Wireless networks are an easy way to extend your wired backbone. With them, the problem and expense of snaking wires through walls, ceilings, and closets all go away.
Security vulnerabilities are abundant on wireless networks (WLAN) without the right safeguards in place, however. A cool product known as AirMagnet Handheld Analyzer can assist you in locking down your WLAN and trouble-shoot performance problems to boot.
It is made by AirMagnet, founded in 2001 by Dean Au, formerly the senior vice president of the Sniffer Technology Division of Network Associates. Network Associates (now McAfee) is known for having developed the leading network monitoring device, more commonly known as a “sniffer.” (McAfee since unloaded its Sniffer division: the product is now sold by a new company established in 2004 as Network General.)
Anyone can join your wireless network if you have not put into place strong authentication mechanisms. In fact, you may not even realize someone has connected to your wireless network if you’re not monitoring the network traffic closely.
While it’s probably true that most unauthorized users are simply looking for free Internet connectivity, some are have less seemingly ‘innocent’ motives. They want credit card numbers and sensitive private information.
Besides, even if unauthorized users are only looking for free Internet connectivity, using your bandwidth is in and of itself theft. After all, you pay for your bandwidth, and the more people who join your network, the slower your network will become.
By monitoring and analyzing your wireless network, you can make well-informed decisions on security incident handling, network intrusions, security configurations, new safeguard requirements, network performance, and security policy recommendations. Improving your ability to trouble shoot problems that authorized users are experiencing is another reason you may want to monitor your wireless network.
AirMagnet Handheld Analyzer
If you’ve got a wireless network in place – and even if it is not an extensive and vast network with numerous network segment, if you’re network traffic contains sensitive information such as credit card numbers, medical records, and information about user identities – it would behoove you to understand what is happening on your network.
AirMagnet Handheld is a software product that runs on a Pocket PC that support the wireless standards known as 802.11b–and not 802.11a or 802.11g. AirMagnet Handheld can only analyze 802.11b wireless networks. (AirMagnet provides support for 802.11a/g networks using a different product known as AirMagnet Laptop.)
Clearly one of the nice things about the AirMagnet Handheld is that it is extremely mobile, since its operational platform is a handheld.
With AirMagnet Handheld Analyzer, you can walk through a facility and locate all the wireless access points, their MAC addresses, and their IP addresses. While it’s well known that IP addresses can be spoofed, MAC address can be spoofed as well, but usually aren’t.
Nonetheless, the analyzer can identify spoofed MAC addresses by determining if the MAC address is that of a real vendor, or also by determining if the packets that pass through the device’s MAC interface are out of sequence. While the handheld analyzer is not a wireless sniffer per se, it can decode OSI network layers 1, 2 and 3 – the radio signal, the datalink layer, and the network layer.
By doing routine walk-through scans of your network, you can find a lot of information that is useful for network management purposes. You can find out if any unauthorized access points have been deployed in breach of the organizational security policy.
AirMagnet Handheld’s Find Tool can actually help you physically locate a rogue access point once you have picked up its signal and can tell you what SSID it’s broadcasting. Once the Find Tool is launched, the user rotates and walks around and observes in which direction the Find Tool signal gets stronger.
The user moves towards the direction that increases the signal strength until the access point is located. By using this technique, a rogue access point can usually be found in 4 or 5 minutes.
You can also find out if any authorized access points are operating without encryption configured, exposing sensitive and proprietary information. Sometimes Wi-Fi channels become overloaded and during trouble-shooting administrators may turn encryption capabilities off and then forget to turn the encryption back on. AirMagnet Handheld Analyzer will actually sound alarms if it finds unprotected access points while scanning the airwaves.
Another cool feature of AirMagnet Handheld Analyzer is that it will tell you the precise distance that your Wi-Fi signals extend beyond your physical network. That way you can determine how far or a distance from your facility, demo room, or building that you need to monitor unauthorized visitors.
For example if you discover that your Wi-Fi network extends 10 feet beyond your building, you can position surveillance cameras to monitor up to 10 feet out from the perimeter of the building.
Based on how far outside your facility your Wi-Fi signal is transmitting, you can also figure out how far inside the interior of your complex to reposition your access points so that the Wi-Fi signal stays inside the complex and does not transmit out to unmonitored areas.
Connection Troubleshooting Tools
For example, if an access point is transmitting a signal six feet beyond the outside wall of the building, you can move the access point six feet towards the interior of the building so that only trusted insiders can use the signal. However, even easier than that, you can also just lower the transmit power on the access point so it doesn’t extend beyond the exterior of the building.
You can enforce your Wi-Fi security policy by finding out what security algorithms are currently operating on each access point. For example if your policy specifies that WEP, TKIP, and AES should be configured on all access points, you can find out if any access points do not have those algorithms and protocols enabled.
AirMagnet Handheld Analyzer can be setup to generate alarms that are consistent with your security policy and will alert you if the encryption algorithms required by your security policy are not enabled as illustrated in Figure 1.
Figure 1. Finding Disabled Encryption
Once an alarm is generated, you can user the user interface to drill down and find out specific information on that security violation as depicted in Figure 2.
Figure 2. Drilling Down Further
There are a host of other functions that AirMagnet Handheld Analyzer can perform and this article only describes a few of them. If you’re concerned about the security of your wireless network, or simply want to find out what is interfering with your Wi-Fi signal (e.g. microwave ovens, wireless cameras, wireless printers, wireless video games) it’s a tool you’ll certainly want to consider having on hand.
If you plan on using AirMagnet Handheld, you’ll need to be sure that your Pocket PC has the following resources: Microsoft Pocket PC 2002/2003
You’ll also need to be sure your Pocket PC has one of the following support Wi-Fi cards:
The product may work on with Pocket PCs that have built-in Wi-Fi, but the company makes no support claims as to whether it will or not.
Who Needs AirMagnet Handheld Analyzer?
Any information technology organization that has a vast wireless network will find AirMagnet Handheld Analyzer useful for trouble-shooting operational problems and uncovering security vulnerabilities.
Pricing for the AirMagnet Handheld Analyzer is $2,995 and the vendor indicates that volumes discounts are available for large scale purchases. The $2,995 price tag does not include the Wi-Fi card that you’ll need to use the analyzer.
One of AirMagnet’s customers for the Handheld Analyzer is the National Science Foundation’s McMurdo Station in Antarctica. McMurdo Station uses the Handheld Analyzer for antenna placement, alignment, and signal performance trouble-shooting.
Reprinted from PocketPCcity .