Slashdot Mirror

← Back to Stories (view on slashdot.org)

On The Current State of WiFi Security

Posted by Zonk on from the it's-not-good dept.

An anonymous reader writes "A Flexbeta article covers the basics of WiF security. The article mentions mentions various ways of securing a WiFi network, how easy it is to crack WEP, and what the IEEE is doing about WiFi security. From the article: 'In order to address the security issues of WEP and the current Wi-Fi standards of 802.11a/b/g, the Institute of Electrical and Electronics Engineers (IEEE) is developing a new standard that is called 802.11i. This standard was developed with security in mind. The new standard implements new security entitled Wi-Fi Protected Access (WPA), which takes advantage of the Temporal Key Integrity Protocol (TKIP), is easier to setup using a pre-shared key, and can use RADIUS authentication.'"

15 of 300 comments (clear)

  1. WPA2, not WPA by JemVai777 · · Score: 5, Informative

    The real contender is WPA2, which employs the far stronger AES symmetric algorithm in place of RC4, and adds much-desired features such as fast roaming:

    WPA2 overview.

    If your hardware supports it, use WPA2. If not, settle for nothing less than WPA, as WEP is a joke and trivial to break into.

    --
    "The problem with our economy is that our budget is balanced by people who aren't" - A.E.N.
    1. Re:WPA2, not WPA by marcantonio · · Score: 4, Informative

      Actually 802.11i is WPA2.

  2. General Security by agarrett · · Score: 3, Insightful

    Standard setup for the average home network user seems to be

    Take box home
    Plug in box
    let windows xp do it's thing
    Use.

    Clearly for these advances to be of any use, customers must be informed of their necessity and setup must be kept as simple as possible (helped, i suprisedly add, by XPSP2's wireless configuration app)
    The technology is all well and good, as long as it's being used.

    --
    Go ahead and search, you will never find it all, I am baking muffins as I speak. - ComicBook Guy
  3. Why should I care? by Robertatwork · · Score: 4, Interesting

    I read a lot about wi-fi security. However, it keeps coming down to, why should I care? Yes, at work it is important to be very security aware. However, at home, I really don't care if someone is using my connection. If they are doing something that is hogging bandwidth, when I want to use it, I can boot them. My computer is protected and on the other side of a firewall. Information that passes over the router does not touch any storage device. So, back to the question, why should I care? (as a home user)

    1. Re:Why should I care? by Redshift · · Score: 4, Insightful

      Supposing it was a terrorist or a pedophile? How would you like Homeland Security or the FBI knocking on your door, asking you deep questions and impounding all your computer equipment for investigation? The suspicious activity did all originate from your IP address, after all.

      And how secure do you think your computer really is? When it is behind your router it has the advantage of being somewhat obscured to the rest of the world by NAT. A hacker inside your own network just has your software firewall to break down - one step closer. Furthermore, if he is able to get access to your router he probably also has access to everything you send - are you sure you want all that to be logged?

      You are very naive.

  4. What means this term "wireless security"? by $RANDOMLUSER · · Score: 3, Insightful
    The problem with wireless isn't people who read Slashdot, it's my parents going down to Best Buy and grabbing a wireless router, plugging it in and using it. Most people don't realize what they're broadcasting, or how easy it is for other people to tap into their home network, nor even why this would be a Bad Thing.

    When my folks go to the car lot, they know to look at the Buicks. When they go to Best Buy, they don't know they're looking at the equivalent of a crotch rocket motorcycle that will surely get them killed.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  5. Not necessarily by JemVai777 · · Score: 4, Informative

    doesn't .11g have WPA TKIP

    The 802.11g spec does not mandate WPA; however, most modern cards and APs support it. While WPA has no known serious weaknesses, choose WPA2-compatible hardware if you're yet to purchase wireless equipment.

    --
    "The problem with our economy is that our budget is balanced by people who aren't" - A.E.N.
  6. Ship APs with WPA Enabled? by domipheus · · Score: 3, Interesting

    As many people are saying, there is no point in advancing encryption standards if the average end user will not use it.

    On many sites, you sign up, and get given a random password. How hard would it be for manufacturers to ship AP's with a WPA enabled with a random password/key which is printed on the back of the user manual? (this is a genuine question) XP asks for a password when u try to connect to it automatically, and if you are using linux etc then you know know what the deal is anyway.

    1. Re:Ship APs with WPA Enabled? by NekoXP · · Score: 3, Informative

      I bought a Speedtouch 580 DSL modem as I just moved to Speakeasy, and lo and behold
      on the back of the modem is the MAC address of the eth0 port, and the default
      WEP/WPA key.

      Went in and changed it and everything is happy. But the thing shipped with WPA
      enabled and the default (which looks random..) key next to the serial number.

      Neko

  7. Re:Does this make me incredibly stupid? by Redshift · · Score: 3, Informative
    Now... How insecure is this really? And what does it really mean? It's not like the access point has unlimmitted range. I don't even think my nextdoor neighbor could hijack my connection. Should I worry that some dude is gonna park in front of my house and start leeching my connection?


    Yes.

    Have a look at this

  8. Re:None of which will matter by frodo+from+middle+ea · · Score: 4, Informative
    6 dumbest ways to secure WLAN

    and Some sensible advice on how really to secure it

    Mind you I don't recommend that you turn on SSID broadcast, or turn off mac addr. filtering, but, these options will diter only novice users from stumbling accidently on your WLAN.

    But security is not about stopping these novice users, who are less likely to cause any damage in the first place, It's more about stopping someone who is really determined to get in, in order to at best steal your bandwidth or at worst do some real damage like get sensetive data from your PCs.

    --
    for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
  9. Re:None of which will matter by B'Trey · · Score: 4, Insightful

    Mind you I don't recommend that you turn on SSID broadcast, or turn off mac addr. filtering, but, these options will diter only novice users from stumbling accidently on your WLAN.

    Isn't that the point? If a knowledable and determined hacker wants to break into your network, chances are they're going to succeed unless you're a security expert yourself and highly vigilent.

    I could write an article entitled "The six dumbest ways to secure your house." I'd start out with something like: "Locking your front door. People put strong locks on the door, when right next to it you have a windows made of fragile glass! Hello?!? Anyone with a brick can knock out the glass and walk right in!!!"

    No, a MAC filter doesn't make your network impregnible. And locking your front door doesn't turn your house into Fort Knox. But if you're not Fort Knox, you don't need to have Fort Knox security. Make breaking into your network and effort and most people want bother. There's likely someone down the street that's broadcasting their SID and has no security at all. Why are they going to bother messing with you?

    --

    "The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.

  10. Re:None of which will matter by FireFury03 · · Score: 3, Insightful

    But security is not about stopping these novice users, who are less likely to cause any damage in the first place

    I've got to argue with this - stepping back from the whole wireless thing and talking about security in general, I can tell you that the crackers that cause the most damage are the ones who really don't know what they're doing and have just picked up a cracking toolkit (i.e. script kiddies). The script kiddies frequently end up leaving a machine they've attacked in a completely destroyed state _by accident_ (their intention is to use the machine, not destroy it but frequently it ends up trashed). On the other hand, if your system is attacked by people who know what they're doing the chances are you won't notice for a long time.

    --
    http://blog.nexusuk.org
  11. Re:It's like swimming with sharks by jomegat · · Score: 5, Funny
    There's a saying among scuba divers, how do you fend off a hungry shark with a 2 inch knife? You stab your buddy and swim away.

    But how do you get the knife away from the shark?

    --

    In theory, practice and theory are the same. In practice, they're not.

  12. Linux and WPA (Slightly Offtopic) by Halo- · · Score: 3, Informative
    Okay, I admit it. People think I'm a security freak, but I still run 802.11b with WEP enabled at home. I've got strong keys, I filter MACs, I disable beaconing, and have put up other minor fortifications, but I still know I'm running pretty open.

    So why haven't I improved things?

    Simple. Even though I'm a pretty technical Linux user, I've been unable to really feel confident going out and buying 802.11g stuff with WPA, because the existing documentation on the net is pretty bad.

    I'm waiting for the mythical "someone else" to set up a nice, straight-forward site that says "here are the cards you can buy at store X which support Linux and don't require binary drivers, patched kernels, and other crap" Sure, there are lists of chipsets, but the actual stores don't list the chipset in particular products often, and the vendors often have multiple versions of the same card with different chipsets.

    I think a lot of the problem is the actual hardware industry itself. 802.11b wasn't hard to get Linux support for, but because of the software controlled radio in 802.11g chipsets, it's a bit tricker legally.

    And don't get me started on Bluetooth. I got a new phone which has it, and I'd love to buy a little USB Bluetooth dongle so I can play with it, but right now the main Linux Bluetooth page has been asked to take down their list of devices known to work under Linux, because someone in the Bluetooth SIG complained the devices weren't technically qualified. (link) What a load of crap! So instead of getting a dongle which might not work, I'm just not going to get one at all. Everyone loses.

    PCMCIA Firewire card is marginally easier, but again, trying to track down and actual card for sale which matches the user-reported specs and models is pretty damn hard. I spent conservatively 3 hours online and in Fry's reading before I got a card which works great until you eject it and panic the kernel.

    I guess where I'm going with this rant is that wireless security (in the non-Windows world) would probably be better if the "standards" followed went a bit deeper and were more open to allowing outsiders to confidently buy products. All I'm asking for is a label or a sticker on the box telling me what chipset and version the device uses. It's not hard, and it shouldn't be a secret. Anyone technically savvy to make a purchasing decision based on chipset is technically savvy to figure out what chipset is in a device once they've bought it and spread the word.

    Wow... my first rant. Sorry about that....