Wireless Security....
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Wireless Security....

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    159

    Wireless Security....

    Hi,

    I have always heared and read that wireless have a long way to go before they stabilize atleast on the security front.....

    But the article which I read recently was eyeopening....

    It shows how simple it is to break into any wireless network using a simple empty pringle can....

    Article Courtesy BBC NEWS

    http://news.bbc.co.uk/1/hi/sci/tech/1860241.stm

    I would like to know how we can secure our wireless networks and current limitations with wireless networks...

    Regards

    Kalp

    Found this one more article which actually demonstrates on how to make such cheap antennas

    Link - o'reily networks

    http://www.oreillynet.com/cs/weblog/view/wlg/448

    In such cases .. how do we ensure the our wireless segment is secured.....

    We are using RF for connecting some of our lactions.. and pursuing to implement on many other locations but after reading this.. I feel have we done a right thing by going for RF at first place.....

    Regards

    Kalp

  2. #2
    Junior Member
    Join Date
    May 2003
    Posts
    13
    I have some experience in wireless routing and I know it is hard to make the decision on whether you should use the 'insecure' wireless networs or go for the CAT5 Cabling.

    Despite what many people say a wireless network can be extremely secure when the right precautions.

    I myself have recently been testing the security of wireless networks in the local area and most have been secure.

    I have included some tips below to help you when buying and setting up your network:

    1. Buy quality brand name gear, it may be a little more expensive but beleive me it is well worth it.

    2. Purchase a wireless encryption program and/or enable the encryption that came with the wireless router itself.

    3. if you are really serious hire somebody to come and physically attempt to break into to your system to find the vulnerabilities. (It is a good idea to get them to fix the problems they find)

    4. Forget about wireless if you are so paranoid and get CAT5 cabling put through your home/workplace, and go to the trouble of plugging your notebook into your network every time you wish to use it.

    Thats my two cents worth so...

    Cheerio.
    Thats my two cents worth so...
    Cheerio.
    iRoute.net
    PacketStorm

  3. #3
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Wireless is by definition a security pb: Waves are flooding the area in every direction.
    Therefore u can't garanty that someone is sniffing u.

    Military use some TranSec techno to secure the physical layer. An example is frequency hopping. But most TranSec are consumming too much space in the spectrum and rates r very low (far less than 10Mb).

    The only way to garanty at 99% confidentiality and integrity of wireless access is to use IPSec over it. (IPSec encryption may be cracked one day but I never heard about it...)

    802.1x (IEEE) is a good authentication WI-FI protocol it's not very mature but you'll get rid of script kiddies trying to get free internet access.
    [shadow] SHARING KNOWLEDGE[/shadow]

  4. #4
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    I have found that Ciscos' LEAP encryption when set up properly can provide an additional amount of security that WEP is unable to provide. Using LEAP and session based keys can greatly increase the overall level of security but proper configuration and good auditing is a must. Also make sure your wireless network is properly segmented from your wired network and treat all wireless traffic as untrusted(unless you're VERY sure of yourself)also there are many RADIUS servers which allow 802.1x authentication such as Radiator http://www.open.com.au/radiator/technical.html#wireless

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  5. #5
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    I agree with Network. For our organizations wireless traffic we run it inside of a VPN. That will take care of all security issues regarding sniffing. This is cost justifiable in a bussiness setting but is a little much home use. I feel that 128 bit WEP for home is probably sufficient.

    Another alternative that is becoming avaiable with 802.11a is frequency hopping. The advantage is it is VERY hard to sniff. The downside is it requires equipment from the same vendor as the technology is propiatary to the vendor.

    Other things you can do that don't cost anything...

    Configure your AP to not broad cast your SSID

    Some AP's allow you to configure specific MAC addresses for access

    CHANGE THE DEFAULT PASSWORDS !!!


    Good Luck
    Work... Some days it's just not worth chewing through the restraints...

  6. #6
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    Wireless is by definition a security pb: Waves are flooding the area in every direction.
    Therefore u can't garanty that someone is sniffing u.
    I couldn't agree more. The newest version of Maximum Security has an entire chapter that explained how wireless networking has set network security back twenty years. You can make a wireless network more secure but it will never be "secure" from those who know what they're doing. Take a look at an app called WEPCRACK. It can break a 128-bit Wep key with enough time.
    -NeuTron

  7. #7
    Senior Member
    Join Date
    Dec 2001
    Posts
    321
    Yeap the wep encription is quite shity. I haven't looked at the 128-bit one yet but the previous one could be crakced in less then 20mins.

    Raduis, rotation keys, no broadcasting of ssid... all of these are basics that have to be enabled. a combination of at least two will divert any script kiddy.

    Yet something more simple to do is to pay extra attention to the loaction of the AP. if you have a wifi net in a 3 story building don't put it on the firts floor. Rather think in 3 dimensions so that the coverage is non existant on the outside.

    my 2 cents
    assembly.... digital dna ?

  8. #8
    Banned
    Join Date
    Jun 2003
    Posts
    29
    I would never use a wireless network. I've tesed exploiting an 802.11b network with only a Linux laptop and a GPS. And it's a discrase to the world of security, it wasn't long untill I had the password for the network and was able to hijack it.

  9. #9
    I've got it all.

    With a ROUGE AccessPoint (secretly insert between the roaming area of the public wireless Network ( between other legal AP). I''ve managed to captured all SSID, WAP information. So, it's useless with some Hacker with an AP )
    Let\'s go to Paramount Great America !!!! LFC (LookingForChick)

  10. #10
    Senior Member
    Join Date
    May 2003
    Posts
    159
    Thanks all.....

    Yeah I was thinking of encrypting the channel with the inbuilt wep option... But I shall need to try and see how we can have ipsec security.....

    Regards

    Kalp
    ****** Any man who knows all the answers most likely misunderstood the questions *****

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •