Welcome, Guest. Please Login
 
  HomeHelpSearchLogin FAQ Radified Ghost.Classic Ghost.New Bootable CD Blog  
 
Page Index Toggle Pages: 1
Send Topic Print
Wireless Security (Read 12400 times)
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Wireless Security
Mar 16th, 2009 at 5:50pm
 
TheShadow wrote on Mar 15th, 2009 at 12:34pm:
So, MrMagoo, you're saying that at least in your opinion, there is NO way to protect a Wireless Network, from hackers?

I'm not talking about someone at the CIA level, but just the local jerkwad wanting to steal a little wireless service.

So the state of wireless security is this:

WEP is about as useful as a padlock on the door of a nuclear missile warehouse.  It keeps honest Joe from getting on your network but it doesn't stop anybody who who is willing to put in the least amount of effort. It takes about 2 seconds to crack WEP with the right tools.  These tools are freely available online from "security research" sites and not difficult to find.  Some of them can even be run off a mobile phone.

WPA2 with a weak pass-phrase is better than WEP, but just barely.  We are talking less than a minute to crack with the same tools.

WPA2 with a strong pass-phrase and TKIP is difficult to crack.  A successful crack takes about an hour, 4 Nvidia graphics cards, and a special program.  Without the special equipment, a crack currently would take a few years.  This security may not last long - security researchers are working on "improving their technique" for cracking WPA2.  With computing power increasing constantly, it won't take long for the "time to crack" to drop to something reasonable.

So, with WPA2/TKIP and a strong pass-phrase, you are safe unless someone is determined to get into  your specific network (which would be unlikely for a home user.)  Any less security than that is a mere speed-bump on the way in for most intruders.

The problem is that most people use WEP and think they are safe.  A good chunk of people still don't use any security at all.

And, like I said earlier, once someone gets onto your internal network, especially a wireless one, they can easily own the entire network.
 
WWW  
IP Logged
 

Brian
Demigod
******
Offline



Posts: 6345
NSW, Australia


Back to top
Re: Wireless Security
Reply #1 - Mar 16th, 2009 at 6:27pm
 
MrMagoo,

For WPA2, is TKIP preferable to AES?

AES seems to be the default choice in my router but it also offers TKIP + AES.
 
 
IP Logged
 
Dan Goodell
Special Guest
*****
Offline



Posts: 552
N California


Back to top
Re: Wireless Security
Reply #2 - Mar 16th, 2009 at 7:57pm
 
"For WPA2, is TKIP preferable to AES?"


Brian, have you followed any of Steve Gibson's weekly "Security Now" netcasts?  Not that I can always follow it all, but he goes into a lot of detail about stuff like this.

He's covered this question in episodes 33, 92, and 170.  Download his show transcripts (available at www.grc.com/securitynow) and do a search for "tkip" to get to the sections where he discusses it.

The gist of his opinion is that TKIP is very strong (and good enough for all but the most sensitive security purposes), while AES is stronger but more compute-intensive (so there's a tradeoff because you technically get a slower connection).

(He also corrects listeners that they're not exactly apples to oranges--TKIP is a protocol while AES is an encryption cipher... though I'm foggy on what difference that makes to the end result.)

 
 
IP Logged
 
Brian
Demigod
******
Offline



Posts: 6345
NSW, Australia


Back to top
Re: Wireless Security
Reply #3 - Mar 16th, 2009 at 8:36pm
 
Dan,

No, strangely I must have "missed" those articles. I just did a quick "scan" of the TKIP references. Interesting.

I can't choose TKIP anyway. My router has AES and TKIP + AES. But if I choose the latter, my NIC reverts from TKIP to AES. I'm happy with AES.
 
 
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Wireless Security
Reply #4 - Mar 17th, 2009 at 5:21am
 
Brian wrote on Mar 16th, 2009 at 6:27pm:
For WPA2, is TKIP preferable to AES?

They are different things, not replacements for each other.  TKIP is Temporal Key Integrity Protocol.  TKIP is a way of selecting, managing, and updating the keys that are used for encryption in a way that is not predictable by an attacker.  This protects the key to your encryption.

AES is the Advanced Encryption Standard.  AES is a method to encrypt data in a way that someone else who has the key can decrypt it, but it is difficult (preferably impossible) to decrypt without the key.  I think a cipher is an appropriate term, but don't quote me on that.  Other ciphers used for digital data are RSA and DSA.  There is a lot of debate, but AES is considered to be one of the best encryption methods available today.  

So the answer is that you want both.  

Dan Goodell wrote on Mar 16th, 2009 at 7:57pm:
Brian, have you followed any of Steve Gibson's weekly "Security Now" netcasts?Not that I can always follow it all, but he goes into a lot of detail about stuff like this.

I used to listen to "Security Now."  Steve does a good job covering some complicated topics and making it easy enough to understand that a lot of people can follow most of it.  I take what he says with a grain of salt since I've seen him jump to conclusions and cause a lot of panic when it turned out he hadn't done his homework.
 
WWW  
IP Logged
 
Brian
Demigod
******
Offline



Posts: 6345
NSW, Australia


Back to top
Re: Wireless Security
Reply #5 - Mar 17th, 2009 at 12:41pm
 
MrMagoo wrote on Mar 17th, 2009 at 5:21am:
So the answer is that you want both. 

That makes sense. I now have TKIP + AES on the router and AES on the NIC. Thanks.

A different issue. How vulnerable is a laptop computer connected to an unsecured network in the corner coffee shop? I've read we should have Files and Folders sharing disabled and we shouldn't use Outlook Express. Is the situation worse than this?
 
 
IP Logged
 

MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Wireless Security
Reply #6 - Mar 17th, 2009 at 8:14pm
 
Brian wrote on Mar 17th, 2009 at 12:41pm:
How vulnerable is a laptop computer connected to an unsecured network in the corner coffee shop? I've read we should have Files and Folders sharing disabled and we shouldn't use Outlook Express. Is the situation worse than this?

That's a good start.  You definitely want file sharing turned off.  With that on, it wouldn't be difficult for any one in the coffee shop to see your shared files.  In fact, Linux will happily show you ALL the files on a Windows computer that has file sharing turned on - even files that aren't shared.

You also want a firewall turned on.  Of course, that's good practice anytime you are on the Internet, but especially so when on an unsecured wireless network.

Outlook Express doesn't have any unique problems, but email itself is usually unencrypted.  So, any email you download or send on an unencrypted wireless network will be there in clear view of anyone who chooses to sniff the network (which is trivial to do.)  This problem is not unique to email.  HTTP traffic is also unencrypted and freely available to anyone who sniffs the network.  So, if you aren't careful, the guy across the coffee shop from you could easily read every email you read, see every page you see, and follow every IM conversation you are having.

The options are:

1. Don't use an unencrypted (or weakly encrypted) wireless network.  Obviously choosing this option puts a damper on coffee shops, so move on to the next option if that's important to you.  At home, you have more control over the strength of the encryption in use on the network and should accept nothing less than WPA2.

2. Encrypt sensitive data.  HTTPS (as opposed to HTTP) is encrypted with SSL, which is good encryption, so HTTPS pages safe for viewing.  If you access you email through a secured webmail page or an IMAP connection that uses SSL, that is also safe.  Most IM clients now offer some type of encryption plug-in.  "Gaim Encryption" and "Off The Record" are two plug-ins that come to mind.

Note that the difficulty with this method isn't just finding a secure way to send/receive sensitive data, but also deciding *which* data is sensitive.  Do you care if the guy next to you sniffs your latest blog post?  Probably not since the whole point of the post is to be read publicly.  Do you care if they read your IM conversations?  You might not think your conversation would interest anyone else, but think about how much inside information you might pass about your company during a 10 min. IM conversation with a co-worker.

3. Bring your own encryption.  What I do if I need to surf from an unsecured wireless network is open a connection to my home through SSH.  I create a dynamic ssh tunnel, which my browser can then use as a SOCKS proxy.  Basically, traffic is encrypted and sent to my home router.  My home router decrypts it and sends it on its way.  This way, my traffic doesn't pass over the open wireless network unencrypted.  It may sound complicated, but once you do it the first time, it is quick and easy after that.

There are some services you can sign up for that do similar things (and more) if you don't want to proxy it through your house.  Here is a Google search to give you an idea of the products I'm talking about:

http://www.google.com/search?q=anonymous+browsing

I haven't used any of these products and can't recommend any specific one's.  My recommendation would be to build your own, but I know some people just aren't up to it.  Just make sure if you go that route you do a little research and verify the reputation of the product.

Now, I can imagine someone reading this and thinking "But all the people are my coffee shop are good people, and most of them know nothing about computers" or "My neighbors wouldn't bother getting on my network."  Two points on that line of thought:  

First, you are essentially betting your identity and personal information on the fact that these people are 'good' people.  

Second, there are people who's hobby is to go around looking for unsecured or weakly secured wireless networks to play with.  It's called War Driving, and it always surprises me how many people do it and how seriously they take it.  They even set up web sites to share information and tips.  If you have a wireless network, there is a good chance they've already listed it on their site, along with how tough it is to get into:

http://www.wigle.net/gps/gps/GPSDB/onlinemap2/?lat1=33.8137115&long1=-112.384661...
 
WWW  
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Wireless Security
Reply #7 - Mar 17th, 2009 at 8:19pm
 
This Topic was moved here from PC Hardware + Software (except Cloning programs) by MrMagoo.
 
WWW  
IP Logged
 
Rad
Radministrator
*****
Offline


Sufferin' succotash

Posts: 4090
Newport Beach, California


Back to top
Re: Wireless Security
Reply #8 - Mar 17th, 2009 at 11:54pm
 
MrMagoo wrote on Mar 16th, 2009 at 5:50pm:
It takes about 2 seconds to crack WEP with the right tools.These tools are freely available online from "security research" sites and not difficult to find.

There is no public internet at the local coffee shop. But there are many 'secured' access points. Sometimes I would like to connect to check things only available via an internet connection. I don't wanna hack anybody's PC .. just 'borrow' some of their connectivity. Doubt they would mind, long as they knew I had no malicious intent.

So .. where be these 'tools'?

PM is cool if you like.

I tried one 'tool'  ~ a year ago. It looked pretty but was worthless far as connecting to anything protected.
 
WWW  
IP Logged
 
MrMagoo
Übermensch
*****
Offline


Resident Linux Guru

Posts: 1026
Phoenix, AZ (USA)


Back to top
Re: Wireless Security
Reply #9 - Mar 18th, 2009 at 5:14am
 
Rad wrote on Mar 17th, 2009 at 11:54pm:
I don't wanna hack anybody's PC .. just 'borrow' some of their connectivity.

'Borrow' and 'steal' are usually the two terms debated when you discuss the morality of this.  The argument is similar to copyright violations in the respect that you don't have a right to what you take, but the person you take it from doesn't permanently loose anything.  It could easily turn into another long thread, but if anyone is interested in discussing it I'll start a new topic.  I'm always interested to here where people are coming from on it.

What it comes down to legally is that you are bypassing encryption to access a resource that you don't have explicit permission to use, which I think falls nicely under the Computer Fraud and Abuse Act.  These are security tools, intended to be used to probe and test the security of a network with the permission of the owner of that network.  I don't want to get anyone in trouble by encouraging you to break Federal laws.

However, if we can keep our discussion aligned with the security aspect, then we can have an open discussion.  Some people use these tools (or their own tools utilizing the same techniques) for evil, so we need to understand what they do and how they do it if we are going to learn how to protect ourselves.

NetStumbler is one of the more popular and effective tools for locating wireless access points.  

http://www.netstumbler.com/downloads/

Once you find the network, Aircrack-ng can help you analyze and attempt to crack the wireless network's encryption.

http://www.aircrack-ng.org/doku.php

There is a brief (slightly dated) discussion of NetStumbler and a few other tools on the Ethical Hacker Network.  

http://www.ethicalhacker.net/content/view/16/24/

That same article has a brief section on the bottom with tips to protect your own network against these tools.

Once you've scratched the surface with that stuff, you can start diving into the forums.  There are several high quality forums dedicated to wireless hacking.  
 
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Send Topic Print