Securing a Wireless Network

[Aesgir]

I believe nath might be talking about this Wi-Fi Protected Access (WPA) Cracked | The Apple Core | ZDNet.com

It's a proof of concept on the cracking of WPA using a 3rd party app. Luckily your average guy leeching bandwidth from his neighbours isn't gonna bother cracking WPA-PSK.

Again the crux of the matter is it's tied to poor user passwords.

 

[Deebs]

Thats the point and I believe it is due to terms used but WPA as a protocol has not been compromised in the slightest, much like AES is still secure. WEP on the other hand can be compromised without KNOWING the password.

That is just a program attempting to validate a list of passwords until one works. If you do not have the password for a WPA/WPA2 protected WiFi then at this point in time you are NOT gaining access.

coWPAtty is a brute-force cracking tool, which means that it systematically attempts to crack the WPA-PSK by testing numerous passwords, in order, one at a time.

 

[cHodAX]

Gah, been using WEP for 2 years but you have me worried now. Gonna have a fiddle and see if I can get WPA up, I think my access point for the 360 only supports WEP though.

 

[nath]

Chodax - I honestly wouldn't worry *that* much about it. If you're really concerned and find that you have to stick with wep, you could always enable mac address filtering. Granted, that can be beaten with mac-spoofing but all in all, it's pretty unlikely.

Also, with respect to packet sniffing/people listening in on what you're doing on the net etc - anything sensitive such as online banking will be encrypted from the site to your machine regardless of your wifi, and I'm pretty sure the SSL theses sites use is nigh on unbreakable.

 

[Deebs]

Nath

It is not just about someone hijacking your wifi. What is stopping them from then attempting to gain access to any devices on your "private" network?

You know, that ultrasecure network you have where you have now created shares that have no authentication applied to them are now open for all and sundry.

Anyone who values their own data should take the steps necessary to protect it.

 

[Aesgir]

Well yeah, there's no doubt the confusion on this is terms used. WPA hasn't been 'cracked' as such, it can just be crowbarred open if you aren't careful with passwords. It's reccommended you place a 20 character password in most router packaging, although most people don't bother with that. They definitely should, but don't bother reading that far in.

Let's face it, the more secure the network, the better it is. Hopefully we've managed to help people with this thread lol. Wi-fi security is important after all

 

[nath]

Aye Deebs but it's all relative. One of my wireless routers is pumping out a wep signal so I can get online with my Nintendo DS (which doesn't support WPA). The reason I'm not concerned about this is that a) I highly doubt there's anyone in the immediate surrounding area that would bother to hack in to the system, and if they did there's not much interesting stuff there. I imagine this is the same for the majority of people which is why I don't think it's something most people need to be *that* worried about.

I'm not arguing the case for everyone going for WEP and leaving it at that, just that if that's all that's available to you, I wouldn't be too concerned about it as the likelihood of being attacked is so slim. Of course, if WPA is available to you, obviously it's worth going for - and evidently choosing a strong password.

Naturally businesses will want to take wifi security much more seriously than average home users.

 

[yaruar]

just out of interest how secure is mac address filtering, i assume with the right software you can spoof mac addresses, but how easy is it to do this in practice?

 

[Jonty]

Hi yaruar

I don't know if how easy it is to spoof a MAC address, if it's even possible, but you would need to know which MAC addresses are allowed on the network. Presuming the network only enables specific addresses/devices, and not a range, then knowing which address to spoof may be very difficult. Either way, your average joe probably doesn't know what a MAC address is, let alone how to use it to bypass network security

Kind regards

 

[yaruar]

Hi yaruar

I don't know if how easy it is to spoof a MAC address, if it's even possible, but you would need to know which MAC addresses are allowed on the network. Presuming the network only enables specific addresses/devices, and not a range, then knowing which address to spoof may be very difficult. Either way, your average joe probably doesn't know what a MAC address is, let alone how to use it to bypass network security

Kind regards

Just having a brief look spoofing a mac address doesn't seem that tricky, especially with the ability to create virtual interfaces.
google appears to be my friend.
http://forskningsnett.uninett.no/wlan/download/wlan-mac-spoof.pdf
being 48bit it's probably quite easy to brute force as well, although one would hope that most wireless routers have some kinf of built in brute force detection for stuff like this...
one day i'll actually branch out and learn more about networking