Slashdot Mirror

← Back to Stories (view on slashdot.org)

On The Current State of WiFi Security

Posted by Zonk on from the it's-not-good dept.

An anonymous reader writes "A Flexbeta article covers the basics of WiF security. The article mentions mentions various ways of securing a WiFi network, how easy it is to crack WEP, and what the IEEE is doing about WiFi security. From the article: 'In order to address the security issues of WEP and the current Wi-Fi standards of 802.11a/b/g, the Institute of Electrical and Electronics Engineers (IEEE) is developing a new standard that is called 802.11i. This standard was developed with security in mind. The new standard implements new security entitled Wi-Fi Protected Access (WPA), which takes advantage of the Temporal Key Integrity Protocol (TKIP), is easier to setup using a pre-shared key, and can use RADIUS authentication.'"

7 of 300 comments (clear)

  1. WPA2, not WPA by JemVai777 · · Score: 5, Informative

    The real contender is WPA2, which employs the far stronger AES symmetric algorithm in place of RC4, and adds much-desired features such as fast roaming:

    WPA2 overview.

    If your hardware supports it, use WPA2. If not, settle for nothing less than WPA, as WEP is a joke and trivial to break into.

    --
    "The problem with our economy is that our budget is balanced by people who aren't" - A.E.N.
    1. Re:WPA2, not WPA by marcantonio · · Score: 4, Informative

      Actually 802.11i is WPA2.

  2. Not necessarily by JemVai777 · · Score: 4, Informative

    doesn't .11g have WPA TKIP

    The 802.11g spec does not mandate WPA; however, most modern cards and APs support it. While WPA has no known serious weaknesses, choose WPA2-compatible hardware if you're yet to purchase wireless equipment.

    --
    "The problem with our economy is that our budget is balanced by people who aren't" - A.E.N.
  3. Re:Ship APs with WPA Enabled? by NekoXP · · Score: 3, Informative

    I bought a Speedtouch 580 DSL modem as I just moved to Speakeasy, and lo and behold
    on the back of the modem is the MAC address of the eth0 port, and the default
    WEP/WPA key.

    Went in and changed it and everything is happy. But the thing shipped with WPA
    enabled and the default (which looks random..) key next to the serial number.

    Neko

  4. Re:Does this make me incredibly stupid? by Redshift · · Score: 3, Informative
    Now... How insecure is this really? And what does it really mean? It's not like the access point has unlimmitted range. I don't even think my nextdoor neighbor could hijack my connection. Should I worry that some dude is gonna park in front of my house and start leeching my connection?


    Yes.

    Have a look at this

  5. Re:None of which will matter by frodo+from+middle+ea · · Score: 4, Informative
    6 dumbest ways to secure WLAN

    and Some sensible advice on how really to secure it

    Mind you I don't recommend that you turn on SSID broadcast, or turn off mac addr. filtering, but, these options will diter only novice users from stumbling accidently on your WLAN.

    But security is not about stopping these novice users, who are less likely to cause any damage in the first place, It's more about stopping someone who is really determined to get in, in order to at best steal your bandwidth or at worst do some real damage like get sensetive data from your PCs.

    --
    for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
  6. Linux and WPA (Slightly Offtopic) by Halo- · · Score: 3, Informative
    Okay, I admit it. People think I'm a security freak, but I still run 802.11b with WEP enabled at home. I've got strong keys, I filter MACs, I disable beaconing, and have put up other minor fortifications, but I still know I'm running pretty open.

    So why haven't I improved things?

    Simple. Even though I'm a pretty technical Linux user, I've been unable to really feel confident going out and buying 802.11g stuff with WPA, because the existing documentation on the net is pretty bad.

    I'm waiting for the mythical "someone else" to set up a nice, straight-forward site that says "here are the cards you can buy at store X which support Linux and don't require binary drivers, patched kernels, and other crap" Sure, there are lists of chipsets, but the actual stores don't list the chipset in particular products often, and the vendors often have multiple versions of the same card with different chipsets.

    I think a lot of the problem is the actual hardware industry itself. 802.11b wasn't hard to get Linux support for, but because of the software controlled radio in 802.11g chipsets, it's a bit tricker legally.

    And don't get me started on Bluetooth. I got a new phone which has it, and I'd love to buy a little USB Bluetooth dongle so I can play with it, but right now the main Linux Bluetooth page has been asked to take down their list of devices known to work under Linux, because someone in the Bluetooth SIG complained the devices weren't technically qualified. (link) What a load of crap! So instead of getting a dongle which might not work, I'm just not going to get one at all. Everyone loses.

    PCMCIA Firewire card is marginally easier, but again, trying to track down and actual card for sale which matches the user-reported specs and models is pretty damn hard. I spent conservatively 3 hours online and in Fry's reading before I got a card which works great until you eject it and panic the kernel.

    I guess where I'm going with this rant is that wireless security (in the non-Windows world) would probably be better if the "standards" followed went a bit deeper and were more open to allowing outsiders to confidently buy products. All I'm asking for is a label or a sticker on the box telling me what chipset and version the device uses. It's not hard, and it shouldn't be a secret. Anyone technically savvy to make a purchasing decision based on chipset is technically savvy to figure out what chipset is in a device once they've bought it and spread the word.

    Wow... my first rant. Sorry about that....