WiFi Security - Steve Saunders Goldwing Forums

 
LinkBack Thread Tools
post #1 of 3 (permalink) Old 07-20-2007, 06:43 AM Thread Starter
Keeper of the Bookmarks / Moderator
 
AZgl1800's Avatar
 
Join Date: Oct 2006
Location: Oologah, Indian Territory, USA...
Year: 2002
Make: Honda
Model: GL1800 Hot Rod Yellow
Posts: 57,140
Garage
Post imported post



Just say no to WEP

* Date: July 18th, 2007
* by Mike Mullins

Whether you’re running a home wireless network or a corporate wireless network, you need to know the truth about Wired Equivalent Privacy (WEP). When WLAN hardware first came out, WEP was the standard encryption scheme offered to secure that wireless network.

By design, WEP protects a wireless network from eavesdropping. However, it has significant and well-documented vulnerabilities.

Weak Encryption Protocol?

WEP’s major flaw is its use of static encryption keys. But the encryption standard isn’t the problem.

WEP uses RC4 (also known as ARC4 or ARCFOUR) to protect the confidentiality of the transmitted data. However, every device on the network uses one key to encrypt every transmitted packet. That means an eavesdropper using a wireless hacking tool can intercept enough WEP-encrypted packets to eventually figure out the key.

Of course, you can mitigate this vulnerability by periodically changing the WEP key; most routers allow you to store up to four keys. But if you change the key on the router, that means you also have to change the key on every device on the network. Depending on the size of your network, this can quickly become a time-consuming, never-ending task.

WEP is so insecure and/or time-consuming to add even a small level of confidentiality to your WLAN, but what can you do? Why don’t you switch to Wi-Fi Protected Access (WPA) or WPA2?
WPA

While there are several flavors of WPA available today, the easiest to use and most widely supported version is WPA Personal — often called WPA Pre-Shared Key (PSK). Using this encryption is relatively easy.

To encrypt a network with WPA Personal/PSK, configure your router with a plain-text pass phrase between eight and 63 characters long. Using an encryption protocol called Temporal Key Integrity Protocol (TKIP), WPA uses that pass phrase — along with the network service set identifier (SSID) — to generate unique encryption keys for each wireless client.

Those encryption keys continuously change at the beginning of each transmitted frame. WPA cycles to a new key and broadcasts the change.
Roadblocks

Very few wireless devices sold today don’t support WPA. However, WEP is always the first option for encryption (alphabetically), and most consumers don’t know the difference between the two.

When it comes to client computers, Windows XP Service Pack 2, Windows Vista, and Mac OS X support WPA. When setting up the client, just make sure the data encryption — TKIP or Advanced Encryption Standard (AES) — matches the router’s setting. Most routers support AES, which offers a stronger encryption cipher than the one used by TKIP.
Final thoughts

Properly configured, WPA provides your WLAN great protection from roaming wireless hackers. And here’s one last suggestion: Change the default SSID. Most routers default the SSID to the name of the company that makes the router (e.g., Linksys).

In addition, avoid dictionary words in both the SSID and WPA. If you can use WPA2 (which uses AES), then use it. When it comes to security and encryption standards, using the latest and greatest standard is always a good thing.

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.

~ John


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.



To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
AZgl1800 is offline  
Sponsored Links
Advertisement
 
post #2 of 3 (permalink) Old 07-20-2007, 07:20 AM
Monkey with a Football
 
Rudy's Avatar
 
Join Date: May 2005
Location: With VPN, anywhere
Model: Linux, Firewalls & VPNs
Posts: 19,229
Garage
Post imported post

A business has different issues of security than a residence.

In my residential system, I simply leave the wireless off until I need it. Then off again.
The less you advertise your presence, the less time you have to be randomly picked up.

I can hack any wireless system given enough time to pick up transmission traffic. I can spoof any IP address or any MAC address and "become" a trusted user from a mile away.

Wireless security must be pro-active and changing constantly to be reasonably secure.

I do not even try to play that game at home because my security is within the network itself, not it's transmission or connectivity media.

This does several things for me. One is that I know when I'm "on the air" and concious of the traffic I am broadcasting, information-wise. No bank connections at that time, no cleartext logins at that time. Also I get to see and record who is trying to access my system so I can get the feel of the expertise and nature of the neighborhood and how it changes over time. Without that it is like wondering what the weather is like outside while living in a house with no windows or doors. Finally, I don't have to worry about any valid connections having trouble getting connected.
There is no DHCP or DNS in my residential network.

Business wireless is a whole other ball game.





Rudy

...and the rabid dog they gave me
wasn't too much fun
Rudy is offline  
post #3 of 3 (permalink) Old 07-20-2007, 02:56 PM
Member
 
hobbit's Avatar
 
Join Date: Jun 2007
Location: The Wirral, , United Kingdom
Posts: 163
Post imported post

wpa and wpa2 is indeed a much safer encryption than wep i have a program that can actually find the wep key of a wireless connection not belonging to me so you would be wise to change or update your wirless connection.

Life is like an angel better with wings
hobbit is offline  
Closed Thread

  Steve Saunders Goldwing Forums > Forums > Miscellaneous Forum

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Steve Saunders Goldwing Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Similar Threads
Thread Thread Starter Forum Replies Last Post
Finally got the WIFI up Bvanemon Miscellaneous Forum 1 09-21-2012 07:03 PM
for some one who know more about WIFI them me Bvanemon Miscellaneous Forum 21 09-16-2012 03:04 AM
Weak Wifi at RV Park (my present home) sandiegobrass Miscellaneous Forum 9 02-09-2011 07:43 AM
Olympic Security ccsailor Miscellaneous Forum 4 02-20-2009 09:42 AM
Computer Security tybme Miscellaneous Forum 4 08-19-2007 10:22 AM

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome