Wireless Networking for Paranoid Hackers!

Posted on 07/12/2009 by


Implementing Basic Wireless Security.
We’ve all done it…we’ve all seen the lack of confidence that wireless networking has brought our world. It’s a new frontier and there are open doors wherever we turn. Fewer among us are those who have actually sat down and broken an 802.11b WEP key. Though its time consuming it can be done especially when it comes to business networks administered by so wanna-be network administrators. Point being is that we know the keys can be broken. Where does leave those of us who want to enjoy the freedom of wireless? Whether its in our own networks or in municipal access nodes… we are anxious both with the data security and privacy. These are a few methods of securing a wireless network as well as securing your connection over a public wireless network.

Key Differences

One little detail to keep in mind even as your reading this post!…My suggestions on home wireless cover mostly security and ways of keeping people off of your network to begin with. If you want to open your network to all those in range you can take the majority of tips from the public wireless network section and apply them.

Home Wireless Security

The Simple Methods

ACL or an Access Control List is a characteristic that I’ve found in almost every wireless router I’ve come across. In my judgment its an obligatory security tool. I can already hear the objections of those who’ve either beaten these systems or know how to atleast in theory. ACL’s filter is based on a listed of wireless card MAC addresses. They look at the MAC address of any card that attempts to join the network and if that MAC is not found on a list of approved…MAC addresses the card and is not allowed to join the network. Surely this can be beaten by an attack his/her sniffs an approved MAC address out of the air uses a MAC Spoofer to make their MAC your own…and then join the network. Once you’re in its easy enough to knock the real user off the network…on the other hand firmly speaking you don’t have to in order for you to use the network…For a home network would be to only approve your own cards and the cards of users who are allowed to join the network. This is not a sure way to keep illegal users out however when coupled with other security methods it can be effective!!

WEP or Wired Equivalent Privacy is the strong-minded hacker’s best friend. WEP can be broken in less than eight hours. Most of you will read this and finish that its a weak encryption and unfit to secure data however… there are two points to keep in mind when considering WEP. First the network traffic must be at a peak for the attacker to imprison enough packets to break WEP and secondly it takes up to 8 hours of sniffing to capture the packets. A strong-minded attacker can be slowed by turning WEP keys weekly or for the paranoid its daily and however if you’re so paranoid…then why are you using WEP? Key rotation can only take you so far.

Many new 802.11g access points agree to use WPA (Wifi Protected Access). WPA uses a pre-shared key in arrangement to encrypt wireless transmissions. There are no tools for cracking WPA… however WPA is weak to a dictionary attack meaning that a strong-minded attacker can simply try every combination of different words and ordinary phrases until he/she breaks the key. As you can guess this is much more time consuming than automatic cracking of WEP keys. WPA is considerably more secure and if you’ve got cash and are buying a dedicated wireless router…then is suggest you choose an 802.11g router simply for the added strong point of encryption.

How WPA Works

What makes WEP weak is its Initialization Vector (IV). The IV is a 24 bit number that is joint with the key that the network administrator entered into your access point’s configuration interface. A new IV is used for each border (packet) transmitted. There are two problems with this.
1. The IV is a pseudo random number…which is not truly random and so it can be predicted within a range.
The IV will reprocess itself over a certain amount of time which means you have the same IV and the same key with a different payload. If an intruder collects enough of these frames that person is able to give and take your network.
WPA has been better by using a 48 bit IV which means it will be considerably longer before the IV is recycled. The second way that WPA improves over WEP is the way that users connect to a WPA enabled AP. When a user connects they are truly using a pre-shared key or in higher configurations a password from an verified server (LDAP, RADIUS, etc). Once they are made a member of this network a WPA key is created. Every so often WPA will make a new key per client which when joint with the longer IV makes WPA much harder to crack. Finally WPA uses has strengthened a technology used in WEP verification. Upon this transmission of every frame WEP added a 4 bit ICV to verify that data integrity (i.e. no injected packets, no forgeries). The problem with this is obvious because the intruder can cut off the transmission and change the payload recalculate the ICV and then retransmit…none of them would be the wiser. However WPA solves this problem with a new 8 bit MIC (message integrity code) that resides within the encrypted payload and the factors into the calculation of the ICV. It reduces the possibility of forged packets. These improvements over WEP make WPA a sound security method for any network and that is they release 802.11i.

Enjoy! 🙂

Posted in: Hacking, Networking