Slashdot Mirror

← Back to Stories (view on slashdot.org)

On The Current State of WiFi Security

Posted by Zonk on from the it's-not-good dept.

An anonymous reader writes "A Flexbeta article covers the basics of WiF security. The article mentions mentions various ways of securing a WiFi network, how easy it is to crack WEP, and what the IEEE is doing about WiFi security. From the article: 'In order to address the security issues of WEP and the current Wi-Fi standards of 802.11a/b/g, the Institute of Electrical and Electronics Engineers (IEEE) is developing a new standard that is called 802.11i. This standard was developed with security in mind. The new standard implements new security entitled Wi-Fi Protected Access (WPA), which takes advantage of the Temporal Key Integrity Protocol (TKIP), is easier to setup using a pre-shared key, and can use RADIUS authentication.'"

15 of 300 comments (clear)

  1. None of which will matter by HUADPE · · Score: 2, Insightful

    None of which will matter if people do not put passwords on their networks that arent "default" "administrator" or "home." Oh, first post!

    --
    This sig has not been evaluated by the FDA. It is not designed to diagnose, treat, prevent, or cure any disease.
    1. Re:None of which will matter by Anonymous Coward · · Score: 1, Insightful

      Human negligence has almost always been the number one factor in insecurity; and it isn't going away anytime soon.

    2. Re:None of which will matter by B'Trey · · Score: 4, Insightful

      Mind you I don't recommend that you turn on SSID broadcast, or turn off mac addr. filtering, but, these options will diter only novice users from stumbling accidently on your WLAN.

      Isn't that the point? If a knowledable and determined hacker wants to break into your network, chances are they're going to succeed unless you're a security expert yourself and highly vigilent.

      I could write an article entitled "The six dumbest ways to secure your house." I'd start out with something like: "Locking your front door. People put strong locks on the door, when right next to it you have a windows made of fragile glass! Hello?!? Anyone with a brick can knock out the glass and walk right in!!!"

      No, a MAC filter doesn't make your network impregnible. And locking your front door doesn't turn your house into Fort Knox. But if you're not Fort Knox, you don't need to have Fort Knox security. Make breaking into your network and effort and most people want bother. There's likely someone down the street that's broadcasting their SID and has no security at all. Why are they going to bother messing with you?

      --

      "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

    3. Re:None of which will matter by FireFury03 · · Score: 3, Insightful

      But security is not about stopping these novice users, who are less likely to cause any damage in the first place

      I've got to argue with this - stepping back from the whole wireless thing and talking about security in general, I can tell you that the crackers that cause the most damage are the ones who really don't know what they're doing and have just picked up a cracking toolkit (i.e. script kiddies). The script kiddies frequently end up leaving a machine they've attacked in a completely destroyed state _by accident_ (their intention is to use the machine, not destroy it but frequently it ends up trashed). On the other hand, if your system is attacked by people who know what they're doing the chances are you won't notice for a long time.

      --
      http://blog.nexusuk.org
    4. Re:None of which will matter by Golias · · Score: 2, Insightful

      I was thinking of more, how can I phrase a flyer to put in people's mailboxen (God, am I a geek...) and on bulletin boards. I'm not really comfortable sending stuff to people's computers, because, although the threshold of legal/illegal use of someone's WiFi is fuzzy, I would consider that past it, or at least quite suspicious.

      I've got a great idea for how you can handle this situation.

      You can mind your own business.

      If there's a sudden rise of criminals using home WiFi all over the country, there will be a crackdown, and people will learn to take the steps they need to. Until then, there are bigger things in the world to be concerned about.

      --

      Information wants to be anthropomorphized.

    5. Re:None of which will matter by FireFury03 · · Score: 2, Insightful

      I guess what I am trying to say is security is not absolute, but a relative measure. There is no checklist that you can tick away and say OK I am now secure.

      Absolutely - security is always a balancing act between security and usability. On one end of the scale we have the most secure setup - you have everything unplugged and turned off all the time. Obviously whilest that's completely secure from remote attack it's also completely unusable. On the other end of the scale is no security and everything's really easy to use.

      A check list of _possible_ security measures and their repercussions would probably be a good thing to make someone look through when they're installing a wireless network though.

      For example:

      1. (ignoring it's security weaknesses for a moment) WEP is remarkably easy to set up and has very few usability problems so that's quite high on the list. The only usability problems I can think of is the effort of typing your passphrase into new machines when you connect them to the AP.

      2. MAC filtering is slightly more complex to set up since you have to extract the MAC from a new machine and then configure the AP to allow it. If you have a reasonably static network setup then that might be the option for you, but if new machines are coming and going all the time then probably not.

      These are the sort of thins which people who are setting up a network really need to think through. It's really not that different from securing your house:

      1. Do we want a lock on the door? It has the disadvantage that if you lose your keys then you're screwed.

      2. Do we want bars on the windows? It increases security but also increases the risk of you not being able to escape a fire.

      etc.

      At the moment, a large proportion of people are handed an access point that's pre-configured to be fully open and they are never made to think of the security questions - it's like going out and buying a front door for your house, getting it fitted and noone mentioning that it doesn't have a lock on it as standard.

      --
      http://blog.nexusuk.org
  2. General Security by agarrett · · Score: 3, Insightful

    Standard setup for the average home network user seems to be

    Take box home
    Plug in box
    let windows xp do it's thing
    Use.

    Clearly for these advances to be of any use, customers must be informed of their necessity and setup must be kept as simple as possible (helped, i suprisedly add, by XPSP2's wireless configuration app)
    The technology is all well and good, as long as it's being used.

    --
    Go ahead and search, you will never find it all, I am baking muffins as I speak. - ComicBook Guy
  3. What means this term "wireless security"? by $RANDOMLUSER · · Score: 3, Insightful
    The problem with wireless isn't people who read Slashdot, it's my parents going down to Best Buy and grabbing a wireless router, plugging it in and using it. Most people don't realize what they're broadcasting, or how easy it is for other people to tap into their home network, nor even why this would be a Bad Thing.

    When my folks go to the car lot, they know to look at the Buicks. When they go to Best Buy, they don't know they're looking at the equivalent of a crotch rocket motorcycle that will surely get them killed.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  4. Current State: Safe by Mensa+Babe · · Score: 2, Insightful

    According to Bruce Schneier, the security risks if WiFi are vastly exaggerated.

    --
    Karma: Positive (probably because of superiour intellect)
  5. Can a broadcast signal ever be secure? by G4from128k · · Score: 2, Insightful

    While I applaud attempts to secure WiFi, it would seem that wireless will always add another channel of vulnerability to any IT system, especially because WiFi is so often deployed inside the firewall. WiFi system are generally vulnerable to both internet-based attacks and wireless attacks. And even if the 802.11i protocol "secure," there is little guarantee that both the AP and the client wifi transceiver have a secure implementation of the protocol or that the user configures the system in a secure fashion.

    As inconvenient as wires are (and even they are not totally secure), they do reduce the amount of one personal information freely broadcast into the ether.

    --
    Two wrongs don't make a right, but three lefts do.
  6. Re:End user has the burden by Knome_fan · · Score: 2, Insightful

    While I agree in general, I don't think blaming the end user is really fair.

    After all, wifi and computers nowadays get sold as something easy to use and setup. Just plug it in and it works.

    Unfortunately, the reality doesn't really live up to the promises.
    That is, even if the just works part is true (which of course everyone who has been the resident computer geek for friends and family knows isn't always the case, to put it mildly), in many cases the default setup is simply unbelievably insecure.

    To sum it up, people are told things about computers and wifi that simply aren't true. As most people are not interested in computers and shouldn't be just to be able to use them, it's really unfair to blame them for believing the hype.

  7. Re:Why should I care? by Redshift · · Score: 4, Insightful

    Supposing it was a terrorist or a pedophile? How would you like Homeland Security or the FBI knocking on your door, asking you deep questions and impounding all your computer equipment for investigation? The suspicious activity did all originate from your IP address, after all.

    And how secure do you think your computer really is? When it is behind your router it has the advantage of being somewhat obscured to the rest of the world by NAT. A hacker inside your own network just has your software firewall to break down - one step closer. Furthermore, if he is able to get access to your router he probably also has access to everything you send - are you sure you want all that to be logged?

    You are very naive.

  8. Re:WPA2, not WPA by Anonymous Coward · · Score: 1, Insightful

    "WEP is a joke and trivial to break into"

    Yes, but some older hardware does not support it. Also, if protecting your data is really important, you probably should not trust WPA either, but use a VPN or encrypt your data in some other way. If the goal is to make enough of a barrier (like a window on a house) that nobody can say they "didn't know" they were using your network to d/l their illegal files. WEP is good enough to prevent "accidental" network connection.

  9. Answer is quite simple. by o517375 · · Score: 2, Insightful

    Build a lightweight VPN server into every router, such as Openvpn which uses TLS/HMAC and RSA keys. The router could easily generate and distribute the keys (over the wire) for wireless encapsulation.

  10. strong security over wireless is possible by PureFiction · · Score: 2, Insightful

    IPSec SHA256 AH AES128 ESP

    We setup such a configuration at DEFCON and despite various attacks against both AP and client, including evil twin, WDS exploits, traffic replay, etc. the network was absolutely impenetrable.

    The only secure configuration I would consider would be WPA2 with RADIUS authentication. Pre-shared key is vulnerable to dictionary attacks so be sure to key with a good random string if you use this mode.