Slashdot Mirror

← Back to Stories (view on slashdot.org)

State of Secure Wireless Networking?

Posted by Cliff on from the protecting-your-airborne-packets dept.

Mr. Sketch asks: "At my office, they want me to add a wireless network and it seems like it could be possible to do it in a secure way, but I'm not 100% confident. The setup I was thinking of was 802.11g only (no backward 802.11b compatibility), WPA-PSK with AES encryption with a 15 character password consisting of upper and lower case letters and numbers and special characters, MAC filtering, no ssid broadcast, and no default anything (ssid, passwords, etc). How secure would this network be? What type of attacks would it be vulnerable to? I haven't found any tools to crack AES, only WEP, does that mean it's secure or I just that I haven't looked hard enough? I want the wireless computers to still be able to access the computers on our network, in fact ideally, I just want it to be a wireless extension of our wired network, but only if it's secure enough. I'm sure there are plenty of other companies who want to add wireless to their network, but want to be reasonably confident that it will be secure and are unsure of the current state of wireless security."

4 of 45 comments (clear)

  1. The same as it was last week... by AKnightCowboy · · Score: 3, Interesting

    and the week before that, and the month before that. Do not rely on your wireless access point's built-in encryption and authentication under any circumstances. Use it as a barebones minimum and then drop a VPN on top of that. Make sure the access points terminate on an insecure network isolated from the rest of your trusted LAN and require VPN access to reach the trusted side. Anybody that was trusting LEAP just got burned last week so don't make the same mistakes about trusting a hardware implementation when there's proven software VPN solutions that have stood the test of time.

  2. What about ad hoc problems? by KingOfBLASH · · Score: 2, Interesting

    If I understand wireless networking correctly, somebody can key in the info you give them for access to the network, and then allow unsecured, "ad hoc" network access -- meaning people could get into your network through their computer. Do you have control over all of the computers? I would worry about such a security hole if it's possible.

  3. WPA-PSK by rlwhite · · Score: 4, Interesting

    If there is any weakness in this setup, it's probably in WPA-PSK. It's intended more for home use than for corporate WLANs. If the PSK password gets compromised, you could be in for trouble. Of course if the password is strong, the only attack I know of is to get physical access to one of the wireless nodes. I'm not all that familiar with the new protocals; the attacker may still have to find a way past AES to make use of the compromised PSK.

  4. Don't foget reliability. by rawg · · Score: 3, Interesting

    All this security stuff to keep people out of your network, but don't forget about people jamming up your network. It only takes one client to mess up everything.

    I'm running a small WISP and have found that some radios can crash my access points. Make sure you get a real good AP, like Cisco or something. I've use the cheap ones. Linksys, D-Link, and I end up having problems. So I built my own with a Soekris board using Linux. Same problems. Switch to FreeBSD (m0n0wall). Same problems. The dam things crash almost every day. The biggest reason... Power Save Mode on a client computer.

    --
    The above is not worth reading.