WiFi Security locking your front door
In reponse to How Secure is WEP?
In-real-life having any locked door is better than no door.
IMHO this is because a pros/cons calculation is performed in the mind of a
potential "Burglar". Even though breaking in is technically easy it requires
the "Burglar" to make a conscious decision to break the law, weighing up
the risk of being seen or leaving evidence to the benefit of routing around
in other people property.
However, imagine that you had the power to get into someone's house without
leaving evidence that ties the crime to you, or even any evidence that a
break-in has occurred. i.e. you completely remove the negative from the
risk/reward calculation. Would you look in you next door neighbours house?
or through the files of a business competitor? It would certainly be more
tempting.
The fact that this cracking a WEP key is relatively easy and not "a very
difficult problem", as is the case with high grade cryptography found in SSL
for instance. Tied to the fact that the act of cracking a WEP key is a
purely passive experience in that you don't need to advertise your presence
by sending out radio signals but just sit and receive them, so you can take
as long as you want to do it, and that even after you have cracked it and
joined the WiFi network, there is no switched network or IP address that
will give away your physical location, and you can be in a car ready to
drive away should someone be sophisticated enough to home in on your signal
make WEP cracking a pretty painless experience with a potentially massive
upside.
Given that most Wifi networks aren't run by security agencies with the
skills and resource to implement counter-surveillance but average Windoze
users at home or in their offices, there is almost no chance of getting
caught at it, and so it becomes a real possibility that if you have such a
network then so-called war-drivers may have had a look at it.
While this may be bad news for people who operate their WiFi networks using
plain WEP or its relatively more safe variants what's the problem for
everyone else?
The Problem is that cracked WiFi networks are the perfect place for the
average "script-kiddie" or more evil people to launch internet attacks from.
Such attacks may just want to create a Distributed Denial of Service attack
an a DNS server in order to intercept a targets requests but the collateral
damage is that viruses and worms are released into the wild in order to
achieve that aim, and as a side effect mess up other people's computers. The
perpetrator will be very difficult to catch in the act, but also should the
authorities trace the source of the attack it will be the legitimate user,
whose network the prep. masqueraded behind who is in the frame.
If this is not bad enough, and you think it serves people right for using
easily virused operating system, what would you do if some one was
committing very bad crimes or downloading illegal child pR0n from your
connection?
While this is a bleak picture, all is not lost.
As you say, cycle your keys at least once a week.
Don't reboot the access point unless you have to.
Do place firewalls on all machines on the internal network if they are
accessible from the WiFi access point.
Do implement a high grade cryptographic Virtual private network (VPN)
between all your hosts (most decent firewalls can handle this) - while it
doesn't prevent anyone joining your network, it does prevent them from
sniffing your network traffic and makes it a LOT harder for them to get into
your computers.
If your WiFi access point allows it do set it up such that only known WiFi
card MAC(hardware) addresses are allowed to join the network. If a cracker
breaks you WEP he still has find a way to join the network.
Whilst these measures are not foolproof, better solutions are on the way
(802.11i for example which was ratified in June 2004) which implements much
harder to crack security.
In Summary you shouldn't be blase about your WiFi's WEP key, but also don't let fear stop you from utilising technology.
In-real-life having any locked door is better than no door.
IMHO this is because a pros/cons calculation is performed in the mind of a
potential "Burglar". Even though breaking in is technically easy it requires
the "Burglar" to make a conscious decision to break the law, weighing up
the risk of being seen or leaving evidence to the benefit of routing around
in other people property.
However, imagine that you had the power to get into someone's house without
leaving evidence that ties the crime to you, or even any evidence that a
break-in has occurred. i.e. you completely remove the negative from the
risk/reward calculation. Would you look in you next door neighbours house?
or through the files of a business competitor? It would certainly be more
tempting.
The fact that this cracking a WEP key is relatively easy and not "a very
difficult problem", as is the case with high grade cryptography found in SSL
for instance. Tied to the fact that the act of cracking a WEP key is a
purely passive experience in that you don't need to advertise your presence
by sending out radio signals but just sit and receive them, so you can take
as long as you want to do it, and that even after you have cracked it and
joined the WiFi network, there is no switched network or IP address that
will give away your physical location, and you can be in a car ready to
drive away should someone be sophisticated enough to home in on your signal
make WEP cracking a pretty painless experience with a potentially massive
upside.
Given that most Wifi networks aren't run by security agencies with the
skills and resource to implement counter-surveillance but average Windoze
users at home or in their offices, there is almost no chance of getting
caught at it, and so it becomes a real possibility that if you have such a
network then so-called war-drivers may have had a look at it.
While this may be bad news for people who operate their WiFi networks using
plain WEP or its relatively more safe variants what's the problem for
everyone else?
The Problem is that cracked WiFi networks are the perfect place for the
average "script-kiddie" or more evil people to launch internet attacks from.
Such attacks may just want to create a Distributed Denial of Service attack
an a DNS server in order to intercept a targets requests but the collateral
damage is that viruses and worms are released into the wild in order to
achieve that aim, and as a side effect mess up other people's computers. The
perpetrator will be very difficult to catch in the act, but also should the
authorities trace the source of the attack it will be the legitimate user,
whose network the prep. masqueraded behind who is in the frame.
If this is not bad enough, and you think it serves people right for using
easily virused operating system, what would you do if some one was
committing very bad crimes or downloading illegal child pR0n from your
connection?
While this is a bleak picture, all is not lost.
As you say, cycle your keys at least once a week.
Don't reboot the access point unless you have to.
Do place firewalls on all machines on the internal network if they are
accessible from the WiFi access point.
Do implement a high grade cryptographic Virtual private network (VPN)
between all your hosts (most decent firewalls can handle this) - while it
doesn't prevent anyone joining your network, it does prevent them from
sniffing your network traffic and makes it a LOT harder for them to get into
your computers.
If your WiFi access point allows it do set it up such that only known WiFi
card MAC(hardware) addresses are allowed to join the network. If a cracker
breaks you WEP he still has find a way to join the network.
Whilst these measures are not foolproof, better solutions are on the way
(802.11i for example which was ratified in June 2004) which implements much
harder to crack security.
In Summary you shouldn't be blase about your WiFi's WEP key, but also don't let fear stop you from utilising technology.
posted by Karl at
11:46 PM
0 Comments:
Post a Comment
<< Home