If you're even somewhat serious about securing your information, you can use various tools that show you what the bad guys see. Ideally, you should run these tools on a separate computer with a wireless connection. This will create a real-world environment and allow you to replicate an attacker's system looking in on your wireless laptop(s). Here are some tools you can use along with what they accomplish:
- Port scanners such as SuperScan and nmap to find out what's running on your wireless system -- it's the first step to breaking in.
- Vulnerability scanners such as NeWT, LanSpy, or LANguard to see what's easily exploitable.
- Network analyzers such as CommView for WiFi and AiroPeek to view cleartext information, where you're browsing, who you're talking to and more, all as it passes through thin air.
- A penetration application such as Metasploit to actually exploit the operating system and application vulnerabilities found. However, quite often all that's needed is a basic command prompt to establish null sessions, map drives, browse shares and more
- Password crackers such as Proactive Password Auditor, LC5, pwdump3, and NetBIOS Auditing Tool (NAT) crack your Windows passwords once that coveted remote connection is made.
Some of the bad guys have these tools, but odds are just as many -- if not more -- aren't as sophisticated. However, if you're like me, you don't want to take any chances.
How to lock down laptops that connect to hotspots
- Understand what there is to lose and who's stealing the loot
- Step 2: Secure your computer to prevent attacks in the first place
- Step 3: Secure your communications link
- Step 4: Tools you can use to test if you're vulnerable
ABOUT THE AUTHOR
Kevin Beaver is an independent information security advisor with Atlanta-based Principle Logic LLC. He has more than 17 years of experience in IT and specializes in performing information security assessments. He has authored five information security-related books including Hacking For Dummies (Wiley), the brand new Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). You can reach Kevin Beaver at firstname.lastname@example.org.
This was first published in August 2005