Page:Wireless Networking in the Developing World (WNDW) Third Edition.pdf/174

 Again, if your users are trained to use strong encryption, this problem is significantly reduced.

Eavesdroppers.
As mentioned earlier, eavesdropping is a very difficult problem to deal with on wireless networks. By using a passive monitoring tool (such as Kismet), an eavesdropper can log all network data from a great distance away, without ever making their presence known. Poorly encrypted data can simply be logged and cracked later, while unencrypted data can be easily read in real time. If you have difficulty convincing others of this problem, you might want to demonstrate tools such as Driftnet (http://www.ex-parrot.com/~chris/driftnet/). Driftnet watches a wireless network for graphical data, such as GIF and JPEG files. While other users are browsing the Internet, these tools simply display all graphics found in a graphical collage. While you can tell a user that their email is vulnerable without encryption, nothing drives the message home like showing them the pictures they are looking at in their web browser. Again, while it cannot be completely prevented, proper application of strong encryption will discourage eavesdropping.

Protecting the wireless network In a traditional wired network, access control is relatively straightforward: If a person has physical access to a computer or network hub, they can use (or abuse) the network resources. While software mechanisms are an important component of network security, limiting physical access to the network devices is the ultimate access control mechanism. Simply put, if all terminals and network components are physically only accessible to trusted individuals, the network can likely be trusted. The rules change significantly with wireless networks. While the apparent range of your access point may seem to be just a few hundred metres, a user with a high gain antenna may be able to make use of the network from several blocks away. Should an unauthorised user be detected, is impossible to simply “trace the cable” back to the users location. Without transmitting a single packet, a sufficiently talented nefarious user can capture and log traffic on a wireless network to disk.