Re: wirless connection security issues

On 8/1/06, Michael Krymson <krymson@xxxxxxxxx> wrote:
It is better than trying to teach every home user (think your
parents) the ins and outs of RADIUS, TLS, VPN, etc. They don't care, and
that kind of approach will just turn them away from trying anything.

Teaching them how to enable WPA/WPA2 is little more difficult than
using WEP. Both can use shared keys, and the only additional thing
needed for WPA2 is a patch for XP. If that's not available due to
being on Windows 2000 or earlier but still having a WPA2-capable
network, a supplicant can be purchased, but WPA with a sufficient
passphrase will suffice for most home users if WPA2 isn't available
for technical or financial reasons. I brought up RADIUS and EAP
because Cherian mentioned paranoia -- and then I backtracked because
it was overkill for that particular situation.

But never deny that WEP or any encryption will still deter everyone else
including Windows XP which automatically connects to open wireless
networks.

Saying that WEP provides security because it deters the people that
have their computers set to connect automatically is like saying that
closing your front door deters people that might just walk into your
home. If that was an issue, MAC address lockdowns would be
sufficient, and we wouldn't need encryption. It provides little more
than privacy from people who generally have no desire to look in the
first place.

I really don't understand why this idea that WEP is "good enough" is
still present. I knew five years ago that WEP was a bad idea. WEP
cracking is only going to get faster as network and CPU speeds
improve. At some point, I imagine someone will break the two-minute
mark -- if not better -- on a routine basis. Perhaps at that point,
it will be drilled in that WEP needs to be not only disabled, but
deprecated and eventually removed.


Jarrod

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: radius+ wireless
    ... if you or someone else has duplicated a MAC address on the same ... current set up with weak WEP and but decent authentication, ... You didn't mention what kind of wireless, what your coverage area is, ... gear, RADIUS might be sufficient. ...
    (Security-Basics)
  • Re: wireless network disconnects when using IEEE 802.1x authentica
    ... Firewall Router gateway supports four different types of security modes. ... WPA RADIUS and 802.1x RADIUS. ... security be compromised even though I will be using WEP 128 bit encryption?? ...
    (microsoft.public.windowsxp.security_admin)
  • Re: RADIUS server setup
    ... sure which one to pick for authentication. ... Wireless Configuration and there's a setting for WEP but it doesn't allow me ... There are two encryption options for WPA Pre-Shared Key, ... WPA RADIUS: WPA RADIUS uses an external RADIUS server to perform user ...
    (microsoft.public.windows.server.sbs)
  • Re: RADIUS server setup
    ... I have not set up a WEP-based wireless network, ... complex, but based on WEP. ... For the Linksys setup, when I select RADIUS, I ...
    (microsoft.public.windows.server.sbs)
  • RE: Wireless Pent-Test
    ... If this is for home use have them turn WEP and MAC Address filtering on. ... You need to secure access to your protected network. ... So your VPN is ... his wireless network packets to make sure it is 128 bit encryption... ...
    (Pen-Test)
Loading