Finding all the access points

Management recently heard about wardriving and is very concerned that corporate information is being intercepted by those who don’t need to see it.  They want me to make sure that the networks are secure but as is typical, have given me almost no money for tools to get the job done.  I suspect that some departments are setting up their own access points that aren’t set up to corporate standards but I have had problems finding the access points.  What can you suggest? — Via the Internet

We have been implementing wireless networks to extend our corporate network to where it is either too expensive or impractical to install wiring.  Management recently heard about wardriving and is very concerned that corporate information is being intercepted by those who don’t need to see it.  They want me to make sure that the networks are secure but as is typical, have given me almost no money for tools to get the job done.  I suspect that some departments are setting up their own access points that aren’t set up to corporate standards but I have had problems finding the access points.  What can you suggest?

The good news is that you can get some of the tools you need for little or no money.  The stealthiest tool I have seen as something from Kensington.  The product is called the Wifi Finder and looks for open access points.  It’s available for around $30 and can check for both 802.11b and 802.11g access points (I guess there werent enough 802.11a access points to make it worthwhile to do one for that as well).  This will allow you to move quietly around the company without dragging around a laptop or PDA and a Wi-Fi card.

If you do have a smaller laptop or a PDA like the Compaq iPAQ, you can download a tool called Network Stumbler (mini Stumbler for the PDA) that detects access points and tells you whether they have WEP enabled or not.  Network Stumbler lets you save its scans for before and after comparisons. 

Depending on where the access points are hidden, you may want to consider trying Wi-Fi cards from more than one vendor.  I have seen some situations where a card from vendor A could barely hear an access point that a different Wi-Fi card could hear much better.  I recommend the Orinoco Gold card as a good all-around card.  I would also recommend getting either the tri-band Wi-Fi card from Linksys that will allow you to hear a, b and g Wi-Fi access points or a similar card to give you something to contrast against the Orinoco card.

Even though everybody knows that WEP isn’t secure, having a passphrase with mixed case, number and punctuation will make it a little more difficult to break into your network.  Having said that, take a look at www.sourceforge.net for some tools that run on Linux that will “listen” or sniff the wireless traffic to see if your WEP key can be cracked.  Another tool you will find when you do a keyword search of “wep” is something that will do a dictionary style attack to see if you can guess the WEP passphrase. 

Something to consider if management is really concerned about wireless security is to have the users use VPN software to connect to the network.  Although this will take a little more effort on the users part to connect but the results can payoff in the long run.  The bottom line is that you can start now with a low budget to prove to management how good or bad things are until they loosen the purse strings to let you get the tools you need.