Advanced Criminal Investigations and Intelligence Operations

Home > Nonfiction > Advanced Criminal Investigations and Intelligence Operations > Page 19
Advanced Criminal Investigations and Intelligence Operations Page 19

by Unknown


  that the packets travel inside the router.

  Electronic Intelligence and Signals Intelligence

  143

  Computers can be connected to the router either with a wire called an

  Ethernet cable or without wires, in the case of a wireless router. Some wireless routers have two antennas; most have at least one. The antennas can be unscrewed and replaced by bigger, more powerful antennas. Data from

  the Internet will travel through the router and then transmitted through

  the antenna(s) and broadcast to the wireless adaptor on the computer, laptop, or any other wireless adaptor in range (whether it is yours or not). So the wireless signals are radio waves from a wireless router at between 2.4

  and 2.5 GHz.

  Other electric devices known to clash with your wireless signals are

  digital phones, baby cot monitors, Bluetooth devices, other wireless routers, etc. To solve this problem, change the frequency of the radio waves by changing the channels. The changes you are permitted to make are from

  2.4 to 2.5 GHz. You make these changes from the router’s control panel

  (called the configuration page). So Channel 1 will mean 2.41 GHz, Channel 2

  will mean 2.42 GHz, Channel 3 will mean 2.43 GHz, and so on.

  The first step in setting up a router is usually to set up the router with a direct cable connection, that is, an Ethernet or network cable. The setup or installation wizard should then take you through the steps to get you connected to the router and onto the Internet. Before you do this, contact your ISP and get any router setting they may have. You will need your broadband user name and password. Once you have a wired connection set up, you can

  then set up a wireless connection, and when you have your wireless connection up and running, you can unplug the network cable.

  External networks are an important part of the overall security strategy.

  Separate from the router may be a firewall or VPN handling device, or the router may include these and other security functions. Many companies produced security-oriented routers, including Cisco Systems’ PIX and ASA5500

  series, Juniper’s Netscreen, WatchGuard’s Firebox, and Barracuda’s variety of mail-oriented devices.

  A lot of wireless routers don’t have security turned on by default. Your

  configuration pages will allow you to turn it on, and there is usually a Help menu that explains the various security settings. You may need to go into the config pages to set up wireless security. If you don’t have security switched on, anyone within range of your wireless router will be able to connect to it. There are two types of security that most wireless routers use: Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA), which encrypt your signals with a key. With the wireless security turned on, the router needs your key before it will allow access and any traffic through it.

  WEP is an older form of security and is not as safe as WPA. There are programs around that hackers can download to crack WEP. Once they

  have WEP cracking software, they may be able to gain access to your router and get a free ride on the Internet or worse. The WEP key will be either

  144

  Advanced Criminal Investigations and Intelligence Operations

  64 bits or 128 bits in length (128 bits is 26 characters and will be mixture of the numbers 0–9 and the letters A–F.) When setting up the router for a wireless connection, you have to type out all 26 characters correctly or it won’t connect.

  WPA security is really an updated WEP, using different and stronger encryption that is harder to crack. It is easier to set up because you only need to set up a short pass phrase instead of typing out 26 letters and numbers.

  WPA is better than WEP.

  Here are a few steps you can take to make your home network a less

  inviting target: (1) In your router security settings, make sure you’ve changed any default user names and passwords. These will be the first things any hacker tries, much the way a burglar jiggles a doorknob to see if it’s unlocked.

  (2) Disable wireless access to your router’s management console, which allows you to manage its settings by pointing a web browser to an address such as 192.168.1.1. Disabling wireless access means you will have to be physically plugged into the router in order to manage it, making it far more difficult to hack. (3) Consider replacing your router’s internal software with an open-source alternative such as DD-WRT, Tomato, or OpenWRT. While these

  options aren’t particularly consumer friendly, their firmware is less likely to contain obvious vulnerabilities. (4) If you haven’t already done so, you should consider enabling your wireless router’s built-in firewall. Enabling the firewall can help to make your network less visible to hackers looking for targets on the Internet. Many router-based firewalls have a stealth mode that you can enable to help reduce your network’s visibility.

  Routers and Wi-Fi: How to Access Router Settings

  A router is a device that forwards data packets between computer networks, creating an overlay internetwork (a computer network that is built on the top of another network). A router is connected to two or more data lines

  from different networks. When a data packet comes in one of the lines, the router reads the address information in the packet to determine its ultimate destination. Then, using information in its routing table (a table that lists the routes to particular network destinations) or routing policy (decisions based on policies set by the network administrator), it directs the packet to the next network along its route.

  Routers perform the traffic directing functions on the Internet. A data packet is typically forwarded from one router to another through the networks that constitute the internetwork until it reaches its destination node.

  Small home and office routers simply pass data, such as web pages, e-mail, IM, and videos between the computers and the Internet. An example of such

  Electronic Intelligence and Signals Intelligence

  145

  routers is the owners’ cable or DSL modem that connects to the Internet

  through an ISP. More sophisticated routers, such as enterprise routers, connect large business or ISP networks to powerful core routers that forward data at high speed along the fiber-optic lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers is increasingly more common.

  The IP address is the address used for identifying a device on the Internet.

  The correct router default IP address (IP address) is the one specific to the router manufacturer that is connected to the computer being used. The internal router settings can only be accessed if the computer that is searching the IP is connected to that router. To access router settings (security, firewall, passwords, etc.), enter the correct default IP address into the address bar on any search engine (see Figure 8.18). Different brands have different default addresses that apply to those specifically, for example,

  • Belkin: 192.168.2.1

  • Linksys: 192.168.1.1

  • Netgear: 192.168.0.1

  To get to Command Prompt, go to Start (on your computer), then use the search bar for “search programs and files” to search for “command prompt”

  or just “cmd.” Under Command Prompt (cmd), enter “ipconfig.” This shows a user all of the current IP configurations on his computer (Figure 8.19).

  Figure 8.18 Router setup.

  146

  Advanced Criminal Investigations and Intelligence Operations

  Figure 8.19 IP configuration.

  Using Wi-Fi Technology

  Wi-Fi technology allows an electronic device to exchange data wirelessly, by any WLAN. A device that can use Wi-Fi, such as a personal computer, video game, smartphone, tablet, and digital audio player, can connect to a network resource such as the Internet by a wireless network access point or hotspot, having a range of about 20 m (65 feet) indoors and a greater range outdoors.

  Hotspot coverage can involv
e an area as small as a single room with walls that block radio waves or as large as several square miles, using multiple overlapping access points. They transmit at frequencies of 2.4 or 5 GHz. The higher frequency allows the signal to carry more data.

  802.11a transmits at 5 GHz and can move up to 54 megabits of data per second. It also uses orthogonal frequency-division multiplexing (OFDM), a more efficient coding technique that splits that radio signal into several sub-signals before they reach a receiver. This greatly reduces interference. 802.11b is the slowest and least expensive standard and transmits in the 2.4 GHz

  frequency band of the radio spectrum. It can handle up to 11 megabits of

  data per second and it uses complementary code keying (CCK) modulation to improve speeds. 802.11g also transmits at 2.4 GHz like 802.11b, but it is faster and can handle up to 54 megabits of data per second, because it uses the same OFDM coding as 802.11a. 802.11n is the most widely available of the standards and is backward compatible with a, b, and g. 802.11n can achieve

  Electronic Intelligence and Signals Intelligence

  147

  speeds as high as 140 megabits per second and transmit up to four streams of data, each at a maximum of 150 megabits per second, but most routers only allow for two or three streams.

  802.11ac is the newest standard as of early 2013 but has yet to be widely adopted. 802.11ac is also backward compatible with 802.11n (and therefore the others, too), with n on the 2.4 GHz band and ac on the 5 GHz band.

  It is sometimes called 5G Wi-Fi because of its frequency band, sometimes Gigabit Wi-Fi because of its potential to exceed a gigabit per second on multiple streams, and sometimes very high throughput ( VHT) for the same reason. Wi-Fi radios can transmit on any of three frequency bands. Or they can frequency hop rapidly between the different bands. Frequency hopping helps reduce interference and lets multiple devices use the same wireless connection simultaneously (Tables 8.1 and 8.2).

  Public Wi-Fi hotspots normally require a paid subscription. The sign-

  up process involves providing credit card information online or by phone

  and choosing a service plan. Some service providers offer plans that work at thousands of hotspots throughout the country. A few pieces of technical information are also required to access Wi-Fi hotspots. The network name

  (also called service set identifier [SSID]) distinguishes hotspot networks from each other. Encryption keys (a long series of letters and numbers) scramble the network traffic to and from hotspots and businesses. Service providers supply this profile information for their hotspots.

  Computers can scan for hotspots within range of their wireless signal

  and identify the network name (SSID) of the hotspot allowing the computer to initiate a connection. Users can also use a small Wi-Fi finder device, used Table 8.1 Wi-Fi Frequencies 2.4G Band

  Channel

  Lower Frequency

  Center Frequency

  Upper Frequency

  1

  2.401

  2.412

  2.423

  2

  2.406

  2.417

  2.428

  3

  2.411

  2.422

  2.433

  4

  2.416

  2.427

  2.438

  5

  2.421

  2.432

  2.443

  6

  2.426

  2.437

  2.448

  7

  2.431

  2.442

  2.453

  8

  2.436

  2.447

  2.458

  9

  2.441

  2.452

  2.463

  10

  2.451

  2.457

  2.468

  11

  2.451

  2.462

  2.473

  Note: In the United States and Canada, there are 11 channels available for use in the 802.11b 2.4 GHz Wi-Fi frequency range. This standard is

  defined by the IEEE.

  148

  Advanced Criminal Investigations and Intelligence Operations

  Table 8.2 Wi-Fi Frequencies 5G Band (5.180–5.825 GHz)

  Frequency

  U.S.

  Europe

  Channel U-NII Band

  (MHz)

  (40/20 MHz) (40/20 MHz)

  36

  1

  5180

  Yes

  Yes

  38

  1

  5190

  No

  No

  40

  1

  5200

  Yes

  Yes

  42

  1

  5210

  No

  No

  44

  1

  5220

  Yes

  Yes

  46

  1

  5230

  No

  No

  48

  1

  5240

  Yes

  Yes

  52

  2

  5260

  Yes

  Yes

  56

  2

  5280

  Yes

  Yes

  60

  2

  5300

  Yes

  Yes

  64

  2

  5320

  Yes

  Yes

  100

  2e

  5500

  Yes

  Yes

  104

  2e

  5520

  Yes

  Yes

  108

  2e

  5540

  Yes

  Yes

  112

  2e

  5560

  Yes

  Yes

  116

  2e

  5580

  Yes

  Yes

  120

  2e

  5600

  No

  Yes

  124

  2e

  5620

  No

  Yes

  128

  2e

  5640

  No

  Yes

  132

  2e

  5660

  No

  Yes

  136

  2e

  5680

  Yes

  Yes

  140

  2e

  5700

  Yes

  No

  149

  3

  5745

  Yes

  No

  153

  3

  5765

  Yes

  No

  157

  3

  5785

  Yes

  No

  161

  3

  5805

  Yes

  No

  165

  3

  5825

  Yes

  No

  scan for hotspot signals, and many provide an indication of signal strength to help pinpoint their exact location. Before traveling, the location of Wi-Fi hotspots can be found using online wireless hotspot finder services. With the profile (network name and encryption settings) applied on the wireless network adapter, you initiate the connection from your computer operating system (or software that was supplied with the network adapter). Paid or restricted hotspot services will require you to log in with a user name and password the first time you access the Internet.

  Taking basic precautions help ensure reasonable safety when using Wi-Fi

  hotspots. First, choose only reputable public hotspot service providers and ones who use strong security settings on their networks. Second, be aware of your surroundings and watch for suspicious individuals in the vicinity

  Electronic Intelligence and Signals
Intelligence

  149

  who may be reading your screen or planning to steal your computer. Third, ensure you do not accidentally connect to nonpreferred hotspots by checking your computer’s settings. Although not normally enabled, most computers

  have a setting available allowing these connections to happen automatically without notifying the user. This setting should not be enabled except in temporary situations with the user’s awareness. To verify whether automatic

  connections to open Wi-Fi networks are allowed, check the computer’s wireless configuration settings. For example, for Windows XP:

  1. From the Start menu, open Windows Control Panel.

  2. Inside Control Panel, click the “Network Connections” option if it

  exists; otherwise, first click “Network and Internet Connections”

  and then click “Network Connections.”

  3. Right-click “Wireless Network Connection” and choose “Properties.”

  4. Click the “Wireless Networks” tab on the Properties page.

  5. Click the “Advanced” button in this tab.

  6. Find the “Automatically connect to nonpreferred networks” setting.

  If checked, this setting is enabled; otherwise, it is disabled.

  Wi-Fi can be less secure than wired connections (such as Ethernet) because an intruder does not need a physical connection. Web pages that use SSL or its successor, transport layer security ( TLS), to encrypt the data of network connections are more secure, but unencrypted Internet access can easily be detected by intruders. Because of this, Wi-Fi has adopted various encryption technologies. Because the early encryption, WEP (a security algorithm for wireless networks), was proven easy to break, higher-quality security protocols and security certification programs WPA and WPA II ( WPA2) were added later.

  The man-in-the-middle attack (abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a method of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, to make them believe that they are talking directly to each other over a private connection, when the entire conversation is actually controlled by the attacker. The attacker is able to intercept messages going between the two victims and inject new ones (e.g., an attacker within reception range of an unencrypted Wi-Fi access point).

  A man-in-the-middle attack can succeed only when the attacker can

  impersonate each endpoint user by attacking mutual authentication or

  lack thereof. Most cryptographic protocols include some form of endpoint

  authentication to prevent MITM attacks. SSL can authenticate one or both

  parties using a mutually trusted certification authority.

 

‹ Prev