Security How to keep your wi-fi network secure

horand

Inactive User
Joined
Oct 19, 2007
Messages
59
Reaction score
0
Location
Ireland
WEP has been insecure for ages but it's still in use. This paper shows how to break
104-bit WEP in less than 60 seconds, the best attack to date:
http://eprint.iacr.org/2007/120.pdf
More info and a proof-of-concept implementation:
http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/

If WPA with randomly generated changing passwords doesn’t keep you secure enough you can always invest in some Wi-Fi shielding paint and coat your whole house!!
 

JPBOLDY

Inactive User
Joined
Dec 9, 2007
Messages
15
Reaction score
0
all my devices use wpa/spk i thini it is the only device i cant use online is nintendo ds only has wep, and no sign of a firmware upgrade for it shame really
 

coopsvip

Inactive User
Joined
Oct 20, 2004
Messages
354
Reaction score
2
ive been using wep but now want to use somthing more secure but ive not got wpa in my router options jus psk, psk2,psk+radius, psk2 +radius and radius. which 1 is the most secure? and simplest 2 use?
 

beady

Inactive User
Joined
Jun 30, 2007
Messages
722
Reaction score
32
Location
Back in the Toon
Hi mate,
psk (Private Shared Key) is WPA1, psk2 will be WPA2. The radius bit means you can authenticate with a RADIUS server, which is ultra secure but probably overkill for a home network. Just make sure you have a long (20+ characters), no dictionary password (including numbers, CAPITALS, punctuation etc). For all intents and purposes WPA and WPA2 are as secure as each other.

Also, don't bother with things like MAC filtering or hiding your broadcast. It will just add problems connecting from some systems, and won't add anything to your security. The only thing you need is WPA with a GOOD password.
 
Last edited:

jaffa

Inactive User
Joined
Jul 30, 2006
Messages
9,889
Reaction score
391
Location
Made in Belfast
ive been using wep but now want to use somthing more secure but ive not got wpa in my router options jus psk, psk2,psk+radius, psk2 +radius and radius. which 1 is the most secure? and simplest 2 use?


Go for psk2 m8, its slightly better than WPA. You wll have to enter a passphrase between 8-63 characters, just make it something secure, even use some uppercase and some lower case but as long as you remember it then it will be secure enough for you. It may also give you an option of how long before it changes the encryption.
 

Al-z

New Member ++
Joined
Aug 16, 2005
Messages
2
Reaction score
2
"Many home internet users rely on an encryption system called Wireless Equivalent Protection (WEP) to stop others using their wi-fi link, even though WEP has long been known to be flawed. "

/me puts on his annorac and uses a john major voice

Ahem ... isnt WEP WIRED equiveant protection ?
 

Al-z

New Member ++
Joined
Aug 16, 2005
Messages
2
Reaction score
2
And to add to the topic rather than subtracting from it. Having read the posts and dealt with networking for as long as I have. WPA is safe and secure for now, disabling SSID broadcast and putting on a mac filter is a good start to making it more "infeasable" which is the word used for a long password used on WPA ..... you'll notice computer d00ds never use "impossible" anymore.

But I liked the idea of using all measures possible. But as brought up you should not let this put you into the mindset that "I am invincible" like Boris from goldeneye. Essentially what Im saying is that WEP was never broken, its peoples over-confidence in their own protection.

I am 99.9999999% sure that no one in my area has the means or the knowledge to crack the setup I have (and yes WPA is in my list of WiFi MUSTS) However I am constantly vigilant, I monitor my activity lights and if things smell phishy I run a packet sniff over night. As well as checking my router status for attached devices (among other things I do to look for people on my network)

But as for the practical points brought up, everything so far is nice, however I would like to suggest adding what I call "Non-Predictable IP Addressing" in which you do NOT use 192.168. {1, 2, 3, 10, 11, 100, 0} . xxx for your network, use something that is harder to guess, and turn off DHCP, think of DHCP as a gossiping wife telling the villagers where exactly her husband goes to catch the best fish :)

As for WAN protection you should also check other things like router responding to pings (and even tho your firewall is up the response to a ping can be considered gossip)

But finally (and you'll all be glad I said finally) as I mentioned in my last post, Wired Equivelant Protection, is the key element here (not the encryption method but the words themselves) before if someone wanted to steal your internet they would have to do something like plugging into your hub/router without your knowledge. So the essence is vigilance, if I have prolongued activity on my WiFi light then I know to check my lappy and wii and if they arent on something could be amiss.
 

newbie1908

Inactive User
Joined
Dec 9, 2007
Messages
1
Reaction score
0
ya alot of peoples wifi connection is open and people dont know the dangers of it WPA wit a strong password to protect my network i also limit the mac addressed allowed access to the router so even if my pasword was exploited they would still be locked out.
 

ju_

Inactive User
Joined
Apr 25, 2006
Messages
85
Reaction score
2
Location
UK
ya alot of peoples wifi connection is open and people dont know the dangers of it WPA wit a strong password to protect my network i also limit the mac addressed allowed access to the router so even if my pasword was exploited they would still be locked out.

Sorry but if your password was exploited, MAC address filtering will not keep people out. Software is available to change the MAC address in windows or linux or you can do it manually :

hxxp://www.nthelp.com/NT6/change_mac_w2k.htm

If someone has your WPA password they will have a log of all the MAC's on your system, so will just change their own MAC address.

I don't want people thinking MAC address filtering is a good way of protection....it isn't!
 

beady

Inactive User
Joined
Jun 30, 2007
Messages
722
Reaction score
32
Location
Back in the Toon
WPA has also security flaws.
Not if your password is good enough. It's not really a flaw anyway. The best, most secure encryption in the world is only as strong as the password protecting it. If you constantly pick 'secret' or 'password', then there's no encryption can help you.

It's actually quite a nice feature of the WPA key exchange that it takes a reasonably long time to convert the shared password into the key. This limits the effectiveness of dictionary attacks, since it vastly reduces the 'tries per second' you can do. For instance, I can only test about 600 passwords per second on my core 2 duo. That sounds like a lot, but considering for a 20 character password of letters and numbers (all lowercase) there are 10^31 possible combinations, it'd take just over 7 hundred billion trillion years to get through the keyspace (or three and a half billion trillion years to have a 50% chance of cracking it). The government has computers that are a lot faster than my Core2, but they're not hundreds of billions of trillions times as fast.

I've posted before about how to get a good password, but here's a great site for a truly random password. Write it down and stick it onto the router, and you'll be safe until worlds end.

Technically, there is a theoretical flaw in WPA, it's to do with the RC4 cipher (which is the same underlying system as WEP). If you can capture enough packets quickly enough, they'll all have the same temporal key, and you can decrypt the data. However, since most routers roll the temporary key every hour or so (and you can set it to more frequently if you want), it's physically impossible to do it. There just can't be enough packets sent to mount an attack before the keys change and you have to start over again.

WPA2 doesn't have this weakness, but for all intents and purposes it's academic anyway, so there's nothing to worry about.
 
Last edited:

notmeatall3

Inactive User
Joined
Apr 30, 2006
Messages
1,283
Reaction score
22
Location
z'ha'dum
I totally agree with U m8 and i think the articles I posted also say that a strong password is the best defence against someone cracking the WPA and WPA2 (which is also not fully secure).

Just to clarify my position. WIFI if u have to use it is fine if it is adequately protected.

However most people who use wifi have one desktop pc on the other side of the room from there router and in some cases right next to the router where WIFI is completely unnecessary. where a wire running from their pc to there router would not be too inconvenient. Also most people do no use strong passwords they use something memorable.

All my passwords i have are a random selection of Upper, lower case letters and numbers. As stong as any out there.

an example of a strong password (not one that I actually use) is

fkasnShs83hjHUSknxoks146shhGtfsd56023hdn3nfkJdhsdh

just out of interest a good generator for strong passwords can be found on grc.com
 
Last edited:

TheCheekyMonkey

Inactive User
Joined
Jul 15, 2007
Messages
1,349
Reaction score
85
Location
on my way to brum brum
wep has well and truly been broken.

wep is like putting a cheap lock on your door and then leaving the key on the floor infront of it.

only thing 99% of people need to do to secure there wireless network is to use wpa or wpa2.


the chances of you living next door (or within connection distance) to someone who could fully utilize a strong attack on any of these encrytion types are very minimal, infact you probably have a neighbour who has won the lottery twice in a week...................

ok so a bit of an exageration, but seriously, enable wpa or wpa2 and you`ll be just fine, as long as your password isnt "johnsmith" make sure its something like


kjh43hjk2ghj4w2jh3g4

or similar, you can get online calculators etc etc



for those interested in having a look at wep cracking, as well as much much more pentesting stuff, checkout

backtrack 3 (with hopefully backtrack 4 arriving soon)


its a full suite of utillitys based on a linux bootable dist



superb stuff, and using wesside-ng on a wep enabled network, just proves how very very very very easy to crack wep it is, even 128+ encyption
 

robin_2

Inactive User
Joined
Aug 22, 2007
Messages
8
Reaction score
0
Good informative post ! have now changed mine to wap psk
Thanx for that
Robin
 

PleXo

Inactive User
Joined
Mar 31, 2006
Messages
1,195
Reaction score
20
Location
UK
£$%^&*()_[45SDF04JKF093%r&^*UOIEJSF0934

thats a good password, numbers and letters are crackable... so is the one above but not within a good time frame
 

TheCheekyMonkey

Inactive User
Joined
Jul 15, 2007
Messages
1,349
Reaction score
85
Location
on my way to brum brum
£$%^&*()_[45SDF04JKF093%r&^*UOIEJSF0934

thats a good password, numbers and letters are crackable... so is the one above but not within a good time frame


thats correct, also using uppercase and lower case as well with wpa type encryption just adds to the strength.


face it though with a good password you aint cracking wpa /wpa2 :D


for those interested :

i like having a play with networks and crackin them , it provides me free internet access when away lol, but you need a good wireless card, after a lot of messing and testing (reading as well) this is the only network card you will ever need to get

AWUSO36H.JPG



you can pick em up on e-bay for about £40 delivered, trust me you will not get a better card. Not only is it fully compatible with backtrack 3 but the range and sensitivity on this monster is astonishing.

buy this

Alfa USB 500mw AWUS036H WiFi RP SMA Antenna UK on eBay, also Accessories Parts Components, Wireless Networking, Networking, Computing (end time 04-Feb-09 16:51:36 GMT)


and this

12dbi WiFi Magnetic Base Omni Aerial Antenna SMA 2.4GHz on eBay, also Accessories Parts Components, Wireless Networking, Networking, Computing (end time 28-Jan-09 07:01:08 GMT)



and your laughing, also antenna comes with a handy magmount for the car :D


the wifi card has an incredible 500 mw (milliwatt) of TX power , nearly alll your wifi equipment has in the region of around 40mw to 80mw and not much standard stuff goes over 125 mw, the FCC cap it at 1watt lol. and has a much higher receive sensitivity (think 92 to 93 db). you`ll be finding many more wirelless networks with this baby, ive connected to a wireless network in line of site i.e. my house to a schools network 3 miles away (me one one side of a valley and the school on the other)


couple it with a direction antenna and your really cooking.


:D
 

donshaggy

Inactive User
Joined
Nov 27, 2008
Messages
139
Reaction score
1
Location
Sale, manchester
its really scary come to think of it...i mean i live in a tower block and the possibilities are even higher that i could get hacked due to the number of people that live on the block but i have got wap with a very strange combination so hopefully im secured.
 

Dox

Inactive User
Joined
Feb 25, 2009
Messages
2
Reaction score
0
I have 4 laptops and a WiFi phone, I use WPA2-PSK just use their mac addresses and assign them a slot. I specify a reserved IP address for every PC device on the LAN, that PC will always receive the same IP address each time it accesses the DHCP server. If someone doesn't have a Address Reservation how would anyone be able hack that?
 
TEST
Top