Slashdot Mirror
On The Current State of WiFi Security
An anonymous reader writes "A Flexbeta article covers the basics of WiF security. The article mentions mentions various ways of securing a WiFi network, how easy it is to crack WEP, and what the IEEE is doing about WiFi security. From the article: 'In order to address the security issues of WEP and the current Wi-Fi standards of 802.11a/b/g, the Institute of Electrical and Electronics Engineers (IEEE) is developing a new standard that is called 802.11i. This standard was developed with security in mind. The new standard implements new security entitled Wi-Fi Protected Access (WPA), which takes advantage of the Temporal Key Integrity Protocol (TKIP), is easier to setup using a pre-shared key, and can use RADIUS authentication.'"
The real contender is WPA2, which employs the far stronger AES symmetric algorithm in place of RC4, and adds much-desired features such as fast roaming:
WPA2 overview.
If your hardware supports it, use WPA2. If not, settle for nothing less than WPA, as WEP is a joke and trivial to break into.
"The problem with our economy is that our budget is balanced by people who aren't" - A.E.N.
I read a lot about wi-fi security. However, it keeps coming down to, why should I care? Yes, at work it is important to be very security aware. However, at home, I really don't care if someone is using my connection. If they are doing something that is hogging bandwidth, when I want to use it, I can boot them. My computer is protected and on the other side of a firewall. Information that passes over the router does not touch any storage device. So, back to the question, why should I care? (as a home user)
doesn't .11g have WPA TKIP
The 802.11g spec does not mandate WPA; however, most modern cards and APs support it. While WPA has no known serious weaknesses, choose WPA2-compatible hardware if you're yet to purchase wireless equipment.
"The problem with our economy is that our budget is balanced by people who aren't" - A.E.N.
and Some sensible advice on how really to secure it
Mind you I don't recommend that you turn on SSID broadcast, or turn off mac addr. filtering, but, these options will diter only novice users from stumbling accidently on your WLAN.
But security is not about stopping these novice users, who are less likely to cause any damage in the first place, It's more about stopping someone who is really determined to get in, in order to at best steal your bandwidth or at worst do some real damage like get sensetive data from your PCs.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
Mind you I don't recommend that you turn on SSID broadcast, or turn off mac addr. filtering, but, these options will diter only novice users from stumbling accidently on your WLAN.
Isn't that the point? If a knowledable and determined hacker wants to break into your network, chances are they're going to succeed unless you're a security expert yourself and highly vigilent.
I could write an article entitled "The six dumbest ways to secure your house." I'd start out with something like: "Locking your front door. People put strong locks on the door, when right next to it you have a windows made of fragile glass! Hello?!? Anyone with a brick can knock out the glass and walk right in!!!"
No, a MAC filter doesn't make your network impregnible. And locking your front door doesn't turn your house into Fort Knox. But if you're not Fort Knox, you don't need to have Fort Knox security. Make breaking into your network and effort and most people want bother. There's likely someone down the street that's broadcasting their SID and has no security at all. Why are they going to bother messing with you?
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
But how do you get the knife away from the shark?
In theory, practice and theory are the same. In practice, they're not.