Replying to Wireless Security (wep Vs Wpa)

So back to the original question of WEP Vs WPA? I choose neither for my home network and decided to run completely unencrypted.... (snip)

There are currently several organizations with the goal of providing free wireless to anyone who wants it.

You may also want to take a look at LifeNet http://thelifenetwork.org/. They are developing software to build ad-hoc networks using Wi-Fi and Bluetooth on portable devices (e.g. Android smartphones) but they can also make use of wireless access points if they are available and set up correctly. In a rural area, cell phone service can be fragile, and a few well-placed access points could allow someone to route an emergency call, especially if the Wi-Fi has a battery backup. You seem to have little problem installing custom software on your router, so it may be something to play with.

In our case, we are moving to a setup somewhat similar to yours. We have a few wired systems, and internal wireless network that is severely degraded by the walls of the house (chickenwire in the old plaster in places around here). Anything important internally goes over SSL/SSH anyway. We are putting a second access point with high-gain antennas on the roof firewalled from the local network and powered off of our small solar (and soon to be wind) R/E system so it will continue to be available in a power outage such as another regional ice storm (we've had two in the last four years and one EF5 tornado nearby). We are playing with the early LifeNet software in conjunction with local Neighborhood Watch efforts. We can also use a Wi-Fi PTT app on our smartphones on or near the farm. As a side benefit, I am loading a whole bunch of documentation on a webserver which will be accessible on the long-range Wi-Fi for all that stuff people wish they had downloaded before an emergency, like how to correctly wire a generator and not fry your linemen. With a good antenna and favorable terrain, we have been making Wi-Fi connections at 8 miles or so.

WAP = Wireless Access Point; ‘hotspots’ (public access) require no pass phrase and are ‘open’ (and dangerous to use).
WEP = early form of encryption; seldom used by knowledgeable administrators of a network because of inherently weak architecture (easy to crack & establish ‘man-in-the-middle’ attacks)
WPA = mid level encryption; decent security; preferred by many admin’s. with good architecture.
WPA2 = the best of all current common methods; some computer hardware will not support this level.

What is WPA?
WiFi Protected Access (WPA) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer’s equipment. WPA delivers a level of security way beyond anything that WEP can offer, bridges the gap between WEP and 802.11i networks, and has the advantage that the firmware in older equipment may be upgradeable.


How does WPA work?
WPA uses Temporal Key Integrity Protocol (TKIP). TKIP is designed to allow WEP to be upgraded. This means that all the main building blocks of WEP are present, but corrective measures have been added to address security problems.


How WPA improves on WEP
The weaknesses in WEP have been well publicized. TKIP’s improvements are described below. IV values can be reused/IV length is too short The length of the IV has been increased from 24bits to 48bits. Rollover of the counter is eliminated. Reuse of keys is less likely. In addition IVs are now used as a sequence counter, the TSC (TKIP Sequence Counter), protecting against replaying of data, a major vulnerability in WEP.

Weak IV values are susceptible to attack WPA avoids using known weak IV values. A different secret key is used for each packet, and the way the key is scrambled with the secret key is more complex. Master keys are used directly in WEP Master Keys are never used directly in WPA. A hierarchy of keys is used, all derived from the Master. Cryptographically this is a much more secure practice.

Key Management and updating is poorly provided for in WEP Secure key management is built-in to WPA, so key management isn’t an issue with WPA. Message integrity checking is ineffective WEP message integrity proved to be ineffective. WPA uses a Message Integrity Check (MIC) called, Michael! Due to the hardware constraints the check has to be relatively simple. In theory there is a one in a million chance of guessing the correct MIC. In practice any changed frames would first need to pass the TSC and have the correct packet encryption key even to reach the point where Micheal comes into operation. As further security Michael can detect attacks and performs countermeasures to block new attacks.


Conclusion
WPA (TKIP) is a great solution, providing much stronger security than WEP, addressing all the weaknesses and allowing compatibility and upgrades with older equipment.

I hope I never get to the point where I have to put restrictions on my access point but if I do, I still have the tools to do it. The main Linux router has Astaro (http://www.astaro.com) installed so I can limit the wireless network any way I need to. This is usually not possible with the comity home routers but I can control the type, amount, and time window of bandwidth.

If anyone else is interested, Astaro is free for home use and just needs two network adaptors on a discarded (but working) spare computer (http://www.astaro.co...tware-appliance).

Here is a story to add to the conversation ... a little more formal.

Nice. I could have done something similar at my most recent residence, but alas, the apartment complex was filled with trolls and rejects who felt that 16 clients torrenting over my Comcast Business Class was just being neighborly. My connection frequently exploded, and eventually I just said screw it and secured the whole shebang.

So in essence, yes, in some environments it is possible to provide a free and open access point for random passerby, but in densely populated, somewhat malignant locations, a bit of strategy is required, even though you kind of went over the top to create a bulletproof rural wireless network.

Anyhow, see you all tomorrow.


-JD

Here is a story to add to the conversation: “Amazon Cloud Power Used To Break Network Passwords” (http://news.yahoo.co...111/bs_nf/76850). Thomas Roth, a security researcher, used Amazon’s Elastic Cloud Computing (EC2) service to brute force wireless passwords. The EC2 service is basically a supercomputer that you can rent for 28 cents a minute. Roth’s average cost was $2 per password. Any wireless protocol (including WPA-PSK) that uses a pre-shared key is open to attack. Apparently this attack can only find matches based on a dictionary list.

So back to the original question of WEP Vs WPA? I choose neither for my home network and decided to run completely unencrypted. Anyone can connect and the access point ID is “OPEN”. I didn’t do this out of laziness but out of an informed discussion to be nice to my neighbors.

I live in a fairly rural area were maybe 5-6 people can even see my wireless connection. I trust most of my neighbors and I have weighed the discussion to be open with being secure. This doesn’t mean that all my banking information and such is open to anyone walking or driving by. Being nice to my neighbor doesn’t mean being stupid either. I have been in several situations where I needed Internet access away from home and occasionally I get lucky and find an open access point. The access points in question may or may not be left open on purpose but I am still grateful to find one. Perhaps I can be nice to someone else in their time of need.

I have setup my network in a very particular way as to offer open wireless and still keep myself safe. All of my internal computers are hardwired 1 Gbit Ethernet so there is no need for wireless. The wireless network is segregated behind two routers not including the main Linux router that feeds from my ISP connection. The two routers are in series which prevents APR spoofing onto my hardwired network as ARP does not pass through a router. There are some tricks to get past one router but to my knowledge there is no way to play ARP games with two routers. Secondly, both the wireless and hardwired internal network has the same subnet addresses. This means that even if someone on the wireless knew an internal IP address, it would route to the wireless subnet and never make it past the first router. As a finishing touch, the main Linux router has some nasty rules in place to prevent ANY traffic from passing from the internal to the wireless network and vice versa.

The only time I ever use the wireless network is if someone visits my house and needs to use the Internet. If they want to access any of my internal computers or the network printer then I have to tell them to get out their Ethernet cable because it simply isn’t possible from the wireless network. I do realize that some bad things can happen on an open wireless access point but I am willing to take the chance and fight the fight if needed. If laws are broken then it is up to the person breaking the law to go to jail and not me. The law is certainly still in flux on this matter but I will fight for my right to provide an open access point if needed.

There are currently several organizations with the goal of providing free wireless to anyone who wants it (http://en.wikipedia....mmunity_network) (http://en.wikipedia....works_by_region). These groups usually just make their current access point open with perhaps a customized login screen or user agreement. There is no such group in my area and I don’t see it as being very practical given my rural location. If something does come along I may make my wireless niceness a little more formal.

Did anyone read the article?

that wasn't directed at the last reply

WPA (and WPA2) Keys should always be generated and retardedly difficult to remember. You only need to configure the network once, add computers sometimes, etc.

Most Linksys routers and many other routers I've seen allow you to access the key through administration (which should only be accessible from a physically connected computer, check your settings), so you could retrieve it in the case of a new computer on the network, or a similar occasion.

WPA2 with a PSK encrypted via AES has only two attack vectors:

* Intercepting the handshake (nearly friggin impossible [so much so that it's essentially only theoretical]).

and

* Dictionary attacking the PSK.

Regardless, you should always use the absolute strongest key you can, such as one from https://www.grc.com/passwords.htm or a similar generator site. You then configure all of your computers, add AP Isolation if you don't plan to use file/printer sharing, and MAC Address Filtering for a final layer of security.

After all of this, you disable SSID Broadcast (make sure to use a complicated SSID as well, it factors into overall security, though I'm a huge fan of 'BDSM Image Host' just to freak out the snoops), use a spectrum analyzer to verify that you are on the channel with the lowest average amount of traffic, and Ta-da, you now have the most secure network you can manage without implementing a RADIUS key-exchange system.

This is one of those moments where one could say, "And that's how it's done."


-JD

WEP is ridiculously easy to crack. WPA is a bit harder to crack but not impossible. A brute force attack could definitely work. I recommend you go with WPA2. While it is still "crackable", it will be harder and more time consuming.

That just verifies everything I have said, the only way to crack a wpa key is a brute force attack