Re: wireless network security best practice?
From: wesley (wesley_at_chefdiana-dot.com)
Date: 09/08/03
- Next message: Gary N.: "firewalls 101 - what goes where"
- Previous message: Les Mikesell: "Re: "Reverse routing" - a solution for spoofed packets"
- In reply to: erik: "Re: wireless network security best practice?"
- Next in thread: Frank Sweetser: "Re: wireless network security best practice?"
- Reply: Frank Sweetser: "Re: wireless network security best practice?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 07 Sep 2003 21:15:28 -0500
On Sat, 06 Sep 2003 22:20:06 +0200, erik wrote:
> wesley wrote:
>
>> On Mon, 25 Aug 2003 17:46:30 +0000, /dev/null wrote:
>>
>>> We have a local wireless net. Is 128 bit WEP and MAC filtering
>>> enough?
>>>
>>> I tend to think not, anyone could sniff and pick up MACs and then set
>>> their card to use that MAC, and eventually break the WEP at brute
>>> force.
>>>
>>> Feedback/Comments?
>>
>> To figure if your security is good enough, you first have to take a
>> look at the type of traffic you're running on your wireless network,
>> both in terms of security sensitivity and traffic volume. For example,
>> Fort Knox needs a lot more protection than the average home.
>>
>> One of the big issues with wireless is that your radio waves from your
>> access point don't stop at your home or office's walls. That feature
>> makes it possible for others to intercept and use your signal.
>>
>> While breaking a WEP transmission is certainly possible, it still
>> requires a LOT of data be gathered. Airsnort needs 5 to 10 million
>> packets in order to break a code, according to their info. In my case,
>> that means someone would have to park in front of my house for months
>> at a time to gather enough data to crack my 128 bit WEP code.
>>
>> On the other hand, an office with many high traffic users on their
>> wireless network could generate enough traffic in a short period of
>> time for their code to be cracked. Or, someone located in an apartment
>> building might have a neighbor who could monitor their connection for
>> months on end to try and break into their network.
>>
>> In my case, if I'm going to get paranoid about my wireless network at
>> home, then I also need to be paranoid about my ISP monitoring my
>> traffic in general. I need to quit giving my credit card to waiters
>> and salespeople when I buy stuff. I need to replace all the wood doors
>> in my house with metal security doors, and so on.
>>
>> Yeah, WEP has it holes and should be improved. WPA is going to help do
>> that and there will certainly be continued improvements down the road.
>>
>> But that doesn't mean I need to stop using wireless right now. A
>> typical home user is not a high-profile target for a wireless crook.
>> What hacker wants to spend months gathering data so he can break in
>> and get... what?
>>
>> Businesses, OTOH, need to be more careful as they generate a lot of
>> traffic, do so faster, and typically have more people trying to break
>> into their networks to get critical info. Some others have already
>> described methods to address those issues.
>>
>> But wireless security is just like any other security issue. One needs
>> to do a good risk assessment before going whole-hog. Your security
>> efforts should match the risk probablility involved.
>
> Wile you may have some points you forget several things:
> 1 It is signicantly harder to do anything wrong with a hardwired
> configuration, your ISP is not worth looking at security wise.
> 2 It is definately possible to crack WEP without considerable effort.
> 3 It is not about breaking in into your network, but about _abusing_
> your network. You do not want to be disconnected because your gateway
> was used to send spam or worse things.
> 4 Efficient security measures are very simple.
>
> In general security is not only about your (probably invaluable) data,
> but about being used as a stepping stone. The latter is something you
> need to prevent at all costs.
>
> EJ
Likewise, you have some good points, but apparently didn't read my
comments all that closely.
All the methods to crack WEP are easily available for download online, but
they also all require one thing - traffic. They need a lot of traffic to
pick up enough weak packets to break the key.
So, yes, my key can be cracked, but you're going to have to park in front
of my house for about six months to get the 5 to 10 million packets needed.
I think I might get a bit curious as to why you're sitting out there.
<g>
Out of curiousity, I recently set my laptop on my car seat while running
Kismet for a three mile drive from my house. I picked up 10 wireless
networks besides mine during the drive. 7 of the wireless networks had
never been changed from factory default settings. 3 others had settings
changed (new SSID, perhaps a new admin password) but were not running
encryption. My system was the only one running WEP.
So sure, WEP can be cracked. Many businesses probably generate enough
traffic to be cracked in a few hours. Many home systems might take months.
But why bother cracking anything when a majority of those home wireless
routers are still running factory defaults with no WEP? Spammers are like
all crooks - they'll go for the low-hanging fruit first, and there is
plenty of that out there.
- Next message: Gary N.: "firewalls 101 - what goes where"
- Previous message: Les Mikesell: "Re: "Reverse routing" - a solution for spoofed packets"
- In reply to: erik: "Re: wireless network security best practice?"
- Next in thread: Frank Sweetser: "Re: wireless network security best practice?"
- Reply: Frank Sweetser: "Re: wireless network security best practice?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
