Wireless

You are currently browsing the archive for the Wireless category.

WPA Keeps Law Enforcement Away

June 19, 2010 in Wireless | No comments

Recently with aggravated identity theft and threatening the vice president after allegedly tapping into a neighbor’s wireless network and sending threatening email messages to US Vice President Joe Biden.   With a long history of having disputes with neighbors, he also allegedly stole personal information, sent offensive email messages, and emailed indecent photographs to his neighbor’s co-workers from an email account set up to appear as if the messages were coming from the neighbor.

While this may be an extreme case, this situation does show why it is so important for home users to take the time to secure their wifi networks using WPA/WPA2 encryption.  There are no systematic studies of security on home wifi networks that I am aware of, but have found that upwards of 65% of wireless networks tested are open.  Given how easy it is to configure encryption on wifi networks, there is no reason not to do it.  This is especially true if you live in a high population density area such as an apartment complex where easily dozens of other people could piggy back on an open wireless network.  Someone could use an open network to send spam, launch attacks against you or others, gather your personal data, or commit other illegal acts such as downloading pirated software or illegal copies of music.

Bruce Schneier, a well known information security researcher, has .  He cites the following reasons for not securing his network:

  • Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea.
  • Any potential spammer is far more likely to sit in a warm room with a cup of coffee at a coffee shop than in a cold car outside a house.
  • If you configure your computer to be secure regardless of the network it’s on, then it simply doesn’t matter.
  • Sharing Internet access is a polite thing to do and he likes to return the favor as he often uses open wifi networks when traveling.

While some of these arguments are legitimate, it still seems to me that from a risk analysis standpoint, it makes more sense to secure a wireless network than not, especially if you live in a densely populated area.  It only takes a couple of minutes to turn on WPA or WPA2 encryption, so there is very little cost to doing so.  But the benefits of enabling this security are quite high.  It significantly raises the amount of work a would-be attacker or scammer would have to undertake to abuse your wifi network.  In all likelihood, unless you were specifically being targeted, he would simply move on to a more easily accessible network.  So use the built-in security provided by wifi access points.  It is easy to configure and can help prevent you from being woken up in the middle of the night by the FBI.

New Attacks on Wireless Encryption

November 12, 2008 in Cryptography, Wireless

Two graduate students in Germany have successfully against the WPA wireless encryption protocol. WPA was developed as a stop-gap measure when it was discovered that WEP, the original wireless encryption protocol, was deeply flawed and offered virtually no protection from eavesdropping on wireless traffic. Tools have been available for many years that can crack a WEP encrypted wireless network in seconds. If you are still using WEP, stop.

WPA offered many improvements over WEP even though it used the same cypher (RC4). The primary improvement was frequent rekeying that made the WEP hack useless against WPA. However, with this new attack published this week, WPA encrypted networks may now be vulnerable. Many enterprises and home users adopted WPA because it did not require a hardware upgrade; it could be implemented with fairly simple software updates. But the days of WPA providing adequate security are quickly coming to and end. Even though the attack published this week is limited in its scope, the writing is on the wall. Once a significant attack is developed against a protocol or cypher, it doesn’t usually take long before better ones are developed or the same one is made better through faster processing power (think DES and WEP).

The solution is to implement WPA2 which uses AES as its cypher. AES is the gold standard of encryption cyphers and as a result, WPA2 is not vulnerable to this or any other known attack. It comes in two flavors: WPA2-Personal (sometimes called WPA2-PSK) and WPA_Enterprise. The primary difference is that the personal implementation uses a preshared key, or password, and is designed for home use. The enterprise version requires a RADIUS authentication server and is designed for larger, corporate environments. Most newer wireless clients support WPA2, although some older ones do not. In fact one of my home laptops (about 4 years old) doesn’t which is preventing me from upgrading my wireless network to pure WPA2. It looks like that laptop will be getting replaced soon, thanks for two graduate students from Germany :) .

Copyright © 2011 InfoSecStuff.com — All Rights Reserved