Wireless sniffers are customized packet analyzers specifically designed to capture data over wireless networks. Packet analyzers are software programs, occasionally hardware tools, which will detect, intercept and decode data over a wireless connection. Wireless sniffers are used for many legitimate actions, including detecting, investigating and diagnosing network problems; filtering network traffic; monitoring network security, usage and activity; detecting and identifying network bottlenecks and configuration issues; detecting network vulnerabilities, malware and attempted security breaches and much more. However, they can also be used by malicious attackers to harvest confidential data and sensitive company information.
How are wireless sniffer attacks performed?
Wireless sniffers can be used to monitor network traffic, steal sensitive data such as passwords and credit card information and also can be used to acquire information about the network. Malicious attackers typically use wireless sniffers in areas with unsecured wireless networks such as coffee shops, restaurants, libraries and other public places.
Wireless sniffers can also be used in spoofing attacks. In these cases, malicious attackers use the information acquired from the wireless sniffer to disguise their attack as an authorized communication from a legitimate source within the network.
Wireless sniffing can be broken down into two different types of modes: promiscuous and monitor.
- Promiscuous: The wireless sniffer can access and read all data traveling to and from a wireless access point. This enables the sniffer to transmit data which can result in easier detection of the sniffer. This is the most common type of sniffing attack.
- Monitor: This type of wireless sniffer monitors incoming data but does not actually send out anything, making it very hard to detect and locate.
Preventing wireless sniffer attacks
Companies and businesses can combat wireless sniffer attacks in many ways. Replacing and avoiding insecure protocols is an essential step. FTP, HTTP and Telnet should be avoided and replaced with secure protocols such as SSH, HTTPS and SFTP. If secure protocols are implementable due to technical issues, all outgoing data should be encrypted on-premise to ensure proper security. Many organizations have even implemented Virtual Private Networks (VPNs) for even greater added security.
Companies should also make the effort to hire the services of professional security experts to test the security of their system. Security solutions can include – vulnerability scanners, penetration tests and wireless network sniffers for providing an in-depth security analysis.