Wi-Foo Author on Unsecured Wireless Networks

As an ever increasing number of companies adopt wireless networks,

securing them becomes a challenge — and sometimes a nightmare — for

more IT and security administrators.

The three authors of the book Wi-Foo: The Secrets of Wireless

Hacking write about the threats to the growing wireless community.

In the book, they look at how hackers attack and what technologies and

strategies are available to beat them.

Andrew Vladimirov co-authored the book along with Konstantin Gavrilenko

and Andrei Mikhailovsky. All three work at Arhont Ltd., a security

consultancy in the United Kingdom. Vladimirov, in an exclusive interview

with eSecurityPlanet, talks about what is lacking in most

wireless networks, how secure those networks are today, and what IT and

security administrators should be doing to improve security.

Vladimirov also talks about who makes up the target audience for this

self-described ”definitive guide to penetrating and defending wireless

networks”.

Q: Who did you write this book for?

We wrote it for anyone interested in wireless security. The largest part

of our audience will be system administrators and network security

management. When we started to write, the underground new far more than

the average security administrator.

Q: On the back cover of your book, it says, ”If you’re a hacker or

security auditor, this book will get you in. If you’re a

netadmin, sysadmin, consultant or home user, it’ll keep everyone else

out.” Who is this book really aimed at helping?

It’s more like martial arts books, in a sense. Of course, an attacker

could buy the book and use the instructions in it. The attackers know

this stuff anyway. They fight every day. They think martial artists know

nothing. They say they grew up on the streets and they know how to

fight. System administrators and managers would look at this and say, ‘I

didn’t know these things’… We are marketing to the hacker, in a sense.

There’s also a large amount of war drivers who go around looking for

wide open networks. They will always find them. When they read the book,

our hope is they will understand a few things. That the defense could be

just as interesting as the attack. Despite everything said, if a

security administrator knows more than they do, they could be caught and

suffer consequences… Another message is that this is not cool. They

can see that there are people who know far more than they do.

Q: Are IT and security administrators quickly learning how to secure

their wireless networks?

Slowly. Too slowly. We’ve been war driving for years. When we started

doing it around 2000 or 2001, 20 to 30 percent of networks had some

protection. Now I think this number has gone up by about 10 percent. Now

we see about 40 percent of networks having default protection, which

doesn’t require anything other than configuring the measures provided

with the technology itself. It’s not a huge progress, to be honest.

Q: How many companies have good layered security for their wireless

networks?

Very low… I would say it’s probably about 5 percent. It’s very

dangerous because now all the information is on the surface and it’s

quite easy to obtain the data in wireless networks.

Q: You say in your book that wireless networks are wide open, how

open are they?

We have 30 percent who use some form of protection. Out of them, if an

attacker takes an hour or just two hours of his or her time, two-thirds

can be cracked. The rest of the networks — those 60 to 70 percent —

are wide open. Only about 10 percent could stop most attackers.

Q: What is the one biggest thing that most IT and security

administrators don’t understand about wireless security?

In my opinion, it’s the first layer. People don’t understand radio

frequency. They can hardly imagine how far the network can spread. How

far and where that attacker can position himself or herself. There are

some so-called security consultants… who go around the site where the

network is deployed without an external antennae or amplifier and they

say your network doesn’t spread very far.

Q: What is going wrong? Why don’t administrators understand wireless

security basics?

There is a common flaw. It’s a mindset flaw. They say, ”We don’t have

any valuable data flashing through our network.” Orr data is boring.

Why would someone want to hack into it? This is a wrong perception. One

of the first reasons people would want to do that is to hide their

tracks… They could be sending spam or downloading pirated software or

pornography or attacking a bank or a government network, and if an

attacker is within 10 or 15 miles of your wireless network with an

antennae, they can use your network to do that.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web