by Marc André Léger, DESS, MASc (MIS), PhD (Candidate)
Professor, Champlain College (Saint Lambert)
Lecturer, University of Sherbrooke – Longueuil

Lire cet article en français

Summary

On Saturday, November 7th, 2009 from 9:00a.m. to 13:00, students from the Wireless Networking program at Champlain College Saint-Lambert under the supervision of their professor, Marc-André Léger, performed a wireless network security audit in the streets of Montreal, Quebec, Canada as an educational activity. This document presents an overview of what was done and a summary of the results.

Audit objectives

This was primarily intended as an educational activity inspired by media reports and documentaries on the vulnerabilities of home wireless networks. Similar activities had taken place in 2007, 2008 and in the spring of 2009 with previous cohorts of students from the same program. As before, the principal objective from an educational point of view was to provide the students with hands-on experience in performing a wireless network audit). The general objective was to perform a partial area Wireless LAN audit and map the wireless networks (either home or business) that where found. This would give the students an idea of the current situation of wireless networks in the Montreal region.

As in the previous exercises, to respect the right to privacy of residents, students where instructed to only observed IEEE 802.11x data packets and signals present outside the limits of private property, never trespassing. Students had been strictly advised that all activities where being performed on public propriety as a community service activity. No attempt to access computer facilities, files or resources was to be undertaken by students. This was also done to respect Art. 342.1 of the Criminal Code of Canada.

Activity logistics

Fourteen (14) students participated from the WLAN Fundamentals course. The students where divided in 7 teams of 2 or 3 students. Each team was assigned an area in various areas in the Montreal region. These where located in the cities and neighborhoods known as: Brossard, Laprairie, Saint-Laurent, Westmount, Lasalle and Montreal (Ahuntsic, Villeray, St-Michel, Plateau Mont-Royal and Hochelaga-Maisonneuve districts). These areas where convenient to students, based on their area of residence. Students who participated in the exercise where required to have a laptop per team, equipped with a wireless (802.11b, g or n) network adapter and open source software (netstumbler). Students who did not have this equipment had one supplied by the College. As well, the teacher provided GPS devices to students.

War driving or WLAN Security audit ?

War driving is the act of driving around an area searching using a laptop computer or a portable device (PDA, Scanner), to detect networks. The name War driving comes from war dialing, which has been popularized in the 1983 movie WarGames. As for the previous exercise, it was decided to call the exercise a WLAN Security Audit as War Drive has negative connotations.

War driving is possible because users of wireless networks, due to lack of knowledge, lack of adequate information, ignorance or laziness leave their wireless access points unsecured. In many cases the devices are unsecured because the default configuration that was in place when the device was purchased is still being used.

Findings

During the war drive a total of 42128 devices where found, this is a significant increase from the numbers that where identified in the past. We suggest that this increase may be caused by several factors:

• An improvement in the manner in which the exercise is planned and executed;
• An expansion of the coverage area from previous exercises;
• An increase in the number of locations, both residential and business, which have implemented WLANs due to lower prices, greater availability and a reduction of perceived security risks.

For this article, all the devices where used to form the sample (n=42128).

Table 1: summary of results

Based on the data, there has been a lot improvement in the last year. Of the devices included in the 2009 sample, 11.3% where unencrypted. This is an improvement from the already good result of 12.6% in the spring and much better that the 22.7% from 2008, the 24% from the Fall 2007 exercise and the 31% from the Winter 2007 exercise.

As in all the previous exercises, the potential problem of the close proximity of multiple wireless devices using channel 6 was found. As before, the use of other channels, channel 1 and 11, has increased. These are distant enough (4 channels minimum) to avoid, or significantly reduce, interference. We also found that some AP’s where configured using channels 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161.

Conclusion

Overall the students seemed quite pleased by the experience as per previous years, allowing them to visualize some of the theoretical concepts seen in class. Compared to previous years the data shows a lot of improvement in wireless network security. While the results from 2007 and 2008 where far from being an ideal situation, the current results indicate that the trend that had been identified in the past continues: users of wireless networks are taking security more seriously. In the past we suggested that this may perhaps be in part the result of IT security awareness campaigns that took place in Québec in the last year and of numerous news reports and documentaries on Information Security.

Bibliography

Léger, Marc-André (2008) Class presentation for the course WLAN Fundamentals, available on www.leger.ca