Wireless network (in)security

Latest Articles

Wireless network (in)security

Downsizer Forum Index -> IT Matters

Author

Message

dougal

Joined: 15 Jan 2005
Posts: 7184
Location: South Kent

Posted: Wed Apr 04, 07 9:11 pm Post subject: Wireless network (in)security

It is normal to encode wireless network traffic for security.

The original encoding scheme is called "WEP".
Its not very secure.
Now even a "104 bit key" (the longer, more secure, password option) has been shown to be *really* easily cracked.
https://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/
A laptop needs to evesdrop for potentially only a minute or so, and do *3* minutes processing, to crack the 104 bit encryption.

So... if you are fussed about not having your network traffic open to evesdropping, *don't* use WEP.

The newer "WPA" encryption is (at least for now) *much* more secure. There is also an even more secure "WPA2".

Most routers can only handle one type of encryption at a time.
So to use WPA *every* piece of your wireless network must be able to do WPA.
Almost all kit currently on sale can do WPA - but some can't - so do check!

jema
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 28118
Location: escaped from Swindon

Posted: Wed Apr 04, 07 11:01 pm Post subject:
I'd guess most people are on WPA, as it is easier to use anyway?

dougal

Joined: 15 Jan 2005
Posts: 7184
Location: South Kent

Posted: Thu Apr 05, 07 11:07 am Post subject:

jema wrote:

I'd guess most people are on WPA...

I hope *everyone* that's fussed about confidentiality is on WPA.
However that is hope rather than expectation.
That's why I posted this!

jema
Downsizer Moderator

Joined: 28 Oct 2004
Posts: 28118
Location: escaped from Swindon

Posted: Thu Apr 05, 07 11:39 am Post subject:

As I recall setting up my system WPA involved setting a password WEP involved a dialog where you had to type in hidden mode buckets of hex digits

Quite hair raising

Though this might of been just the silly supplied software I was using.

Why is it windows has a manager for wireless connections and the wireless routers also come with a manager as well, so they can slug it out internally as to which is active

toggle

Joined: 30 Dec 2006
Posts: 11622
Location: truro

Posted: Thu Apr 05, 07 6:07 pm Post subject:

jema wrote:

I'd guess most people are on WPA, as it is easier to use anyway?

most people don't seem to bother with any sort of security. Probably half the wireless networks I pick up in my area, are unsecured.

FiddlesticksTim

Joined: 28 Dec 2004
Posts: 104
Location: West Oxfordshire

Posted: Tue Apr 10, 07 12:05 pm Post subject:

We had a very interesting course last week which covered, amongst other things, wireless security.

I came out of the session resolving never, ever to put truly confidential data on a Wireless LAN. It's that bad.

Armed with the appropriate software (we used Cain and Abel) on your laptop, you can really easily decrypt the WEP keys. Apparently the optimum time is when MS push the patches out, because you get enough traffic for the program to determine the keys, as Dougal says.

Don't give up on Wireless - it's a great tool - but be afraid and be very careful!

Tim

dougal

Joined: 15 Jan 2005
Posts: 7184
Location: South Kent

Posted: Tue Apr 10, 07 1:25 pm Post subject:

FiddlesticksTim wrote:

... I came out of the session resolving never, ever to put truly confidential data on a Wireless LAN. It's that bad.
... you can really easily decrypt the WEP keys. ...
Don't give up on Wireless - it's a great tool - but be afraid and be very careful!

WEP *is* indeed that bad.
But WPA ain't bad.

I would dearly like folks to notice the *major* difference between these rather similar acronyms.

The first part of "being careful" is to use WPA not WEP.

mrutty

Joined: 28 Oct 2004
Posts: 1578

Posted: Tue Apr 10, 07 8:50 pm Post subject:

FiddlesticksTim wrote:

Far far worse than that. It sits in a band with less than 1 db atten per km so you can with an X band of 30db gain you can happily sit 25 km away and pickup anything in line of sight. Wireless was only ever looked at as an overlay network.

Long may it be insecure as it's paying my morgage

mrutty

Joined: 28 Oct 2004
Posts: 1578

Posted: Tue Apr 10, 07 9:07 pm Post subject:

General note here but if you buy cheap routers or access points then you'll get crap services. Always limit your IP scope and run wireless on a different VLAN (yes VLANs can be hopped so make sure your VLAN router has quality ACLs or runs a real firewall). Not advertising your SSID does NOT give you security. Most real deployments encrypt the traffic across their wireless and then treat it as risky as the Internet.

Oh and fun tools are Airsnort which should scare the crap out of most people

Grimnir

Joined: 29 Mar 2007
Posts: 372
Location: Northants/Beds border

Posted: Tue Apr 10, 07 10:40 pm Post subject:
...and people wonder why I've got these cables running over the place! Though TBH if I was going to change from wired LAN to wireless, I'd call a good friend of mine who works in this field and get him to set up the virtual Fort Knox. If I did it I'd always be worried about what was getting out, if he did I wouldn't be - and when the time came to upgrade he'd tell me.

Barefoot Andrew
Downsizer Moderator

Joined: 21 Mar 2007
Posts: 22780
Location: In the 17th century

Posted: Wed Apr 11, 07 9:57 am Post subject:

mrutty wrote:

General note here but if you buy cheap routers or access points then you'll get crap services.

At the risk of controversy, that's a teeny bit sweeping.

I recently set up an office wireless network for a client and deployed a Belkin wireless modem/router. I've used various Belkin products over the years and found them to be well made and reliable. On this occasion, however, I could not make it acqurie an ADSL connection to the exchange, despite a great deal of messing about with BT et. The unit was deployed elsewhere where it worked perfectly - so nothing wrong with it.

New bit of kit purchased - this time a LinkSys - same sort of spec. It worked first time. It might say Cisco on the side of the box but the unit itself looks a bit cheapo in my view its chunky plastic and bright blue colours. But who cares, it does exactly what I want.

A.

RichardW

Joined: 24 Aug 2006
Posts: 8443
Location: Llyn Peninsular North Wales

Posted: Wed Apr 11, 07 10:30 am Post subject:
Linksys are far better than Belkin. Belkin just have a better home user image. Justme

Barefoot Andrew
Downsizer Moderator

Joined: 21 Mar 2007
Posts: 22780
Location: In the 17th century

Posted: Wed Apr 11, 07 10:44 am Post subject:
I use an Intertex IX66 here and I have been very pleased with it. If I were purchasing WAN/LAN equipment for my own use again, I'd have no hestitation in buying another Intertex unit. A.

mrutty

Joined: 28 Oct 2004
Posts: 1578

Posted: Wed Apr 11, 07 1:26 pm Post subject:
Draytek or per CISCO here, having said that I'm testing a linksys access point for someone at the moment which I'm tempted to keep as it's doing a grand job, but then I have IPSEC running and it's firewalled off in it's own VLAN.

	Downsizer Forum Index -> IT Matters	All times are GMT
Page 1 of 1

View Latest Posts