Wireless Hack Ebook | Securing Your Wireless

The second edition of Wireless Hacks, co-authored by Rob Flickenger and Roger Weeks, brings readers more of the practical tips and tricks that made the first edition a runaway hit,

Whether you need your wireless network to extend to the edge of your desk, fit into your backpack, or cross county lines, the proven techniques in Wireless Hacks will show you how to get the coverage and functionality you're looking for.

You can buy this Ebook for only $ 2.93 at Amazon.com.

Read more →

Basic Home Wireless Security

Implementing Basic Wireless Security.

We’ve all done it…we’ve all seen the lack of confidence that wireless networking has brought our world. It’s a new frontier and there are open doors wherever we turn. Fewer among us are those who have actually sat down and broken an 802.11b WEP key. Though its time consuming it can be done especially when it comes to business networks administered by so wanna-be network administrators. Point being is that we know the keys can be broken. Where does leave those of us who want to enjoy the freedom of wireless? Whether its in our own networks or in municipal access nodes… we are anxious both with the data security and privacy. These are a few methods of securing a wireless network as well as securing your connection over a public wireless network.

Key Differences

One little detail to keep in mind even as your reading this post!…My suggestions on home wireless cover mostly security and ways of keeping people off of your network to begin with. If you want to open your network to all those in range you can take the majority of tips from the public wireless network section and apply them.

Home Wireless Security 

The Simple Methods

ACL

ACL or an Access Control List is a characteristic that I’ve found in almost every wireless router I’ve come across. In my judgment its an obligatory security tool. I can already hear the objections of those who’ve either beaten these systems or know how to atleast in theory. ACL’s filter is based on a listed of wireless card MAC addresses. They look at the MAC address of any card that attempts to join the network and if that MAC is not found on a list of approved…MAC addresses the card and is not allowed to join the network. Surely this can be beaten by an attack his/her sniffs an approved MAC address out of the air uses a MAC Spoofer to make their MAC your own…and then join the network. Once you’re in its easy enough to knock the real user off the network…on the other hand firmly speaking you don’t have to in order for you to use the network…For a home network would be to only approve your own cards and the cards of users who are allowed to join the network. This is not a sure way to keep illegal users out however when coupled with other security methods it can be effective!!

WEP

WEP or Wired Equivalent Privacy is the strong-minded hacker’s best friend. WEP can be broken in less than eight hours. Most of you will read this and finish that its a weak encryption and unfit to secure data however… there are two points to keep in mind when considering WEP. First the network traffic must be at a peak for the attacker to imprison enough packets to break WEP and secondly it takes up to 8 hours of sniffing to capture the packets. A strong-minded attacker can be slowed by turning WEP keys weekly or for the paranoid its daily and however if you’re so paranoid…then why are you using WEP? Key rotation can only take you so far.

WPA

Many new 802.11g access points agree to use WPA (Wifi Protected Access). WPA uses a pre-shared key in arrangement to encrypt wireless transmissions. There are no tools for cracking WPA… however WPA is weak to a dictionary attack meaning that a strong-minded attacker can simply try every combination of different words and ordinary phrases until he/she breaks the key. As you can guess this is much more time consuming than automatic cracking of WEP keys. WPA is considerably more secure and if you’ve got cash and are buying a dedicated wireless router…then is suggest you choose an 802.11g router simply for the added strong point of encryption.

How WPA Works

What makes WEP weak is its Initialization Vector (IV). The IV is a 24 bit number that is joint with the key that the network administrator entered into your access point’s configuration interface. A new IV is used for each border (packet) transmitted. There are two problems with this.

1. The IV is a pseudo random number…which is not truly random and so it can be predicted within a range.

2. The IV will reprocess itself over a certain amount of time which means you have the same IV and the same key with a different payload. If an intruder collects enough of these frames that person is able to give and take your network.

WPA has been better by using a 48 bit IV which means it will be considerably longer before the IV is recycled. The second way that WPA improves over WEP is the way that users connect to a WPA enabled AP. When a user connects they are truly using a pre-shared key or in higher configurations a password from an verified server (LDAP, RADIUS, etc). Once they are made a member of this network a WPA key is created. Every so often WPA will make a new key per client which when joint with the longer IV makes WPA much harder to crack. Finally WPA uses has strengthened a technology used in WEP verification. Upon this transmission of every frame WEP added a 4 bit ICV to verify that data integrity (i.e. no injected packets, no forgeries). The problem with this is obvious because the intruder can cut off the transmission and change the payload recalculate the ICV and then retransmit…none of them would be the wiser. However WPA solves this problem with a new 8 bit MIC (message integrity code) that resides within the encrypted payload and the factors into the calculation of the ICV. It reduces the possibility of forged packets. These improvements over WEP make WPA a sound security method for any network and that is they release 802.11i.

Enjoy!

Read more →

Intrusion Detection Guide Wireless Network

With growing used of internet the threats attached to it are also growing. As more as many people are getting dependent on internet, hackers are inventing new ways to intrude into their systems and cause havoc for them. By intruding or by gaining unauthorized access to their computers, hackers can access confidential information or can simply destroy their system and derive sadistic pleasure out of it. Thus, Intrusion Detection Systems (IDS) have become need of the hour.

The large number of computers accessing internet and valuable information they contain has made it quintessential task to ensure wireless network security before establishing any kind of wireless network. Hackers can adopt different methods to breach wireless network security. Most common of them is by gaining unauthorized access to get information that is primarily private and confidential. This is very dangerous for a wireless network as this information can be misused or can be modified by hacker, which is also known as data diddling. This kind of modification of data can render all data stored on computers that are connected to a wireless network, to become useless. Thus, it can result in total chaos and disorder for any organization or individual. Some hackers may even delete data totally or may release a virus in wireless network that can corrupt all files on computers including those of the operating system, which can render a computer to be totally useless. Some other forms of wireless network security threats are remote login capability, SMTP hijacking, DNS, Macros and OS bugs.

Because of these multiplying threats, Intrusion Detection Systems are gaining popularity and have become an integral part of the overall business strategy of an enterprise. The main purpose of an Intrusion Detection System is to identify any passive or active and any internal or external activity that is hostile to a wireless network and then to alert the concerned system administrator and also block it as it happens. Thus, it detects any unauthorized access or misuse of a computer system and acts like a burglar alarm for a computer. Eventually many different Intrusion Detection Systems have been developed, however, detection schemes generally fall into one of two categories, anomaly detection or misuse detection. Anomaly detectors sort out the behavior that deviates from the normal system use. While on the other hand, misuse detectors look for behavior that matches a known attack scenario. Another sub-category of Intrusion Detection Systems is wireless network Intrusion Detection Systems (NIDS). These systems look out for suspicious activity and monitor the packets. wireless network Intrusion Detection Systems can monitor many computers at a time over a wireless network, while other intrusion detection systems may monitor only one.

Usually it is assumed that people outside the wireless networks try to break into them and gain access to private and confidential information. However, the truth may be different for a big corporate houses. Here, insiders pose a greater threat to the information and overall security of wireless network. This is because they have insider’s knowledge of workings of company.

Hence, though wireless network security threats are multiplying with size of wireless network, we can still secure our wireless networks by acting judiciously and by having the necessary Intrusion Detection Systems on our wireless networks.

Read more →

Features of Wireless Security Camera

Would you like to know of a product that offers remote access to any live streaming video from any part of the world to business owners? A Wireless Internet Security camera does just that. It will allow business owners to view a video file of California sitting on a plane to Tokyo. And for all this, the minimum requirements are – A Web Browser and of course a Wireless Internet Security Camera.

What are the features of a Wireless Internet Security Camera?

• Connectivity – The Wireless Internet Security Camera offered by many companies connects to a wireless network or a wired Ethernet network. It allows the business owners to download and upload video streams up to 30 frames a second. The resolution offered by this technology uses the MPEG-4 compression technique to provide the video with a 640*480 video resolution.

• Charge Couple Device – Should you wish to capture images in low light (example dark room or images take in the night), you can do that using a Wireless Internet Security Camera which uses the CCD (Charge Couple Device Technology). This allows you to provide very clear and crisp video of images shot in night/low light. Ask any professional photographer as to which shots will the be the most difficult ones to capture on camera and he would say "The shots taken in low light". The Wireless Security Camera gets rid of this thought as well.

• Video Monitoring System can be setup remotely – Now, business owners can look at setting up a powerful video monitoring system over the internet from remote locations. Let us take an example assuming that your business site is in NY city. Your site has about 10 cameras installed in it which does the surveillance of the activities on your site. When you are on a business trip to lets say, Singapore, you wish to see what is happening at your site. You can do that with consummate ease with a Wireless Internet Security Camera.

• Dynamic Domain Name Service – The Internet camera allows business owners to integrate the web server, emails and IP addresses to itself which will allow you to view the streaming video from the camera’s unique IP address. The fact that you would be able to provide a personal web address allows users to access the camera’s live video over the internet.

• Pan and Tilt – Now, your Internet Security Camera will allow you to adjust the camera angles. That is achieved by the Motorized Pan and Tilt functions which allows you to remote control the angle positioning of the cameras. And if by viewing the video stream, you decide to zoom in on the video, you can do so without any hassles. The Wireless Internet Security Camera allows you to do that by its built in 4X Zoom technology.

The Wireless Internet Security Camera is proving to be a device which allows the business owners to be in constant touch with the goings-on of a business. It is a bit expensive, but indeed a small price to pay for the benefits and features it offers.

Read more →

7 Tips for Securing Your Wireless

WLAN hardware was get easlly enough to set up that many users simply plug it in and start using the network without giving much thought to security. Nevertheless, taking a few extra minutes to configure the security features of your wireless router or access point is time well spent. Here are some of the things you can do to protect your wireless network:

1) Secure your wireless router or access point administration interface
Almost all routers and access points have an administrator password that's needed to log into the device and modify any configuration settings. Most devices use a weak default password like "password" or the manufacturer's name, and some don't have a default password at all.  As soon as you set up a new WLAN router or access point, your first step should be to change the default password to something else. You may not use this password very often, so be sure to write it down in a safe place so you can refer to it if needed. Without it, the only way to access the router or access point may be to reset it to factory default settings which will wipe away any configuration changes you've made.

2) Don't broadcast your SSID
Most WLAN access points and routers automatically (and continually) broadcast the network's name, or SSID (Service Set IDentifier). This makes setting up wireless clients extremely convenient since you can locate a WLAN without having to know what it's called, but it will also make your WLAN visible to any wireless systems within range of it. Turning off SSID broadcast for your network makes it invisible to your neighbors and passers-by (though it will still be detectible by WLAN "sniffers").

3)Enable WPA encryption instead of WEP
802.11's WEP (Wired Equivalency Privacy) encryption has well-known weaknesses that make it relatively easy for a determined user with the right equipment to crack the encryption and access the wireless network. A better way to protect your WLAN is with WPA (Wi-Fi Protected Access). WPA provides much better protection and is also easier to use, since your password characters aren't limited to 0-9 and A-F as they are with WEP. WPA support is built into Windows XP (with the latest Service Pack) and virtually all modern wireless hardware and operating systems. A more recent version, WPA2, is found in newer hardware and provides even stronger encryption, but you'll probably need to download an XP patch in order to use it.  

4) Remember that WEP is better than nothing 
If you find that some of your wireless devices only support WEP encryption (this is often the case with non-PC devices like media players, PDAs, and DVRs), avoid the temptation to skip encryption entirely because in spite of it's flaws, using WEP is still far superior to having no encryption at all. If you do use WEP, don't use an encryption key that's easy to guess like a string of the same or consecutive numbers. Also, although it can be a pain, WEP users should change encryption keys often-- preferably every week.  

5) Use MAC filtering for access control
 Unlike IP addresses, MAC addresses are unique to specific network adapters, so by turning on MAC filtering you can limit network access to only your systems (or those you know about). In order to use MAC filtering you need to find (and enter into the router or AP) the 12-character MAC address of every system that will connect to the network, so it can be inconvenient to set up, especially if you have a lot of wireless clients or if your clients change a lot. MAC addresses can be "spoofed" (imitated) by a knowledgable person, so while it's not a guarantee of security, it does add another hurdle for potential intruders to jump.

6) Reduce your WLAN transmitter power
You won't find this feature on all wireless routers and access points, but some allow you lower the power of your WLAN transmitter and thus reduce the range of the signal. Although it's usually impossible to fine-tune a signal so precisely that it won't leak outside your home or business, with some trial-and-error you can often limit how far outside your premises the signal reaches, minimizing the opportunity for outsiders to access your WLAN.

7) Disable remote administration
Most WLAN routers have the ability to be remotely administered via the Internet. Ideally, you should use this feature only if it lets you define a specific IP address or limited range of addresses that will be able to access the router. Otherwise, almost anyone anywhere could potentially find and access your router. As a rule, unless you absolutely need this capability, it's best to keep remote administration turned off. (It's usually turned off by default, but it's always a good idea to check.)

Read more →

Military Grade Maximum Level Wireless LAN Security

Level 4: Military grade maximum level Wireless LAN Security

Level 4 builds on Level 3 but aims to solve the key logging certificate stealing malicious code threat.  From a PKI Certificate Authority standpoint, not only is a 3 tier architecture required but the use of FIPS 140-2 Level 3 compliant HSMs (Hardware Security Modules AKA Cryptographic Modules for server side applications) are mandated.  These modules cost thousands of dollars in the form of a tamper resistant external module.  All Certificate Authorities should use one of these modules to ensure maximum security.  Even a malicious code compromise on the Root Certificate Authority cannot compromise the Root CA's private key although such a compromise on a Certificate Authority would still be very serious.  This is why the top two tiers of the PKI chain are never connected to the network as an extra precaution so that all interactions between the PKI tiers must be hand carried.

On the user side, the Digital Certificate cannot be stored on the hard drive so EAP-TLS or PEAP-EAP-TLS with "hard" tokens are mandatory. The certificates must be stored inside an HSM (these are called Cryptographic Tokens on the client side) which are typically in the form of a USB dongle the size of two fingers carried on a person's key chain or a smartcard. USB dongles are usually much more practical because they can be used by notebooks without a smartcard reader.  Some newer Notebook computers have a built in HSM called a TPM (Trusted Platform Module) but it can't be separated from the computer. If an HSM empowered computer is infected with malicious code, the password can be logged and stolen but the digital certificate cannot.

This is because the HSM never divulges the private key of the digital certificate to its host computer because all asymmetric cryptographic operations happen inside the HSM and not on its host computer. This makes it nearly impossible to steal a private key unless the TPM Notebook or USB dongle is physically stolen. If that were to occur, it would be fairly obvious and the Digital Certificate stored inside the stolen HSM could be easily revoked by an administrator as part of the PKI management process. To further enhance security, more expensive USB dongles and smartcards have built in finger print readers so that they are useless unless they have your living finger or they can figure out some extremely complex method of fooling the finger print reader. But the biometrics portion is just a last defense meant to buy you enough time to revoke a certificate before unauthorized access is gained. With biometrics enabled HSMs, you have the strongest 3-factor authentication system possible.

From an encryption standpoint, AES is the only encryption algorithm permitted for Level 4 and it also happens to be mandated for federal government and military applications. AES was created by the NIST and its encryption algorithm was selected from a list of finalists that represented the best encryption algorithms in the world. To comply with the AES requirement, 802.11i (AKA WPA2) compliant Wi-Fi gear is required on all Access Points, client Adapters, and software. Most consumer Wi-Fi products sold do not support 802.11i while most newer business class Wi-Fi products do. You'll have be look for the 802.11i or WPA2 logo on any Wi-Fi products you buy.  Many organizations may already own products that are AES compliant if they would simply update their firwares and drivers on their Access Points and Client Adapters. 

Cisco products are a perfect example of this because it is probably the most dominant player in the enterprise Wireless LAN market yet most of their customers are not running the latest firmware.  Upgrades on such a large scale are very difficult but corporations cannot afford to put off good security because not only is it good business, it may be the law because of SOX and HIPAA compliance.

From a vulnerability standpoint, Level 4 is rock solid and extremely difficult to compromise. The hacker would have to not only steal a user's password, but also physically steal that user's cryptographic token or a TPM notebook and take advantage of it before the user realizes anything wrong and reports the theft. With 3-factor authentication, it is practically impossible to break in to the Wireless LAN from the wireless side. The attacker will have to try some other means of compromising the network and a crowbar would be far more effective at that point.

Read more →

Medium to Large Enterprise Wireless LAN Security

Level 3: Medium to Large Enterprise Wireless LAN Security

Level 3 Wireless LAN security builds on the same principles of Level 2, but you're not allowed to use the "cheats" such as bolting on the RADIUS server on to an existing server or using Self Signed Digital Certificates. PEAP-EAP-MSCHAPv2 is also disallowed because of its sole dependency on passwords which would be classified as "single factor" authentication. EAP-TLS or PEAP-EAP-TLS using "soft" Digital Certificates (certificates that are stored on the user's hard drive) would be the recommended authentication method for this security level. PEAP-EAP-TLS is an improved version of the original EAP-TLS protocol that goes further to encrypt client digital certificate information. Both PEAP-EAP-TLS and EAP-TLS have the same server and client side digital certificate requirements, but PEAP-EAP-TLS may not be compatible with some older Supplicants (Client Software) or some non-Microsoft client side implementations.

To implement EAP-TLS or PEAP-EAP-TLS, not only does the server require a Digital Certificate but the users as well. This means you will need a full blown Certificate Authority to issue a proper Server Digital Certificate on a pair of dedicated RADIUS servers and not just a Self Signed Certificate on a makeshift RADIUS Server. For this security level, the proper PKI best practices should be followed. There should be at least a single dedicated PKI Root Certificate Authority, but preferably it should at least be a 2 or 3 tier PKI design.

A two tier chain for a medium Enterprise organization would have an offline Root Certificate Authority and an online Issuing Certificate Authority. A large Enterprise should implement the three tier design with offline Root Certificate Authority, offline subordinate Certificate Authority, and online Issuing Certificate Authority. The reason for this is that if a Certificate Authority is ever compromised, you can revoke it and create a new one from the higher offline Certificate Authorities without having to start your PKI deployment from scratch. Building a PKI from scratch because of a compromised Certificate Authority would be completely unacceptable in a large scale environment.

To deploy Digital Certificates to the user community, a PKI management infrastructure must be deployed and permanent human resources must be allocated to manage end user certificates if your user base numbers in the thousands or more. Medium size Enterprises can add PKI management to their current hire/termination procedure. Microsoft Active Directory with an Enterprise Root Certificate Authority (a PKI that is completely integrated in to an Active Directory) can issue digital certificates automatically, but be warned that this is not a substitute for proper management. Lost or stolen laptops or terminated employees must have their digital certificates revoked and this is not an automatic process even if a user account is disabled or deleted.

After the certificates are revoked, they must be published in a CRL (Certificate Revocation List) and be applied to all Authentication servers or else the revoked certificates are still usable. If Active Directory auto-enrollment is used, it is highly recommended that you do not just apply the policy to the entire domain by default so that everyone will automatically get a user digital certificate. The policy should be set on just a particular OU (Organizational Unit) so that users who need user certificates and Wireless LAN access must be manually moved to that Certificate enabled OU. Automatic enrollment should be used as a way to simplify management, not substitute management.

As for encryption, the same requirements and recommendations from the previous 2 levels applyl. TKIP at a minimum but AES is recommended as soon as possible. Level 3 organizations should probably be the first to jump to the next level of encryption. The size of these organizations that would select Level 3 wireless LAN security can make upgrading difficult, but it's too important to ignore. The good news is that once AES is achieved, it is expected to hold for some time.

From a vulnerability standpoint, Level 3 is reasonably secure. The only way to compromise this security level is if the hacker can not only steal a user's password, but also steal that user's Digital Certificate which is much more difficult than just stealing a user's password. To steal a "soft" Digital Certificate, either the laptop needs to be stolen in which case it would be obvious and the certificate could be revoked, or a malicious program like a backdoor, virus or worm would have to be installed on the laptop to "harvest" the private key of the digital certificate.

The latter option is much more sinister because a theft could occur totally undetected and the certificate would not be revoked. The same malicious code could also "log" the user's keystrokes and the user's password would be compromised as well. At this point, Level 3 security would be totally defeated hence the need for an even stronger solution in Level 4. Discriminating Enterprises should seriously consider the next security level.

Read more →

Small Business Wireless LAN Security

Level 2: Small Business Wireless LAN Security

Little businesses must move on the far side Level 1 by incorporating authentication in to their Wireless LAN access controls.  The similar method for doing this is 802.1x and PEAP or TTLS authentication.  802.1x limits access to the Datalink layer of a network through only allowing access to the network if a client demonstrates their personal identity by the EAP (Extensible Authentication Protocol) mechanism.  There are a few forms of EAP, but the two forms of EAP are most suitable for Level 2 security system is PEAP (Protected EAP) and TTLS (Tunneled Transport Layer Security).

To implement PEAP or TTLS, the system needs to carry out a RADIUS Authentication Server. There are options for Microsoft Windows 2003 Server with IAS, third company applications program specified Funk Odyssey (needed for TTLS mode) that run on Windows, Open Source solutions with FreeRADIUS. 

The easiest way by far if you are a Microsoft Windows 2003 Server shop is to use the built in RADIUS server of Windows 2003 known as IAS (Internet Authentication Server).  For a small business, there is nothing incorrectly by adding the IAS service to an existing Windows 2003 server truely if it is their only server which in addition to chances to be the Active Directory server.  You will be able to change over that server in to a Certificate Authority as well and allow yourself a digital certificate for the RADIUS server or simply Self Sign a digital certificate.  With this in place, the Root Certificate (the public key of the Digital Certificate) for the RADIUS server must be installed in all of the client's computers.  On Active Directory, these could be easy by pushed out via Group Policy.  Each of the clients also take to configure their wireless settings on the WZC (Wireless Zero Configuration) service inherent to Windows XP SP1 or SP2. A protected wireless network could be deployed throughout an organization big or small in hours.  If you do not have IAS, it comes with Windows 2003 Standard Edition which costs around $500 per copy.  IAS in my experience is extremely rich, true, and secure.

For those who want to implement TTLS, they will need to either buy Funk Software's Odyssey server (in the $2000 range) or implement FreeRADIUS on Linux which is Open Source.  Notice that Windows does not have a inherent TTLS client built in, you will need to buy a wireless Supplicant (also known as Client software) for your end users.  MDC has an Open Source edition for Linux, but you will take to buy single for Windows which is what most people are using.  You will either take to implement the Root Certificate on the Clients manually or you will take to buy a third party Digital certification which has its Root Certificate already preinstalled.

Although 802.1x and PEAP or TTLS addresses the authentication one-half by the equation while it concerns security system, encryption must too be addressed.  Up until past months, it was thinking that "Dynamic WEP" wherever WEP keys are rotated frequently (usually 10 minutes) was considered to be "good enough" encryption.  With the future generation of WEP cryptography tools, this is no more the case and TKIP is the new bare minimum. The WPA standard implements TKIP which are an rewrite by the WEP communications protocol which will hold against latest cryptanalysis techniques for now, but earlier methods of attacking TKIP are on the horizon.  The true long term solution from the IEEE standards body is the 802.11i standard which authorizations AES.  The recommendation for Level 2 done 3 is that you should be using WPA with TKIP at a lower limit and upgrade to AES as soon as possible.

From a exposure point of view, the simply method to break down this security system level is to steal a client certificate by either looking across somebody shoulders to find out what password they are typing, sweet talk them in to telling you what the password is (this is easier than you believe), or installing a key logger on to a user's computer so you will be able to record their key strokes when they type in the password.  Blocking off password theft, it would be far easier to breaking and entering to your premise and beg in to a Wired LAN than to attempt to crack Level 2 Wireless LAN security.  Level 2 is a good option for most small businesses but organizations wherever security system are a high-level priority had better seriously consider the next two levels because a individual lost password could compromise the whole system.

Read more →

Home and SOHO Wireless LAN security

Level 1: Home and SOHO Wireless LAN security

Unfortunately, a lot of home users are either using a few old equipment, older drivers, or older operating systems that do not natively confirm WPA and then it's still using WEP whenever anything in the least.  WEP encryption was believed to be good since a week for easiest traffic home wireless networks because the older WEP cracking tools took 5 to 10 million packets to find a WEP key, but the latest WEP cracking methods can break down WEP in minutes.  Still if there isn't that a lot traffic, the attacker instantly has got ways to unnaturally generate traffic and speed up WEP cracking.  As of this, consumers had better keep off whatever product that doesn't support WPA TKIP mode at a minimum but rather WPA AES capable or WPA2 certified devices.

If they have got WEP single devices, check on the seller to check whenever there is any firmware and/or device driver updates that will upgrade the device to WPA mode. If not, anybody who concerns about privacy should throw away those devices.  As harsh as that may sound, it is comforting to know that newer Access Points and Client Adapters that do support WPA can be purchased for as little as $30. Customer side Wireless local area network software system (officially called Supplicants) also need to be updated to support WPA or WPA2.  Windows XP SP1 with the WPA patch can answer, but Windows XP SP2 is highly recommended.

The home or SOHO (Small Office Home Office) surroundings are really unlikely to have any rather Authentication and PKI in place.  This may change once TinyPEAP gets established, but that is currently in BETA form and isn't fix for quality time yet.  TinyPEAP puts a PEAP authentication server and PKI Certificate Authority in your home's WLAN enabled Linksys Router which was once the single area from large organizations with committed authentication servers.  For the moment, the only workable choice for this environment is WPA PSK (Wi-Fi Protected Access Pre-Shared Key) mode.

WPA mode mandates TKIP at a minimum but also has an optional AES encryption mode.  AES mode is highly recommended since it's a rock solid origin in cryptographic resistance where as TKIP may be under attack in the near later.  Annotation that AES in WPA2 (full ratified edition of 802.11i) are no more optional and are mandated nowadays.  Since most home users would be lucky if totally from their equipment and software system was TKIP capable, most homes will accept to be content with TKIP mode for now.

WPA PSK mode could be an good security system mechanism but leaves many to be desired in terms of usability.  This is because WPA PSK can be cracked on offline dictionary attacks and then them trusts on a strong random passphrase to be powerful.  Unfortunately, human race are really bad at learning long random string section from characters and will nearly always to use simple to think of words and phrases or a few slight variation from that.  This brings itself to dictionary attacks wherever a hacker will try every variation of all combination of words in the dictionary.

To create this really difficult to hack, use a 10 digit string by random characters contained of a-z, A-Z, 0-9 or apply a very long word phrase assembled by 20 or more characters.  Unfortunately, this will force a lot of users to write down their passphrases which in itself may lead to passphrase theft.  WPA PSK isn't a good long term security system solution and leaves Level 1 security system with much to be desired, but it can be secure when used correctly.

Read more →

Wireless LAN Security

Among the primary questions that people ask me all but Wireless LAN is "are Wireless LAN truly secure?" In real time followed through of "what rather security do I take for my Wireless LAN?"  The solution to the first query is "yes, whenever you put through safe security system" but the secondly question thrusts me to resort to the old "it depends".  It depends upon what point of risk are accepted to your base or system.

It depends upon what level by management and price you're conformable to accept.  To simplify this highly composite subject, I have go on with 4 absolute levels of WLAN (Wireless LAN) security system as a general guideline that is designed to suit everyone's needs from the base to the military.

    * Level 1: Home and SOHO Wireless LAN security
    * Level 2: Small Business Wireless LAN security
    * Level 3: Medium to large Enterprise Wireless LAN security
    * Level 4: Military grade maximum level Wireless LAN security

Read more →

Wireless Networking Basics

Most wireless networks are based on the IEEE® 802.11 standards. A basic wireless network consists of multiple stations communicating with radios that broadcast in either the 2.4GHz or 5GHz band (though this varies according to the locale and is also changing to enable communication in the 2.3GHz and 4.9GHz ranges).

802.11 networks are organized in two ways: in infrastructure mode one station acts as a master with all the other stations associating to it; the network is known as a BSS and the master station is termed an access point (AP). In a BSS all communication passes through the AP; even when one station wants to communicate with another wireless station messages must go through the AP. In the second form of network there is no master and stations communicate directly. This form of network is termed an IBSS and is commonly known as an ad-hoc network.

802.11 networks were first deployed in the 2.4GHz band using protocols defined by the IEEE 802.11 and 802.11b standard. These specifications include the operating frequencies, MAC layer characteristics including framing and transmission rates (communication can be done at various rates). Later the 802.11a standard defined operation in the 5GHz band, including different signalling mechanisms and higher transmission rates. Still later the 802.11g standard was defined to enable use of 802.11a signalling and transmission mechanisms in the 2.4GHz band in such a way as to be backwards compatible with 802.11b networks.

Separate from the underlying transmission techniques 802.11 networks have a variety of security mechanisms. The original 802.11 specifications defined a simple security protocol called WEP. This protocol uses a fixed pre-shared key and the RC4 cryptographic cipher to encode data transmitted on a network. Stations must all agree on the fixed key in order to communicate. This scheme was shown to be easily broken and is now rarely used except to discourage transient users from joining networks. Current security practice is given by the IEEE 802.11i specification that defines new cryptographic ciphers and an additional protocol to authenticate stations to an access point and exchange keys for doing data communication.

Further, cryptographic keys are periodically refreshed and there are mechanisms for detecting intrusion attempts (and for countering intrusion attempts). Another security protocol specification commonly used in wireless networks is termed WPA. This was a precursor to 802.11i defined by an industry group as an interim measure while waiting for 802.11i to be ratified. WPA specifies a subset of the requirements found in 802.11i and is designed for implementation on legacy hardware. Specifically WPA requires only the TKIP cipher that is derived from the original WEP cipher. 802.11i permits use of TKIP but also requires support for a stronger cipher, AES-CCM, for encrypting data. (The AES cipher was not required in WPA because it was deemed too computationally costly to be implemented on legacy hardware.)

Other than the above protocol standards the other important standard to be aware of is 802.11e. This defines protocols for deploying multi-media applications such as streaming video and voice over IP (VoIP) in an 802.11 network. Like 802.11i, 802.11e also has a precursor specification termed WME (later renamed WMM) that has been defined by an industry group as a subset of 802.11e that can be deployed now to enable multi-media applications while waiting for the final ratification of 802.11e.

The most important thing to know about 802.11e and WME/WMM is that it enables prioritized traffic use of a wireless network through Quality of Service (QoS) protocols and enhanced media access protocols. Proper implementation of these protocols enable high speed bursting of data and prioritized traffic flow.

Since the 6.0 version, FreeBSD supports networks that operate using 802.11a, 802.11b, and 802.11g. The WPA and 802.11i security protocols are likewise supported (in conjunction with any of 11a, 11b, and 11g) and QoS and traffic prioritization required by the WME/WMM protocols are supported for a limited set of wireless devices.

Read more →