Security Options for wifi

Discussion in 'Computers' started by ShiftZZ, Sep 4, 2012.

  1. ShiftZZ

    ShiftZZ Funster Life Member

    Joined:
    Feb 19, 2008
    Messages:
    19,821
    Likes Received:
    35,877
    Location:
    Leicestershire
    Whats the best level of securuity?

    WEP - Wired Equivalent Privacy, use WEP 64- or 128-bit data encryption

    WPA-PSK [TKIP] - Wi-Fi Protected Access with Pre-Shared Key, use WPA-PSK standard encryption with TKIP encryption type

    WPA2-PSK [AES] - Wi-Fi Protected Access version 2 with Pre-Shared Key, use WPA2-PSK standard encryption with the AES encryption type

    WPA-PSK [TKIP] + WPA2-PSK [AES] - Allow clients using either WPA-PSK [TKIP] or WPA2-PSK [AES]


    Suggestion would be appreciated...
     
  2. acting_strange

    acting_strange

    Joined:
    May 16, 2010
    Messages:
    3,398
    Likes Received:
    2,568
    Location:
    North Hykeham
    Last edited: Sep 4, 2012
    • Like Like x 2
  3. bungy

    bungy Funster

    Joined:
    Jan 24, 2010
    Messages:
    2,246
    Likes Received:
    4,127
    Location:
    Welsh marches
    WPA2-AES with a pre shared key of at least 13 ascii characters...as safe as can be done in a home environment

    basically its an evolution

    WEP>WPA>WPA2

    WPA2 is the newest version of wireless protected access and is fully compliant with the IEEE 802.11i. standard and fixes a number of issues in the previous versions. WPA2 is by far the best of the lot - WEP and WPA are quite easily hackable to be honest (for info WEP is now banned in the payment card industry..as it is easily cracked)

    TKIP and AES are encryption protocols - the later being the strongest and also provides for higher data transfer rates that most newer home routers allow. TKIP is well past its sell by date and is due to be dropped as a standard very soon

    One thing though - id never advise anyone use the Wi-Fi Protected Setup available on most wifi devices - the one where you push a button on the device and then the computer and it sort themselves out, whilst it may be easier to do...you may as well not bother with any security as it is a tad easy to get round - with alarmingly little hacker knowledge
     
    Last edited: Sep 4, 2012
    • Like Like x 2
  4. hilldweller

    hilldweller Funster Life Member

    Joined:
    Dec 5, 2008
    Messages:
    26,426
    Likes Received:
    25,079
    Location:
    Macclesfield
    You don't say much but when you do it's concise and accurate ( I assume ), that's refreshing round here.

    I checked my zyxel and it was set on WPA, changed to WPA2 now.
     
    • Like Like x 1
  5. bungy

    bungy Funster

    Joined:
    Jan 24, 2010
    Messages:
    2,246
    Likes Received:
    4,127
    Location:
    Welsh marches
    Im going to send that to the misses as evidence of what ive been telling here for years :Rofl1:
     
  6. hilldweller

    hilldweller Funster Life Member

    Joined:
    Dec 5, 2008
    Messages:
    26,426
    Likes Received:
    25,079
    Location:
    Macclesfield
    I wish you luck. God, you'll owe me a big beer if it works.
     
  7. activecampers

    activecampers Read Only Funster

    Joined:
    Jul 28, 2008
    Messages:
    420
    Likes Received:
    102
    Location:
    Heathrow
    Anything apart from WEP is fine.
    WEP takes seconds to hack, anything else isn't worth bothering with.

    Though not many people really break it, and it doesn't affect your bank securty even if its unsecured. All it really matters for in the real world is using bandwidth.
     
  8. ShiftZZ

    ShiftZZ Funster Life Member

    Joined:
    Feb 19, 2008
    Messages:
    19,821
    Likes Received:
    35,877
    Location:
    Leicestershire
    If WEP is that easy to get past, how? PM me if you wish...
     
  9. activecampers

    activecampers Read Only Funster

    Joined:
    Jul 28, 2008
    Messages:
    420
    Likes Received:
    102
    Location:
    Heathrow
    Technically complicated and even as an IT guru :Eeek: not sure I understand the detail.

    Basically, its all about joining a network (bypassing MAC authentication if needed, so spoof MAC if needed), listening for a partcular packet, once you get it you can use it as an injection vector, fire it back at router and it will then respond. (particular ARP packets). Once you have this vector you can get maybe 10,000 packets a minute from said router which you then capture.

    You then apply maths to the resultant captures and you can calculate the key.

    But ignore all that, as I've probably explained it incorrectly, and best you google "backtrack" and watch YouTube clips. But really, it is trivial. 5 mins max (where you can). Some WEP networks you can't for other reasons, but the majority you can. Its all "almost" automated with scripts and you can follow instructions. (I have written my own script which does more automatically)

    Note: Its public domain info, and still "non trivial" for non techies, so don't think its easy for for everyone. So nothing naughty posted here. 99% of people who read this will fail even following instructions!

    Note 1: The network needs to have another device on for you to intercept the trafic between them to capture and generate the injectionb vector. If its just a router and no clients, you can't. Also if the client is doing nothing it may take an age to see the correct packet to calculate the vector. If client is doing stuff, even simple web stuff, it will see the right packet in seconds.

    Note 2: Its all done under LINUX, Windows will not allow you to do it (designed in as a security block)

    Note 3: You need a cheap wifi card, like the long range rocket, as Intel also design the ability out in some of their chipsets. How rude eh?

    Note 4: See http://www.doyourdream.co.uk/2010/03/long-range-wi-fi-access/ for images of me using the wifi rocket as a breaker and showing a decrypted key. (note - it was my own wifi, so nothing illegal)

    Note 5: I am an IT professional and my last job was actually sorting out a hotels wifi system... (Using such tools for legitimate purposes)

    Note 6: As mentioned, getting WiFi access does NOT cause any issues, bar using people bandwidth, banking and all other secure traffic is not compromised. "unsecured" wifi does not meen unsecure. See http://www.yourithelp.co.uk/secure-public-wifi-hotspots/
     
    Last edited: Sep 4, 2012
  10. GJH

    GJH Funster Life Member

    Joined:
    Aug 20, 2007
    Messages:
    27,232
    Likes Received:
    34,418
    Location:
    Acklam, Teesside, originally Glossop
    Google brings up plenty of references of how to hack WEP.

    Whilst what others have said is absolutely true, the real world requirement is to use the best security which your wireless network offers. Even if it is only WEP, is there any real need to spend more money simply to upgrade?

    As with many matters, risk assessment is the key. There may well be people trying to hack into networks in the middle of our towns and cities - or maybe where there are gatherings of motorhomers with wifi boosters - but is that the case in deepest suburbia? These days the vast majority of people with their own PCs have their own broadband connection anyway so there is normally no incentive for them to hack a neighbour's network.

    So, yes, WEP isn't all that secure but don't anyone go wetting themselves if that is all they have without thinking about it first.
     
    • Like Like x 1
  11. activecampers

    activecampers Read Only Funster

    Joined:
    Jul 28, 2008
    Messages:
    420
    Likes Received:
    102
    Location:
    Heathrow
    Yep - well said.
     
  12. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,919
    Likes Received:
    13,964
    Location:
    UK
    WPA2 is also pretty trivial to hack these days if a secure password isn't used.

    I recently read an article where a guy hacked 3/5 wifi access points near his house due to poor password choice.

    Here are some rules for WPA2 passwords.
    It must be totally random
    It must be at least 10 characters (14 preferred)
    Do not use words, do not use character substitutions such as 1 for l
    Use a mix of upper case, lowercase and numbers.

    for example.....

    whipsnake is begging to be hacked
    whipsnake23 will take less than a second longer than whipsnake
    wh1psn4ke is a crap password (Weak)
    Uh34ahdk23 is an ok password (Medium)
    Uh34ah&dk$2*AV3 is a good password (Strong).
     
  13. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,919
    Likes Received:
    13,964
    Location:
    UK
  14. motorhomer

    motorhomer Read Only Funster

    Joined:
    May 17, 2008
    Messages:
    578
    Likes Received:
    317
    Location:
    South Shropshire
    This touches a few areas.

    For home wifi, I suspect any encryption is vastly better than none, and the chief issue is protecting your bandwidth and any download limits your ISP may have. Just use the latest available on your system.

    But when travelling it is quite common for WIFI that you connect to , to be wholly unprotected. Whilst this does not compromise banking etc (which is always encrypted anyway between the computer and the banks system), it does mean you are wise to ensure that your computer itself is protected properly in terms of access control and firewalls. When you connect to a new wifi network, windows asks you to classify the network.

    (I was also an IT professional, although probably not as techie as some on here!)
     
Loading...

Share This Page