sent me the following article which outlined their findings with regards to how easy it is to hack your way into a corporate network to steal data via their unsecured Wireless Access Point. Here is the article. from Red-M which is a Wireless Security Company.


According to a report from global wireless security company Red-M, most global businesses are at risk because they have not secured their wireless infrastructures.

The six-month study of 100 companies across the globe, including large multinational corporations covering a range of industry sectors, found that 80 per cent of corporate networks are accessible from outside their buildings.

Two thirds of banks, 60 per cent of financial services institutions and all education institutions leaked data, the study claimed.

Karl W Feilder, chief executive at Red-M, said in a statement: "Most businesses have not yet grasped the fact that once there is any sort of wireless device on their premises - and today you have to presume there is at least one device in your company - it acts as a point of insecurity by broadcasting company information over the airwaves.

"Sitting in your parking lot up to 300ft away from your building with a laptop and an inexpensive piece of software, an outsider could easily see the information being freely broadcast.

"They could receive network traffic, and could wreak havoc by exposing confidential and sensitive company information and manipulating data."


This is my response to that report...

I will certainly concur that a LOT of businesses and home users have not grasped the concept Network security and data integrity. The sad thing is that all they have to do is enable WEP and change the default admin ID and password on the Wireless Access Point (WAP).

From a technical point of view here are a couple of observations about the comments from the article you just sent me that was put together by Red-M. There is a difference between individuals that represent a company that deals with Network Security Threats vs some Tom Dick or Harry user who is just out war driving. People from Red-M are going to be security experts who understand how a computer network works and how to hack their way into company data. In other words they know how to try and compromise Firewalls, Switches, Routers and then the company file servers to access data. If they get through the first three devices listed above then perhaps they will be able to access the data on the file server. This is assuming that the company in question has NO security enabled whatsoever on the file server or the internal routing devices listed above. That would mean that they just plugged in these devices and left the default administrative passwords in place. I realize that Network Administrators are over worked and under paid. However, I can almost garuntee you that these same Network Administrators are painfully aware of the importance of data integrity and security and they are NOT going to put Firewalls, Routers and Switches in place without setting up security. It is just not going to happen. When it comes to their data depending on the type of network , peer to peer or client server, there is going to be authentication happening either at the SHARE level or DOMAIN level which means you will have to have a user name and password to gain access to the data. That means that if the administrator id and password are difficult enough they will have to know a valid user id on the network and the password to get access to the data. The chances of that happening from anyone just sitting out in the parking lot is going to be slim to none.

A wireless access point (WAP) acts just like a gateway to your internal network. Before wireless came along employees of companies if they wanted access to a corporate network would either have to dial in to a corporate gateway (DUN Account) or tunnel in via pptp (point to point tunneling protocol) utilizing a user name and password to get on the network. Once the user is logged onto the network you can still limit what resources they have access to on the LAN by limiting what they have access to via Share level access or Group level access on the domain. So, just because a person can actually hack their way into a network does not mean that they have full access to everything on the file server. They are still limited by the internal network security that is in place.

So, with all of that in mind I do not think that the security threat is as bad as the security industry would want us to imagine. One reason they are yelling foul so loudly is because they want the companies in question to be aware of their need to lock down their networks AND they want these same companies to use their exertise (for a cost of course) to implement these measures. Just changing the default user id and password on the WAP will make it exponentially difficult for someone to hack into the network. If you do not have the user id and password you just simply will not gain access.

I also believe that their claims that you can sit in your car within 300 feet of the establishment and gain access to a corporate LAN and compromise their data security is a bit far fetched. Just in my short experience with war driving I have found it difficult at best to even acquire and KEEP a wireless signal long enough to TRY to log on. I was standing at the front door at the Mills House the other night and I was getting a signal strength of about 20% at the very best and that was not enough for me to get an IP address from their DHCP server much less try to logon to Thinkspots network.

There is a huge difference in being able to sniff out a wireless signal via war driving vs being able to authenticate to the data source and steal information as readily as they are saying you can. In other words there is no mechanism in place where the file server is connecting to the WAP and transmitting corporate data out into the parking lot. LOL.... You have to gain access through the front door (WAP), authenticate to the file server (network security) and then grab ahold of the data and tell it to be copied back out across the LAN to the WAP over the wireless signal to your laptop.