Wow - just got back from supper and I didn't expect anywhere near this much discussion, thx!
Quote:
The way I understand it is that if you use any encryption then the SSID will be encrypted anyway when the connections take place.... and SSID broadcast is off.... I think.... - Tiger Shark
Yeah, I couldn't find anything to specifically encrypt the SSID but I *think* anything that encrypts everything transmitted over the network would also encrypt the SSID along with everything else. Also, I've heard that when someone does happen to get bits of info through screwups in the encryption (yeah, not a very technical explanation but hey...I'm learning right along with you guys on this one...) - it's not likely to be the SSID that they get (which is what they need). About turning the SSID broadcast off - I read something somewhere that said it would cause some kind of conflicts but I can't find it again. I recall that it's just a small drop in effeciency though so preventing the SSID from being broadcast can be a very effective preventative measure although there may be some slight cost to it.
Quote:
Nice article, btw, very well put together. In addition, I'd like to add that you can also secure wireless networks with the implementation of a VPN. Using a VPN for one, will encrypt all of the data passing through it, even if you don't use wep, which is weak anyways. The VPN could be used as a gateway, forcing users to authenticate before being allowed access to network resources. VPN over wi-fi is a great way to secure a not so secure your wireless network. - PuReExcTacy
I did some research on VPN's but didn't include them into this tutorial because I never gained a good understanding of exactly what it is that they do. There will be a part 2 to this though to cover things more indepth - this was meant to be an introduction. Oh, and thx for the compliment!
Quote:
Kudo's to you - Spyder32
Lol, I like kudos....
Quote:
Ok, so question: given that WEP is a wee bit weak, how much of a difference does it make to use more than one key? Our USR can use up to four WEP keys, but I'm thinking, is it pointless, since you'd just have four weak keys, or does it make a significant difference? - AngelicKnight
I think you're actually asking 2 different questions. Any key can be weak if it can be guessed or maybe brute forced somehow? Having four different ones is better than just one only in that once you have one of them, you can only access a fourth of things transmitted...unless it's configured somehow so someone would need *all four* keys to read anything...there's a thought. Haven't heard of anything like that tho. Of course - with any information you get from cracking one it becomes easier to crack the others... The problem isn't not having enough keys - it's the fact that the key(s) stay the same for an indefinite period of time and it only takes about a day (or less) to crack one. TKIP fixes this problem by automatically changing the keys after every 10,000 packets of information sent over the network. How long that takes of course depends on the volume of traffic flowing across the network... Somebody said something like 40 minutes? No clue if that's accurate. Also the newer protocol 802.1X is supposed to dynamically assign encryption keys to all LAN devices. More on 802.1X and related protocols will be in the next tutorial.
Quote:
Good tutorial. Unfortunatly, you didn't cover RADIUS servers at all (which is what I hoped to learn about, guess I need to hit google). Also, my router allows for a few different encryption methods. The 2 you talked about (WEP and TKIP) and it also allows AES encryption. Obviously TKIP is better then WEP, but what about a comparison between TKIP and AES. I'm not that well versed in different encryption methods. I guess that would be a topic in the cryptography forum. - annihilator_god
Crap, t'would seem I completely missed something that should have gone in this tutorial....I'm really sorry. I promise to put a decent section on AES (and comparisons) in the next tutorial. That may not be for another month tho... I'll be researching the latest developments in WLAN and WAN security and I'll probably go into detail about the difference between the two networks next time too. Thx a lot to PhishPhr33k for giving me ideas about what to research next! Also thx to everyone for your responses!