BOOT CAMP ARCHIVE 2007

  

 

BOOT CAMP 457 (02/01/07)

Wireless Networking, part 3

 

This week’s topic is security and one of the first questions many newcomers to wireless networking ask is how safe is it? The simple answer is that it can be very secure and perfectly capable of keeping out all but the most determined and well-resourced intruders but like any security system it has flaws, and the biggest one is the people who use it, or rather the ones who do not use it properly, or at all!

 

Wireless networking represents a major threat to your PC’s well-being, your privacy and the security of your data for the simple reason that if your network is unsecured anyone nearby with a wi-fi equipped laptop can log on, steal information, plant malicious software and hijack your Internet connection, and it is remarkably easy to do.

 

One of the reasons why security is so important is because wireless networks and devices are not secret or anonymous. Quite the opposite in fact and they announce their presence to anyone within range by constantly broadcasting an identity beacon called a Service Set Identifier or SSID. This is basically the network’s name, assigned by the user during setup, though it’s surprising how many Wi-Fi Networks are called ‘Home’ or ‘Wireless’ (common defaults)

 

A few years ago a minor cult grew up out of the terrifying lack of security measures employed by many companies and the growing number of home wireless network users. ‘Warchalkers’ as they were known roamed the streets (‘wardriving’) looking for unprotected wireless access points or routers. When they found one they used chalk marks to identify the premises to their fellows and publicised the information on the Internet. For the most part they confined their activities to gaining free Internet access but there are plenty of examples of open wireless systems being hacked into by crooks and vandals.  

 

Nowadays most PC users should be aware of the need for security but with the explosive growth of broadband and Wi-Fi it is frightening how many home systems are left exposed. From my home in South London I am in range of four of my immediate neighbour’s Wi-Fi networks, two of which remain completely unprotected (in spite of my warnings...).

 

Most pre-packaged systems and ‘home hubs’ have their security systems enabled by default but the biggest loophole is the vast number of home-brew systems, assembled from off-the-shelf components. In order to simplify installation (and no doubt ease the burden on support staff) the security features are switched off and it is left up to the user to enable and configure them.

 

Wi-Fi security should be switched on all of the time. The only exceptions are during the initial setup, briefly when troubleshooting a faulty connection or if you take your laptop on the road and need to be able to log on access points or wireless hot spots (just don’t forget to switch it back on again afterwards).

 

Wireless security has to work on two levels. Firstly all of the data flowing between the computers in the network needs to be scrambled or ‘encrypted’ so even if the signals are intercepted the data cannot be read. Secondly it has to provide the necessary permission or ‘authentication’ to PCs or devices that are allowed to connect to the network.

 

There are two wireless security systems that fulfil those basic requirements, which are included in the IEEE 802.11 Wi-Fi specification, and therefore the ones you are most likely to encounter. There are also numerous proprietary systems but these tend to be used on large-scale networks operated by financial institutions Government departments and so on, where there is a need to maintain the very highest levels of security.

 

The earlier of the two Wi-Fi standard systems is WEP or Wired Equivalent Privacy. Although it can be relatively easily hacked by an expert (see also this week’s Top Tip), the highest of its encryption levels is just about sufficient for basic home network security. WEP systems use a ‘shared key’ to encrypt and decrypt data, which must be entered into all devices connected to the network. The length of the key determines the level of encryption and the more random it is, the safer it will be. It’s also a good idea to change the key on a regular basis. Words, names and phrases etc. are best avoided as they can be cracked more easily using ‘brute force’ or ‘dictionary attack’ methods.

 

The alternative to WEP is the newer and more robust WPA or Wi-Fi Protected Access system. You may also come across WPA2, which is an amendment to the original 802.11 Wi-Fi specification (aka IEE 802.11i) and sets out detailed security arrangements for more advanced networking systems.

 

But back to WPA and this employs two types of security key. TKIP (Temporal Key Integrity Protocol) creates a new key every time a PC or device logs onto the network, making it almost impossible for it to be guessed or cracked. WPA also uses a variation of the shared key system (WPA-PSK), which can be used on older set-ups that do not fully support all WPA features. Incidentally WPA support has only been available in Windows since the release of Service Pack 2 and a free update package is available from Microsoft.

 

Next Week -- Wireless Networking, part 4

 

JARGON FILTER

 

BRUTE FORCE ATTACK

A hacking program that tries to guess a password or PIN by running through all of the possible combinations of letters and numbers, potentially making thousands or millions of attempts per second

 

DICTIONARY ATTACK

Most people use words or names to create passwords or passphrases because they are easy to remember. A Dictionary Attack program simply ploughs through common letter and word combinations to discover a password -- and often succeeds!

 

WPA-PSK

Wi-Fi Protected Access - Preshared Key. Less secure method of protecting a wireless network using a key based on a common passphase provided to all users

 

 

TOP TIP

WEP security has two standard encryption levels: 64-bit encryption relies on a 40-bit key and the slightly stronger 128-bit level uses a 26-bit key. Both levels are relatively easy to crack by passively intercepting network traffic on a Wi-FI equipped laptop. Hacking software analyses the data packets, looking for repetitive patterns, which can reveal a key. WEP encryption can also be actively hacked, using ‘brute force’ and ‘dictionary attack’ methods, bombarding the system with log-on attempts whilst remaining undetected by simulating normal network activity.  

 

---end---

 © R. Maybury 2006, 2712

Search PCTopTips 


Web

PCTopTips

Boot Camp Index

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

 

Top Tips Index

Windows XP

Windows Vista

Internet & Email

Microsoft Word

Folders & Files

Desktop Mouse & Keyboard

Crash Bang Wallop!

Privacy & Security

Imaging Scanning & Printing

Power, Safety & Comfort

Tools & Utilities

Sound Advice

Display & screen

Fun & Games

Windows 95/98/SE/ME

 

 

 

 

 

 Copyright 2006-2009 PCTOPTIPS UK.

All information on this web site is provided as-is without warranty of any kind. Neither PCTOPTIPS nor its employees nor contributors are responsible for any loss, injury, or damage, direct or consequential, resulting from your choosing to use any of the information contained herein.