WiFidelity Content provided by: Jeremy Turner - RocCity
With the amazing capabilities of wireless technology, equally severe cases of exploitation have emerged; August 2008 news headlines alerted readers that 41 million credit and debit card numbers were being traded on the international black market. Similar momentary headlines and complaints ensued. TJ Max, a discount clothing retailer hit hard by the attackers reported a staggering $24 million in damages. Rapid expansion of wireless technology in its infancy coupled with inadequate security research in the early production/standard developmental phase have flooded the market with legacy hardware and poor encryption standards. Of course for compatibility, even the latest consumer products support these cracked security standards. Not unlike "The Big Three" early auto manufacturers at the revelation of a safety belt, wireless hardware manufacturers have seemingly ignored publicly addressing the 802.11 standard developmental shortcomings when it comes to security. Possibly for the same reasons the "The Big Three" did; the fear that safety(security) concerns might drive down sales. The associative equivalent of a five-point harness; AirDefense, started off capitalizing on the inherent flaws of poor WiFi security standards by offering innovative products that provided better security at a premium price. Unsurprisingly, one of the larger wireless hardware manufacturers, Motorola, acquired said company AirDefense in September of 2008.
Lacking a point and click solution to secure WiFi, the best defense is to bunker up with some knowledge about wireless security...
We begin by explaining why good encryption standards are needed with wireless technology: Wireless networks with no security (Public WiFi) present many problems; some think: "Well I know the network is insecure- but my bank uses encryption on their site when I connect." While this is valid; most banks do use good encryption, there are still major issues with this reasoning. For example; say I'm a hacker sitting in a coffee shop and I have my paysomeone credit card on me, but alas, I have no money on my paysomeone account. There is about 10-20 people utilizing the coffee shop WiFi so odds are, with a little patience, someone in this tech utilizing group will want to access their paysomeone account. Paysomeone uses encryption, so this coffee fiending hacker wont be able to easily intercept the user name and password to satiate his caffeine craving. However, because the paysomeone victim is trusting an unsecured network, this jonesin' joe can easily fool the paysomeone customer to unsuspectingly just hand them their account info. The hacker will visit paysomeone's website himself, copy the entire front page, possibly secondary links on the main page, and the authentication failure page. He sets up his own web server on his laptop, and forces requests for "www.paysomeone.com" to be redirected to his own mock-up paysomeone site. The victim will enter their information and get an authentication error. This leads the victim to believe they may have mistyped their password, meanwhile, the attacker gets the users log in information. At this point the attacker changes the "www.paysomeone.com" redirection to the actual site. The unsuspecting paysomeone user will believe that they just made a typo, re-type their info, and go about their business. Our caffeinated cobbler has ascertained the paysomeone account information and is able to transfer money from the victims account to his, enabling his perky beverage purchase. Public WiFi is fine for surfing and general searching when privacy is not an issue. Just be aware that when using an unsecured network, traffic can be intercepted very easily. Try to eliminate or minimize exposure to this type of network unless you are in fact just surfing. The example above is just one exploit associated with unsecured WiFi, others include intercepting e-mail, instant messages, social network information, the list is quite long.
There are two prevalent types of network security with a few variants, these two types are known as WEP and WPA. WEP or Wired Equivalent Privacy is the weakest of the two. This type of security can be compromised in 10min or less. WPA (WPA1) or WiFI Protected Access version 1 was secure for a while, but is no longer a very secure method for securing a wireless network. Hash tables are available for WPA1 which makes breaking this type of security fairly quick. WPA2 or WiFi Protected Access version 2 can be configured to be annoyingly secure, or secure to the point where it would make sense from an attackers point of view to chose another target or vulnerability. So why do routers have these options available if they are easily compromised? When the standards were evolving for WiFi security, there is a gap between what hardware the users would most likely have, and what the router is compatible with. So from the routers manufacturer point of view this would present a hurdle with delivering a product for the average user so they make the older compromised security methods available for hardware compatibility.
Currently the best option for securing your wireless network is WPA2 AES, WPA2 TKIP + AES can be used for compatibility with older hardware that does not fully support the WPA2 standard. However this type of encryption still relies on non-dictionary words, on-sequential or exclusive use of numbers and alphabet characters.
Concerning password length; passphrases or passwords similar to "theskyisblueinfrancetoday" present a good case in password length, however with the use of dictionary attacks this type of pass phrase can be compromised in a reasonable amount of time. Using strings of numbers is also a bad idea as this type of password can be quickly compromised via a numerical brute force attack. A good password or pass phrase consists of alphanumerical combinations that contain special characters, upper and lowercase letters as well. For example, "kd9n29c[-1/> ,?Psk0" would represent a strong pass phrase to configure for WPA2 AES WiFi connections. Of course, since this exists published on the Internet with keywords like password and pass phrase, it's a good idea not to use this one. As an additional security measure MAC address restriction should be imposed upon your primary network, establish a separate WiFi network for guests or non sensitive access that you may grant as necessary. MAC address restriction takes the hardware addresses from the network devices that you wish to use the connection with, and limits resources to these specific addresses. If a user is not registered with the router, the router will ignore requests from non-registered devices. If you are wondering why this method alone is not secure, I would refer back to the coffee shop model with a slight variant. If an attacker is sniffing for traffic on this MAC address restricted network and there are devices attached to the network, the attacker can gather these addresses for later use when these devices are not registered tot he network. For example, you add the MAC address of your laptop the the router in your office, during the day you use this MAC address on the network and the traffic can be intercepted and the MAC address collected. After you leave work for the night, the attacker changes the MAC address that his wireless device registers to the network with, and becomes part of your network.
It seems from the context of this article that some might think: "Well, if wireless networking is so insecure then why not just stick to wired networking?" The answer to this is simple; with the development of any new technology, especially one that involves an industry standard, there will be setbacks. These are relatively minor issues that can be solved through understanding technology, maintaining similar vigilance to technology updates and we do to vehicle recalls, and taking personal responsibility for our own security.
Revealing information from a local survey; troubling numbers of systems are not using any security, or are using the early (poor) encryption standard. Reports dating back to 2007 from firms similar to AirDefense, and Black Hat estimate more than 50% of wireless access points were not configured properly. In this case, meaning the average teenager armed with google can, in a matter of hours, learn and execute successful attacks on these networks in about 10 minutes. Not a whole lot has changed as we approach 2009; surveys conducted locally in Rochester showed equally concerning data.
When accessing public wireless or unencrypted networks, you might elect to set up your own network at home or in a static place and establish your own tunnel through unsecured networks with some type of encryption, the most common type of this tunnel is a VPN, or virtual private network. This is also a useful measure for business with employees that have sensitive data on their laptops, the data can be stored on a central server and accessed remotely and securely via VPN. Utilizing unsecure wireless networks in this fashion will eliminate the need to have knowledge about the networks where you will be traveling, and whether or not they will be secure. This is the best option to maintain some security in a variable environment; the ideal solution for road warriors.
In a perfect world, everyone would have access to a RAIDUS Authentication Server. In short (very short), when it comes to wireless and RADIUS Servers, the RAIDUS Server acts as both a gatekeeper and personal body gaurd. Instead of having to remember a very complex password or passphrase, you have a username and password, which can be the same one used to log on to your work or home network. When you supply your username and password the gatekeeper (RAIDUS Server) passes a complex key for your wireless device to use, this key is changed at intervals to make decrypting intercepted traffic extremely difficult.
RocCity offers wireless service, security assessments and solutions.