Securing your network from attackers requires more than installing a firewall and putting an SSL Certificate on your e-commerce login page. Every part of your network needs to be hardened against attackers probing your defenses, and your wireless network is one of the most critical (and vulnerable) components to protect. By its very nature, your wireless network can be interacted with by devices or laptops that are not inside the physical protection of your hardwired defenses.
Types of Attacks
A “sniffer” is a device or program used to monitor the data passing through a computer network. The information is examined to determine the type of data, where it came from, and where it is going. Sniffers collect a large amount of information that can then be filtered to look for specific content, such as login credentials, email messages, and various types of documents.
Hackers generally use the collected information to first map out the network and understand the operating systems involved, installed programs, the IP addresses, and the network topology. This helps them formulate an attack, although it is not uncommon for credentials or other vital data to end up being sent unencrypted over the wireless network during this probing period, thereby providing the attacker direct access past the frontline defenses of the network.
The most common method of sniffing involves the use of a network card operating in “promiscuous mode,” which allows it to receive all data passing over a wireless network rather than only data sent to the specific MAC (Media Access Control) address assigned to the card. When functioning in this manner the card does not usually send out data, thus making it useful to troubleshooting connectivity problems, but also making it ideal for sniffing attacks.
The best way to protect your network against sniffing attacks is encryption. Encryption makes it so that even if a sniffer is able to collect information there is no way they could read it.
One of the easiest ways for a hacker to defeat security on a network, wireless or otherwise, is by simply asking for access. By impersonating an existing user, or a third party who might require legitimate access to a system, login credentials can be stolen, providing access past the normal defenses. In the case of wireless networks an attacker could ask another user to borrow the generic login credentials.
Proper employee training is necessary to prevent these and other common social engineering exploits.
Mobile websites, and regular websites being accessed via devices, will often encrypt their sensitive login and e-commerce pages while leaving other pages unencrypted. This practice endangers the safety of visitors while giving a false sense of security. Hackers have become adept at exploiting those unencrypted pages to steal user credentials or data.
“Session sidejacking” occurs when the user has been authenticated and is redirected to an unprotected page. At this point the hacker can intercept the network traffic between the browser and server to steal the plain text session cookie which includes the session ID. With this information the attacker can impersonate the user and alter or steal the exchanged data.
Unsecured WiFi hotspots are especially vulnerable to this technique since the broadcasted data is easy to intercept. Hacker tools such as CookieCadger, DroidSheep, Ferret, and Hamster all use variations of this technique to hijack sessions. The easy-to-use Firesheep tool has already been downloaded over 2.8 million times.
Sidejacking is entirely preventable by using HTTP Only, HSTS, session cookie settings, and Always-On SSL.
Familiarizing yourself with these, and similar attacks, will help you better harden your network from hackers. Another important step to take is to properly train your staff and users regarding these attacks. Many attacks rely on unsuspecting or untrained users who overlook the warning signs of an exploit in the works. Preventative training will give your users the tools they need to avoid unwittingly helping an attacker.