Wireless Security....

[anjali]

Hi,

I have always heared and read that wireless have a long way to go before they stabilize atleast on the security front.....

But the article which I read recently was eyeopening....

It shows how simple it is to break into any wireless network using a simple empty pringle can....

Article Courtesy BBC NEWS

http://news.bbc.co.uk/1/hi/sci/tech/1860241.stm

I would like to know how we can secure our wireless networks and current limitations with wireless networks...

Regards

Kalp

Found this one more article which actually demonstrates on how to make such cheap antennas

Link - o'reily networks

http://www.oreillynet.com/cs/weblog/view/wlg/448

In such cases .. how do we ensure the our wireless segment is secured.....

We are using RF for connecting some of our lactions.. and pursuing to implement on many other locations but after reading this.. I feel have we done a right thing by going for RF at first place.....

Regards

Kalp

[PacketStorm]

I have some experience in wireless routing and I know it is hard to make the decision on whether you should use the 'insecure' wireless networs or go for the CAT5 Cabling.

Despite what many people say a wireless network can be extremely secure when the right precautions.

I myself have recently been testing the security of wireless networks in the local area and most have been secure.

I have included some tips below to help you when buying and setting up your network:

1. Buy quality brand name gear, it may be a little more expensive but beleive me it is well worth it.

2. Purchase a wireless encryption program and/or enable the encryption that came with the wireless router itself.

3. if you are really serious hire somebody to come and physically attempt to break into to your system to find the vulnerabilities. (It is a good idea to get them to fix the problems they find)

4. Forget about wireless if you are so paranoid and get CAT5 cabling put through your home/workplace, and go to the trouble of plugging your notebook into your network every time you wish to use it.

Thats my two cents worth so...

Cheerio.

[Networker]

Wireless is by definition a security pb: Waves are flooding the area in every direction.
Therefore u can't garanty that someone is sniffing u.

Military use some TranSec techno to secure the physical layer. An example is frequency hopping. But most TranSec are consumming too much space in the spectrum and rates r very low (far less than 10Mb).

The only way to garanty at 99% confidentiality and integrity of wireless access is to use IPSec over it. (IPSec encryption may be cracked one day but I never heard about it...)

802.1x (IEEE) is a good authentication WI-FI protocol it's not very mature but you'll get rid of script kiddies trying to get free internet access.

[Maestr0]

I have found that Ciscos' LEAP encryption when set up properly can provide an additional amount of security that WEP is unable to provide. Using LEAP and session based keys can greatly increase the overall level of security but proper configuration and good auditing is a must. Also make sure your wireless network is properly segmented from your wired network and treat all wireless traffic as untrusted(unless you're VERY sure of yourself)also there are many RADIUS servers which allow 802.1x authentication such as Radiator http://www.open.com.au/radiator/technical.html#wireless

-Maestr0

[mmelby]

I agree with Network. For our organizations wireless traffic we run it inside of a VPN. That will take care of all security issues regarding sniffing. This is cost justifiable in a bussiness setting but is a little much home use. I feel that 128 bit WEP for home is probably sufficient.

Another alternative that is becoming avaiable with 802.11a is frequency hopping. The advantage is it is VERY hard to sniff. The downside is it requires equipment from the same vendor as the technology is propiatary to the vendor.

Other things you can do that don't cost anything...

Configure your AP to not broad cast your SSID

Some AP's allow you to configure specific MAC addresses for access

CHANGE THE DEFAULT PASSWORDS !!!


Good Luck

[NeuTron]

Wireless is by definition a security pb: Waves are flooding the area in every direction.
Therefore u can't garanty that someone is sniffing u.

I couldn't agree more. The newest version of Maximum Security has an entire chapter that explained how wireless networking has set network security back twenty years. You can make a wireless network more secure but it will never be "secure" from those who know what they're doing. Take a look at an app called WEPCRACK. It can break a 128-bit Wep key with enough time.
-NeuTron

[nabylbt]

Yeap the wep encription is quite shity. I haven't looked at the 128-bit one yet but the previous one could be crakced in less then 20mins.

Raduis, rotation keys, no broadcasting of ssid... all of these are basics that have to be enabled. a combination of at least two will divert any script kiddy.

Yet something more simple to do is to pay extra attention to the loaction of the AP. if you have a wifi net in a 3 story building don't put it on the firts floor. Rather think in 3 dimensions so that the coverage is non existant on the outside.

my 2 cents

[SirDirge]

I would never use a wireless network. I've tesed exploiting an 802.11b network with only a Linux laptop and a GPS. And it's a discrase to the world of security, it wasn't long untill I had the password for the network and was able to hijack it.

[yuna_admirer]

I've got it all.

With a ROUGE AccessPoint (secretly insert between the roaming area of the public wireless Network ( between other legal AP). I''ve managed to captured all SSID, WAP information. So, it's useless with some Hacker with an AP )

[anjali]

Thanks all.....

Yeah I was thinking of encrypting the channel with the inbuilt wep option... But I shall need to try and see how we can have ipsec security.....

Regards

Kalp