We have been implementing wireless networks to extend our corporate network to where it is either too expensive or impractical to install wiring.  Management recently heard about wardriving and is very concerned that corporate information is being intercepted by those who don't need to see it.  They want me to make sure that the networks are secure but as is typical, have given me almost no money for tools to get the job done.  I suspect that some departments are setting up their own access points that aren't set up to corporate standards but I have had problems finding the access points.  What can you suggest?

The good news is that you can get some of the tools you need for little or no money.  The stealthiest tool I have seen as something from Kensington.  The product is called the Wifi Finder and looks for open access points.  It's available for around $30 and can check for both 802.11b and 802.11g access points (I guess there werent enough 802.11a access points to make it worthwhile to do one for that as well).  This will allow you to move quietly around the company without dragging around a laptop or PDA and a Wi-Fi card.

If you do have a smaller laptop or a PDA like the Compaq iPAQ, you can download a tool called Network Stumbler (mini Stumbler for the PDA) that detects access points and tells you whether they have WEP enabled or not.  Network Stumbler lets you save its scans for before and after comparisons. 

Depending on where the access points are hidden, you may want to consider trying Wi-Fi cards from more than one vendor.  I have seen some situations where a card from vendor A could barely hear an access point that a different Wi-Fi card could hear much better.  I recommend the Orinoco Gold card as a good all-around card.  I would also recommend getting either the tri-band Wi-Fi card from Linksys that will allow you to hear a, b and g Wi-Fi access points or a similar card to give you something to contrast against the Orinoco card.

Even though everybody knows that WEP isn't secure, having a passphrase with mixed case, number and punctuation will make it a little more difficult to break into your network.  Having said that, take a look at www.sourceforge.net for some tools that run on Linux that will "listen" or sniff the wireless traffic to see if your WEP key can be cracked.  Another tool you will find when you do a keyword search of "wep" is something that will do a dictionary style attack to see if you can guess the WEP passphrase.