Securing WiFi

Wireless is everywhere. McDonald’s and Starbuck’s come to mind as popular WiFi hot spots. Hacking wireless has become a major threat for businesses and consumers. Legislation was passed requiring wireless manufacturers to provide details on securing wireless services in response to the rampant abuse of insecure wireless access points.

In case you haven’t heard, WEP is not secure. In fact, WEP was NEVER designed to be used to secure WiFi networks, instead it was originally released to provide a privacy measure. Just how insecure is it? The FBI demonstratedhow to break into a WiFi network running WEP at a security conference two years ago, using tools downloaded off the Internet.

WPA must be better, right? Joshua Wrightwrote a program to help break WPA security, called coWPAtty. It is based on capturing packets and brute forcing the passphrase used. This can be very time consuming, so rainbow tables can be used in some instances to speed up the cracking process significantly.

The easiest way to get started evaluating the security of wireless networks is to grab a WHAX, Knoppix, or BackTrackLive CD and combine it with an Atheros-based WiFi card on your laptop. BackTrack would be my preference because it has other tools for use after WiFi access has been obtained.

In order to keep your WPA or WPA2 network secure, you should use long passphrases with random characters, upper/lower case letters, numbers, symbols, and spaces that are not based on dictionary words or common phrases. Some additional measures to consider:

  1. MAC filtering can help restrict access, but it can be overcome if the attack is savvy enough so don’t use it alone.
  2. Most WiFi routers allow you to disable DHCP or limit the number of addresses handed out by the router; limiting the number of available DHCP addresses can help.
  3. Some WiFi routers also allow static DHCP assignments, so your laptop always gets the same IP Address.
  4. Some WiFi routers provide options for static routing, routing non-DHCP IP Addresses to a non-existent IP Address can slow down the bad guys also. This can stop would-be Internet free-loaders.

Got any other helpful tips?

Advertisements

Posted on October 10, 2007, in How to's, Security / Risk and tagged , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: