1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wireless Security - How secure is your Wireless Network?

Discussion in 'Articles' started by Toxic, Mar 12, 2006.

  1. Toxic

    Toxic Administrator Staff Member

    I have been meaning to run an article on this for a number of months now, but i finally got round to it when on a Wireless LAN course last week. I then decided to go "war driving" to see myself what was on offer. This is where you go out in a car with a laptop with netstumbler or a similar utility and pick up the wireless broadcasts from users home and commercial premises. Any unprotected cells will allow instant access to the internet and allow you to surf all day for free, as long as you have battery power for the laptop that is .

    To be honest it was appalling to see how many unprotected sites there were. so i have firstly ran a survey/poll to see how many of our users have any form of protection.

    SSID
    To be honest disabling this will do very little to deter a war driver or hacker. The SSID (Security Set Identifier) identifies a wireless network, just like a computer name or workgroup. Disabling the SSID will not stop a wireless signal being found, and can cause some wireless clients not to logon to the correct wireless signal without SSID being enabled. However the name of the SSID show be unique. leaving it as linksys, or, belkin also gives the hacker to know what type of wireless access point you are using, and thus can guess default administrator logon/password and IP address ranges. Also do not name your SSID after your business. this in turn can also lead to hackers identifying you. The other vulnerability is the wireless mac address, this also can be sniffed and a hack will identify the make of router.

    Wireless Encryption
    This is a must have. without this anyone can logon to your wireless cell and gain access to your network or internet connection. The Encryption on the waireless device must be supported on ALL wireless clients for it to work correctly. There are a number of encryption types:

    WEP - Wired Equivalent Privacy

    This uses the RC4 encryption method which has been cracked a number of years ago. Even though this is somewhat insecure it still has security measures to stop the occasional hacker. Encryption levels for WEP allow 64 bit, 128 bit and some 256 bit on some wireless devices.

    WPA - WiFi Protected Access

    WPA was introduced due to WEP's insecurities. it uses two different modes, Enterprise and Pre-Shared Key (PSK) Modes, PSK is also sometimes known as "Home Mode" as well.
    In Enterprise Mode, a network server and sophisticated authentication mechanisms are used to automatically distributed special encrypted keys called Master Keys. The Enterprise Encryption Levels are: TKIP or AES can be used with a Radius Server. This is by far the most secure WPA setting available

    In PSK Mode, there are no network servers, WPA allows the user to manually enter a "key or password" to allow connection between each wireless device. There are two encryption options for WPA Pre-Shared Key, TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encryption method than WEP, and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption and is must more secure than TKIP. Some Wireless Routers allow for TKIP+AES or AES encryption as a WPA2 standard.


    RADIUS

    Some wireless devices and clients also allow a Radius Server to give authentication or WEP for data encryption. To utilize RADIUS, enter the IP address of the RADIUS server and its shared secret. Select the desired encryption bit (64 or 128) for WEP and enter either a passphrase or a manual WEP key.

    Recommendations
    • use a different IP address than the default IP of 192.168.1.1 for the router
    • use a unique SSID and not the default SSID
    • change the default admin password for your Wireless Access Point in the web pages.
    • Your Router and Wireless device have to share the same encryption level . ie: WPA and WPA or WEP and WEP etc etc.
    • If using WEP use 128 or 256 bit if possible.
    • For most Home users, use WPA-PSK, however use a passkey of more than 20 characters as minimum.
    • Try not to broadcast the signal outside of your premises, this allows war drivers and hackers to site in the street and hack your network.
    • Enable MAC Address Filtering if possible, this helps deter hackers but is not fool proof.
    The WPA vulnerability has already been found in the WPA code, more about it here: http://wifinetnews.com/archives/002452.html

    Wifi Planet Update:

    WPA PSK Crackers: Loose Lips Sink Ships
     

Share This Page