Security Options for wifi (1 Viewer)

[ShiftZZ]

Whats the best level of securuity?

WEP - Wired Equivalent Privacy, use WEP 64- or 128-bit data encryption

WPA-PSK [TKIP] - Wi-Fi Protected Access with Pre-Shared Key, use WPA-PSK standard encryption with TKIP encryption type

WPA2-PSK [AES] - Wi-Fi Protected Access version 2 with Pre-Shared Key, use WPA2-PSK standard encryption with the AES encryption type

WPA-PSK [TKIP] + WPA2-PSK [AES] - Allow clients using either WPA-PSK [TKIP] or WPA2-PSK [AES]


Suggestion would be appreciated...

 

[acting_strange]

I recently read that this was the better choice...WPA2-PSK [AES]

http://helpdeskgeek.com/networking/comparison-of-wifi-encryption-types/

 

[bungy]

WPA2-AES with a pre shared key of at least 13 ascii characters...as safe as can be done in a home environment

basically its an evolution

WEP>WPA>WPA2

WPA2 is the newest version of wireless protected access and is fully compliant with the IEEE 802.11i. standard and fixes a number of issues in the previous versions. WPA2 is by far the best of the lot - WEP and WPA are quite easily hackable to be honest (for info WEP is now banned in the payment card industry..as it is easily cracked)

TKIP and AES are encryption protocols - the later being the strongest and also provides for higher data transfer rates that most newer home routers allow. TKIP is well past its sell by date and is due to be dropped as a standard very soon

One thing though - id never advise anyone use the Wi-Fi Protected Setup available on most wifi devices - the one where you push a button on the device and then the computer and it sort themselves out, whilst it may be easier to do...you may as well not bother with any security as it is a tad easy to get round - with alarmingly little hacker knowledge

^{_{Subscribers  do not see these advertisements}}

 

[hilldweller]

WPA2-AES with a pre shared key of at least 13 ascii characters...as safe as can be done in a home environment

You don't say much but when you do it's concise and accurate ( I assume ), that's refreshing round here.

I checked my zyxel and it was set on WPA, changed to WPA2 now.

 

[bungy]

You don't say much but when you do it's concise and accurate

Im going to send that to the misses as evidence of what ive been telling here for years

 

[hilldweller]

Im going to send that to the misses as evidence of what ive been telling here for years

I wish you luck. God, you'll owe me a big beer if it works.

^{_{Subscribers  do not see these advertisements}}

 

[activecampers]

Anything apart from WEP is fine.
WEP takes seconds to hack, anything else isn't worth bothering with.

Though not many people really break it, and it doesn't affect your bank securty even if its unsecured. All it really matters for in the real world is using bandwidth.

 

[ShiftZZ]

If WEP is that easy to get past, how? PM me if you wish...

 

[activecampers]

Technically complicated and even as an IT guru not sure I understand the detail.

Basically, its all about joining a network (bypassing MAC authentication if needed, so spoof MAC if needed), listening for a partcular packet, once you get it you can use it as an injection vector, fire it back at router and it will then respond. (particular ARP packets). Once you have this vector you can get maybe 10,000 packets a minute from said router which you then capture.

You then apply maths to the resultant captures and you can calculate the key.

But ignore all that, as I've probably explained it incorrectly, and best you google "backtrack" and watch YouTube clips. But really, it is trivial. 5 mins max (where you can). Some WEP networks you can't for other reasons, but the majority you can. Its all "almost" automated with scripts and you can follow instructions. (I have written my own script which does more automatically)

Note: Its public domain info, and still "non trivial" for non techies, so don't think its easy for for everyone. So nothing naughty posted here. 99% of people who read this will fail even following instructions!

Note 1: The network needs to have another device on for you to intercept the trafic between them to capture and generate the injectionb vector. If its just a router and no clients, you can't. Also if the client is doing nothing it may take an age to see the correct packet to calculate the vector. If client is doing stuff, even simple web stuff, it will see the right packet in seconds.

Note 2: Its all done under LINUX, Windows will not allow you to do it (designed in as a security block)

Note 3: You need a cheap wifi card, like the long range rocket, as Intel also design the ability out in some of their chipsets. How rude eh?

Note 4: See http://www.doyourdream.co.uk/2010/03/long-range-wi-fi-access/ for images of me using the wifi rocket as a breaker and showing a decrypted key. (note - it was my own wifi, so nothing illegal)

Note 5: I am an IT professional and my last job was actually sorting out a hotels wifi system... (Using such tools for legitimate purposes)

Note 6: As mentioned, getting WiFi access does NOT cause any issues, bar using people bandwidth, banking and all other secure traffic is not compromised. "unsecured" wifi does not meen unsecure. See Link Removed

^{_{Subscribers  do not see these advertisements}}

 

[GJH]

Google brings up plenty of references of how to hack WEP.

Whilst what others have said is absolutely true, the real world requirement is to use the best security which your wireless network offers. Even if it is only WEP, is there any real need to spend more money simply to upgrade?

As with many matters, risk assessment is the key. There may well be people trying to hack into networks in the middle of our towns and cities - or maybe where there are gatherings of motorhomers with wifi boosters - but is that the case in deepest suburbia? These days the vast majority of people with their own PCs have their own broadband connection anyway so there is normally no incentive for them to hack a neighbour's network.

So, yes, WEP isn't all that secure but don't anyone go wetting themselves if that is all they have without thinking about it first.

 

[activecampers]

Whilst what others have said is absolutely true, the real world requirement is to use th
So, yes, WEP isn't all that secure but don't anyone go wetting themselves if that is all they have without thinking about it first.

Yep - well said.

 

[Gromett]

WPA2 is also pretty trivial to hack these days if a secure password isn't used.

I recently read an article where a guy hacked 3/5 wifi access points near his house due to poor password choice.

Here are some rules for WPA2 passwords.
It must be totally random
It must be at least 10 characters (14 preferred)
Do not use words, do not use character substitutions such as 1 for l
Use a mix of upper case, lowercase and numbers.

for example.....

whipsnake is begging to be hacked
whipsnake23 will take less than a second longer than whipsnake
wh1psn4ke is a crap password (Weak)
Uh34ahdk23 is an ok password (Medium)
Uh34ah&dk$2*AV3 is a good password (Strong).

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

I have just found one of the two article I recently read about wifi cracking.
Sorry it took so long :thumb:

http://arstechnica.com/security/2012/08/wireless-password-easily-cracked/

 

[motorhomer]

This touches a few areas.

For home wifi, I suspect any encryption is vastly better than none, and the chief issue is protecting your bandwidth and any download limits your ISP may have. Just use the latest available on your system.

But when travelling it is quite common for WIFI that you connect to , to be wholly unprotected. Whilst this does not compromise banking etc (which is always encrypted anyway between the computer and the banks system), it does mean you are wise to ensure that your computer itself is protected properly in terms of access control and firewalls. When you connect to a new wifi network, windows asks you to classify the network.

(I was also an IT professional, although probably not as techie as some on here!)