Meet CoolAcid - God Department

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

Wifi is becoming a very popular form of networking for businesses and households alike. The freedom of no wires allows users to place their laptops or desktops anywhere within the building with little or no hassle. Over the past years the number of Wifi access points has grown dramatically. However, most people do not understand the basics of Wifi security.

A study was conducted from 2001 to 2004 in many US and Canadian cities to determine the number of access points and how they were configured. The retrieved data included the total number, the number with basic security, with a default name, and a combination of the two. This had staggering results. As you can see in figure 1, the number of access points has dramatically increased, however percent of those that are unsecured have stayed the same. This also indicates that an average 67.8% of access points did not add simple WEP encryption to help protect access and data.

Security is required on access points for a few main reasons. Once someone gains access to an access point, they are virtually inside that network. In most cases that network is trusted on the local LAN, (Since it is usually part of the local LAN), providing all access to the resources and data that is contained within it. Secondarily, this becomes a virtually untraceable point to access the internet. This can be used by some people just to serf the web, and access email, but also used for malicious intent.

All access points include at least three basic security mechanisms; WEP Encryption, MAC filtering, and SSID broadcasting

  • WEP (Wired Equivalent Privacy) Encryption gives basic encryption between the access point and each end client. It uses a shared key either 64 bits or 128 bits long. Some systems allow you to create pass phrases that get ‘encrypted’ to create exact length encryption keys. This makes it easier for end users to create keys without needing to know the exact length they need to be. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily-available software in two minutes or less.
  • MAC (Media Access Control) filtering allows the administrator of the access point to only allow packets access to the network from known network cards. MAC addresses are 48 bit unique numbers engraved digitally in all network cards. This theoretically means that if only 4 cards are to access the access point, the administrator is able to code these address into the system and the system will ignore all other cards. The only way for a system to know its MAC address and send data out is for it to be processed by the actual computer. Since this is the case, on most computers it is possible to overwrite or fake the MAC address being sent. This means the access point would allow access since it ‘looks’ like the intended computer.
  • SSID (service set identifier) broadcasting is how clients can be aware that a network exists in an area. On most equipment you are able to turn this broadcast off making it look as though there is no network there. However, once there is any traffic a simple tool will be able to see it, and determine the fact that in reality there is a network.

A secure network could be created using all three of these security systems, and will detour the casual person trying to find a network to latch into, however to an experienced cracker, or someone who is determined to access a particular network, this will be of little challenge.

Newer technologies can utilize WPA which at a high level view is the same concept as WEP, however, the keys are not specific to one device, and they rotate. This makes current cracking utilities unable to crack the keys. Basically, since once there is enough data to determine the key, the key has already changed. Also available are server side authentication systems that interact with Radius or LDAP servers to provide password or other forms of user authentication.

In closing, it is important to secure your access point. No mater how you do it, you save yourself a lot of possible issues, and keeps you and your network safe.

References include, worldwidewardrive.org, wikipedia.org

 

© Meet Gavern - Free Joomla! 3.0 Template 2022