Discussion on: WiFi Security–The Only Way is WPA

By: S3kur3

S3kur3 — Mon, 23 Jun 2008 03:01:59 +0000

Fair enough on both counts. I in no way meant to suggest that WEP is adequate protection- just that even a WEP encrypted network is less appealing to an attacker than an unencrypted network, and since there are unencrypted networks every 100 yards or so, the chances of someone wasting the time to crack your WEP are fairly low.

Point taken on the ability to crack WPA2. I submit that a layered approach is still the wiser approach though because what takes ‘10 quintillion, 533 quadrillion, 833 trillion, 66 billion, 248 million, 927 thousand years’ to crack today, may only take 30 minutes a year from now with Moore’s Law and advances in cryptography.

By: The Geek

The Geek — Sat, 21 Jun 2008 16:55:16 +0000

S3kur3 also points out that WPA/WPA2 is crackable. We can have a quite lively debate over this! (I invite S3kur3–any anyone who else who cares to–to email me at ken at harthuntechnologies.com) The article he cites says, “The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length.” Further, cracking WPA is a very computation-intensive process: “…[the]computer can only test 50 to 300 possible keys per second…[using the aircrack-ng program described in the article].” Even at a speed of 10,000 keys per second, it would take 22,875 years to crack m^P2sswd. So, I challenge anyone attempting a brute force attack to spend the next 10 quintillion, 533 quadrillion, 833 trillion, 66 billion, 248 million, 927 thousand years (this is a rough calculation) trying to discover all possible combinations of ‘Qt6W’{/b?@mn,QL”Q%. Anyone who has followed my advice about unguessable passwords is immune to an Aircrack-ng attack.

My point in these articles is to try to get people to think with security in mind, not blindly follow someone’s advice whether or not he or she is an expert, certified professional, recognized authority, or whatnot. Anyone even remotely involved with information security should thoroughly evaluate the advice they give to those less enlightened. If you apply all of the 13 Maxims I’ve issued to date (several more to come) you’re more secure than most of the corporate clients I serve.

By: The Geek

The Geek — Sat, 21 Jun 2008 16:08:58 +0000

S3kur3 (nice moniker, BTW) is quite right: A layered approach to security is always superior to a single, “silver bullet” approach. Go ahead and use SSID hiding and MAC filtering along with WPA, but don’t think that a three-layered approach using WEP instead of WPA is truly secure. I stand by my assertion that WPA is the only way to do the encryption.

By: S3kur3

S3kur3 — Fri, 20 Jun 2008 13:17:38 +0000

Also - WPA / WPA2 is also breakable and can not be relied on, by itself, to protect your wireless network (Tutorial: How to Crack WPA / WPA2). Filtering MAC addresses or disabling the SSID broadcast could provide an added layer of security to protect the WPA/WPA2 encrypted network.

By: S3kur3

S3kur3 — Fri, 20 Jun 2008 13:09:21 +0000

As a fellow professional writer and blogger (and fellow IT Knowledgebase Blogger), as well as the CISSP who wrote the article in question regarding disabling the SSID broadcast (as well as having written about MAC address filtering), I thought I would respond.

Your points 1 and 3 imply that those who suggest such things suggest them in a vacuum, or as the sole, silver-bullet method of safeguarding a wireless network. In most instances, or at least speaking for myself- that is not the case.

Yes, disabling SSID broadcasting and MAC address filtering in and of themselves will not completely protect your wireless network from attack or unauthorized use. But, it will, as you yourself mention, protect the wireless network from casual users inadvertently connecting.

In the grand scheme of all users in the world with wireless-enabled equipment, what percentage would you classify as “casual users” and what percentage do you think roam around with the skills, the tools, and the motive to sniff out my hidden SSID and connect to my network? I assure you that the odds of a casual user passing through my neighborhood, or even a neighbor living nearby inadvertently connecting to my network is significantly higher than the chances that some rogue hacker with uber skills is going to target my network.

It is not a silver bullet. Companies in particular need to implement other measures such as WPA2 encryption and additional authentication such as RADIUS, and segregate their wireless network from the physical LAN. But, I can sit in my living room and pick up 10 networks.

Six of them are open and unencrypted. Four of them have encryption of some sort. If I wanted / needed access to a wireless network, you can bet that I am going after the unprotected low-hanging fruit rather than trying to break the encryption on the four that are ’secured’. And, there may be another 10 out there with SSID broadcast disabled that are relatively safe because I am also not going to waste my time trying to find them when I have 6 open networks readily available.

So, I agree with all of your points. Hiding SSID is not secure by itself. WEP is not secure by itself. MAC address filtering is not secure by itself. However, they are all valid parts of a layered defense that helps to make your wireless network less appealing to an attacker than the open, unencrypted, publicly available network your neighbor is running.