?

Log in

No account? Create an account

Previous Entry | Next Entry

WiFi networking security

I've learned quite a bit about WiFi security this week. Several things that I thought made wireless computing secure has been completely blown out of the water. Something to think about to make changes in your own network.

1. Use WPA2. Forget WEP as it can be cracked in minutes. If your hardware, or upgraded firmware for your equipment does not support WPA2, get newer hardware. WPA2 is a standard that has been around for years. I've actually been using this for awhile now. Some old WiFi devices (old Palm devices) may not support it. I've also heard reports that some TiVo's that use wireless can't support WPA2 as well.

2. Use a strong password. We're talking 30+ characters with mixed punctuation and alphanumerics. You may need to use a text file or cheap USB flash drive to make it easy to cut and paste. This is your strongest line of defense to protecting your network. If you're limited to WEP (because of hardware support limitations), your password cannot be as large.

3. Forget MAC filtering. It can be hacked around in 1 minute. All someone needs to do is capture your MAC address as it sets up the wireless session and then the hacker can masquerade as that MAC address. This is incredibl easy to do. It's not worth the trouble of setting it up.

4. Forget hiding the SSID. By turning off SSID broadcast, you are only turning off beaconing. Beaconing is one of 5 methods the SSID is broadcast out over the air waves. Therefore, it buys you nothing to keep it hidden. It only takes a few seconds to get it over the air (hidden or not). Again, it's not worth the trouble of hiding it.

I welcome any other comments, corrections or other things I may have overlooked here. I'll be making changes to my network here and glad to turn off the mac filtering and hiding SSID to make it easier for friends who visit.

Tags:

Comments

( 6 comments — Leave a comment )
paterson_si
Jan. 26th, 2008 06:10 am (UTC)
...and I will just read and learn... :)
(Deleted comment)
snowboardjoe
Jan. 26th, 2008 03:35 pm (UTC)
Passwords
Depending on what protocol you are using, spaces may not be allowed. WPA2 does not allow spaces. It must be "printable" characters and guessing a "space" does not fall under that.

I am a fan of longer passwords though so that I can type a phrase instead of some super long word though. However, some web sites still limit you to 8 characters and that's ridiculous.

There is a good web site that can test the strength of your password interactively I found some time ago.
zonereyrie
Jan. 26th, 2008 05:36 pm (UTC)
As long as you use the TiVo-branded 802.11g WiFi adapter all TiVos that do WiFi will support WPA/WPA2. If you use a non-TiVo adapter then you're stuck with WEP.
bear_left
Jan. 27th, 2008 04:16 pm (UTC)
Thanks for sharing this. I'll have to take another look to see if my router is WPA-equipped; I think when I originally configured it, I couldn't get it to work with WPA, but I got WEP going. Not too reassuring to hear how easy that is to crack. I keep hoping they'll go for someone with more money than me! :)

What is MAC filtering?
snowboardjoe
Jan. 27th, 2008 05:15 pm (UTC)
Every device connected to an ethernet network has a unique MAC address. This is a machine address assigned to the interface that is unique from all other addresses on your network and on your computer where each interface (network port, wireless interface, etc.) is unique. A sample MAC address would be 00:1b:63:b3:32:c4 which happens to be my MAC address for my hard wired interface on my laptop here. This is different from having an IP address.

WAP devices offer MAC filtering as a security enhancement where you can restrict which MAC addresses are allowed to talk to it. People are lead to believe this is a major security enhancement. However, any one can override that hardware address that an interface uses and set their own. Thereby getting around the MAC filtering. It's sort of like changing the From: address in your email client so you can masquerade as someone else.
savage25
Jan. 28th, 2008 07:08 pm (UTC)
Good info! Thanks for sharing... :)
( 6 comments — Leave a comment )

Latest Month

April 2012
S M T W T F S
1234567
891011121314
15161718192021
22232425262728
2930     

Tags

Powered by LiveJournal.com
Designed by Tiffany Chow