In today’s security-conscious society, yacht owners can spend millions on security features like one-way bulletproof glass, anti-Paparazzi lasers, armed guards and diver detection systems. But how many owners have given much thought to the young stewardess lounging with her laptop on the boat next door, or to the tourist apparently tapping out an email at a dockside café?
Picking up signals
One objective of a good wireless network system is to provide a strong signal, but that strong signal can be very attractive to those looking for a convenient Internet connection or a free phone call. A strong wireless signal without a strong defence against unauthorized access also provides an open door to those with more sinister intent.
If a crew member on the boat across the dock wants to use some of your bandwidth, he or she might find few barriers to joining your network. Nearly everyone knows how simple it is to connect to the yacht’s wireless: click the name of the network and enter the password… voila! Welcome aboard. Most consumer-grade networking hardware is designed to be just that simple. But the transparency of the connection process doesn’t come without risk.
All wireless connections, except for a rare few that use infrared or laser light, are radio links. A wireless card contains a radio transmitter and a receiver as does the wireless access point (WAP) itself. And like all radio signals, anyone with a receiver can listen to what’s being broadcast.
Unfortunately, there are many low-cost and even free programs available to anyone who wants to try their hand at electronic surveillance for fun or for profit
Wireless network signals are not very powerful, but they do a very good job of providing a data connection to another receiver and transmitter within 150m or so.
Since the wireless transmitters used in most portable devices are omni-directional, the antenna doesn’t have to be pointed toward the receiver. Wireless data is carried on microwaves that are very short, a little less than 13cm long. Compared to a short-wave radio signal with a wavelength as long as, or longer, than the yacht itself or an FM radio wave that is about 3m long, such short wavelengths can penetrate almost any enclosure to form a cloud of radio waves around the yacht.
Unauthorized network access by someone looking for an Internet connection or just trying to log on for the fun of it might not seem all that threatening. At least no more than an unknown dock walker sneaking down to the crew mess to have a look in the fridge or rummage through the movie selection. How much harm could they do?
From the aspect of the yacht’s network security, if they made it to the crew mess they may find it just as easy to check out the owner’s safe or the yacht’s credit card files.
The risk of becoming a victim of electronic data snooping is very real, and it doesn’t take a sophisticated operative with racks of high-tech electronics to open the door of a yacht’s virtual vault.
Unfortunately, there are many low-cost and even free programs available to anyone who wants to try their hand at electronic surveillance for fun or for profit.
One of the earliest, but still very useful, examples is NetStumbler. This 10 year-old program works on a laptop or Windows CE-based device and displays wireless access points, SSIDs (the name of the local area network or LAN), MAC address (a code to identify a network interface device), channel, type of encryption, and signal strength. When this software is used on a GPS-enabled device, it can map the location of nearby WAPs.
NetStumbler provides a casual snooper with a great deal of useful information. It will clearly show who has the strongest and most vulnerable signal within range.
This article was first published in the June 2011 issue of Dockwalk
Defending the network
Just as it doesn’t take a CIA operative to access your network, it doesn’t take an MI6 communications room to keep all but a very determined and well-equipped intruder at bay.
Hernando Giraldo, of Great Circle Systems, a Nevada-based integrator of IT hardware and software with offices in Fort Lauderdale, Florida, pointed out that just buying a consumer-grade wireless router and installing it, without at least changing the default settings, is a clear invitation to intruders of all sorts.
Just knowing the model of the router can allow even the least sophisticated hacker to log on within a few moments of finding the signal. This situation probably applies mostly to smaller yachts, which may not have the benefit of employing an IT contractor to install and maintain the yacht’s network.
While it might be unlikely that a casual intruder would seriously compromise a yacht’s security through its wireless network, a ‘disgruntled former employee’ could seek malicious satisfaction from a safe distance.
One industry source who preferred not to be identified told the story of an unhappy former crew member who left with the boat’s passwords stored on their laptop. Failing to change network passwords when someone leaves a yacht’s employ is like letting them take the keys to the boat with them. In this case, it provided an open door to crack the password for the owner’s on-board email account.
Passwords should be changed often, and they must be changed when a crew member leaves. If a password is easy to remember, it’s just as easy for a determined intruder to crack.
Failing to change network passwords when someone leaves the yacht’s employ is like letting them take the keys to the boat with them
Combinations of letters and numbers in upper and lower case offer the best protection but are difficult to remember. Just don’t write it on a label stuck to a computer and you should be fairly safe. The bad guys always look for the simplest way in first, so don’t leave the front door unlocked for them.
‘If someone wants it badly enough, they will get it,’ says Giraldo. He suggests purchasing ‘business-class’ hardware, which offers more robust security features than inexpensive, consumer-grade products and allows the integration of even more barriers between authorised users and passers-by.
Antoine Guy of Synchronicity, and Sophia Antipolis, France, IT consultant, offered the following advice on configuring even the simplest wireless network to provide enough barriers to force a casual intruder to find easier pickings: ‘The idea is to make the basic set of WiFi parameters not trivial, not transparent, and not broadcast so a hacker can get this info by simply scanning the cloud,’ he says. ‘These parameters must be set up in the device to connect to the cloud.
‘Disable Access Point SSID broadcasting,’ the name of the yacht’s WiFi network. ‘If this information is not broadcast in the clear, it is difficult to obtain.
‘Change the default network SSID into a non-trivial one. Don’t use the boat name or an equivalent.
‘Set up the access point [router] to ask for an encrypted WPA key,’ WPA encryption is secure, unlike the older WEP standard, which can be broken using free software, ‘and try not to use a trivial key such as the boat name. A hacker will try that option immediately.
‘Don’t write down the default WPA password everywhere. It’s usually printed on a sticker at the back of the access point device, so remove that sticker.
‘Lock the network rack or location where the access point is located. Do not trust people who [say] they won’t give the key to a friend. They will.
‘Set up the Access Point to use a non-trivial Wi-Fi channel number – such as five, six or seven – not the usual one, eleven or thirteen.’
Following Guy’s advice will keep most network snoopers away. But for a very small minority of them, there are freely available software tools to chip away at the firewalls.
Airsnort is one piece of software that monitors the wireless signal and collects data packets until it has enough information to identify and decode a WEP encryption key. This might take as little as 15 seconds.
WPA encryption generally is accepted as practically impossible to crack, but that challenge is driving countless of extremely talented young computer geniuses to prove otherwise. So keep your firmware up to date.
Turning off the WAP’s SSID is like turning the deck lights off – the yacht is harder to see, but snoops carry their own lights. SSID Sniff works like the encryption cracker described above. It collects data packets until it has enough to assemble the identity of the network broadcasting the signal. With that piece of information, a snooping program can concentrate on data coming and going from that network only.
If this is beginning to read like an episode if Spooks, that’s precisely what it is. How can you defend your network, if hiding its identity won’t work? Simple, give it a thousand different names at once.
A program somewhat unimaginatively named Fake AP does just that. It generates thousands of false SSIDs. These faux access points look like the real thing to an SSID sniffer and overload its ability to find the genuine device.
If a yacht requires a nearly impregnable data fortress, it can be done fairly easily if not inexpensively
Winning the war
The security battles are unlikely to end any time soon. Information is a currency whose value is increasing rapidly. Those who stand to gain by collecting information are as well equipped as those who have a need to hide it.
If a yacht requires a nearly impregnable data fortress, it can be done fairly easily if not inexpensively. Securing critical information often means blocking all but a very few users. This can be accomplished on a yacht by creating a virtual local area network (VLAN), which is invisible to other users and separate some users and access points from the yacht’s server.
For example, a guest VLAN might be created that allows charter guests access to the Internet, but makes other network services invisible. This provides the best available compromise between ease of access and the highest level of network security available.
Network security is an enormously broad subject that is so complex and rapidly evolving as to leave ordinarily computer-savvy people in its wake. It’s vitally important that anyone using a wireless-enabled device on a yacht has some level of understanding of the threats.