• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Is 802.11B secure enough for home broadband sharing?

D

DrJeff

Senior member
I am tempted by 802.11b now that an AP+PCMCIA pair has dropped below $200. My main reason is to use the laptop on the cablemodem from a distant area in the house. Printing a job would be nice, or looking on my desktop drive for a file while in the LaZBoy with laptop. Is anyone really concerned about WiFi security holes in a residence? I run McAfee Internet Security on the networked machines, which should perform some firewall protection if set correctly. For this app, does 40 vs. 64 vs. 128bit security matter? Thanks for anyone's input.

Jeff
 
Jeff:

That's a good question. People of course have varying opinions about 802.11b and the known holes.
Many vendors (like Orinoco) have taken steps to plug those holes, either in hardware or client software.

The bigger question is: How many people take the time to even configure security properly?
Most of the war-driving reports note that WEP isn't even enabled. Nothingto crack anyway.
They also note that most APs are set in "open" mode, which means their network ID is broadcast openly as well.
And, a good number of them have a WEP key that is simply based on a subset of the network ID (as per most manufacturer's suggestion).

As always:
Nothing is absolute in the realm of network security.
Security is exploit and countermeasure, nothing more.

P.S. I use it and still sleep at night. But I don't have any info worth stealing.
 
< P.S. I use it and still sleep at night. But I don't have any info worth stealing >

Yea, but deep in my cortex, I am concerned about identity theft. If someone wanted to ferret through my HD, they might find a SSN, my date of birth, maybe an odd mutual fund account number or an online brokerage account login in a password file. Hopefully, that does not sound too paranoid?

On a related note, isn't RC4 equivalent to WEP something? Or is that a completely different, safer form of encryption? Some hardware vendors bragg about having RC4 like it is something so much more robust...
 


<< I am concerned about identity theft. >>

And honestly, I probably should be as well, because that type of thing is a valid concern for everybody!
 
TallGeese,

Can you expand on what measures of enhancing security past the flawed WEP are being achieved?

I know Agere has WEPplus, but I haven't heard anything else.

I'm pretty sure my wireless router broadcasts the SSID, but I used MAC addressing to control which machines can gain access. Which manufacturers let you turn off open mode?

Based on the popularity of 802.11b, I would have assumed manufacturers are banding together to release firmware upgrades this calendar year to address customer concerns.

However, recently I read articles regarding wireless security that suggested some of the improvements will go into new hardware, somewhat implying older gear will forever be "broken".
 
I'm talking mostly about what Orinoco has done so far, since that is the brand with which I have the most experience.

<< I know Agere has WEPplus, but I haven't heard anything else. >>

This has been one visible step taken. I do know Cisco has taken steps in their Aironet series to offer dynamic WEP and other features.

<< I'm pretty sure my wireless router broadcasts the SSID, but I used MAC addressing to control which machines can gain access. Which manufacturers let you turn off open mode? >>

MAC address access lists are actually a good step (I do this also), coupled with other steps. Orinoco (Agere, cr@p what are they calling themselves this week?) allows its AP hardware to be changed to "closed" mode using their AP Manager software utility. In the case of their SOHO products, only AP Manager can set this currently (I don't believe the most recent release of the "friendly" Java setup utility has added this option).

<< Based on the popularity of 802.11b, I would have assumed manufacturers are banding together to release firmware upgrades this calendar year to address customer concerns. >>

I've seen announcements about this very issue, but have a feeling that the initial promises to "fix" WEP will not turn out to be as easy as they originally implied, if it happens at all.

<< However, recently I read articles regarding wireless security that suggested some of the improvements will go into new hardware, somewhat implying older gear will forever be "broken". >>

This would not shock me in the least, particularly with "smaller" vendors who don't offer enterprise level equipment.

IMHO, vendors would be stupid NOT to try to "fix" current 802.11b, since any problems with it may hinder the adoption of 802.11g (which supports both 80.11a and 802.11b).
And, if I'm not mistaken, isn't 802.11a plagued with the same key problem as 802.11b? And didn't 802.11g have to go back to the drawing board to remove those flaws?
 


<< I run McAfee Internet Security on the networked machines, which should perform some firewall protection if set correctly. >>


This isn't going to do Jack if someone with an 802.11b wireless PC card and a laptop is sitting outside your house using a packet sniffer to check out what you're wireless machine is sending to the AP. The firewall you are using just keeps people from tapping into your PC or keeps programs from going out to the internet (or LAN). It doesn't do anything to protect your data once it leaves your machine.

To lock down your wireless network here are the steps:
1. Use a MAC list that gives access to the machines you want.
2. Use 128bit encrpytion
3. Disable network ID broadcasts
4. Use a static IP for your wireless clients (no need to give out valid IPs to unauthorized machines)

This will give you a pretty dang secure wireless network. But I even take it a few step further. My machines need to authenticate to a domain sever to access files and ALL wireless client will connect via VPN were ALL data being passed will be encrypted. If someone wants to put forth the effort and crack all my security messures, go right ahead but I'm not going to make it easy on them. 😉

You're pretty safe with the first four though. Rest easy. 😉
 
Two of my neighbors share my cable modem using 802.11b. I have not enabled WEP but changed the SSID. I am not that worried, and no one else around really knows jack about computers.
 


<< To lock down your wireless network here are the steps:
1. Use a MAC list that gives access to the machines you want.
2. Use 128bit encrpytion
3. Disable network ID broadcasts
4. Use a static IP for your wireless clients (no need to give out valid IPs to unauthorized machines) >>



128-bit encryption does absolutely nothing extra over 40-bit. If someone has taken the time to break 40-bit WEP, it is JUST as simple (and trust me, it's simple) to break 128-bit WEP.

Check out Airsnort. If you want to sniff 802.11b on a supposedly "secure" network, it's as easy as installing a Linux package...

Since #2 does nothing and #1, 3, and 4 only prevent people from USING your wireless network, there is absolutely NO WAY to prevent people from seeing every packet of traffic that flies over your LAN.
 


<< 128-bit encryption does absolutely nothing extra over 40-bit. If someone has taken the time to break 40-bit WEP, it is JUST as simple (and trust me, it's simple) to break 128-bit WEP.

Check out Airsnort. If you want to sniff 802.11b on a supposedly "secure" network, it's as easy as installing a Linux package...

Since #2 does nothing and #1, 3, and 4 only prevent people from USING your wireless network, there is absolutely NO WAY to prevent people from seeing every packet of traffic that flies over your LAN.
 >>


I agree but the steps I listed above are about as secure as what you can make a wireless network using just an AP and wireless card. Like I said above, you can go a step further and have users authenticate to a domain and also use a VPN connection. You can intercept all the packets all you want, but you aren't going to make anything out of it.. And you aren't going to get access to the network....well nothing is uncrackable, but it's sure going to be hard as hell. 😉
 
MAC address lists don't help alot because you can easily spoof a mac address. WEP isn't worth trusting. The best advise I can give is:
1.) turn off beacons/broadcasting of id's - if you don't yell that you're there, you're less of a target
2.) turn on 128bit WEP. Sure its not alot, but actually from the people I've talked to who have tried to crack it, it does take a little longer while to gather enough "interesting" packets to crack it.
3.) encrypt everything, don't use telnet, etc. Pipe everything through a VPN if you can.
4.) treat it like a cordless phone or cellular phone, anyone could be listening at anytime so don't give out your social security number, or do your online banking over it unless you normally would on a cordless phone

I personally don't think turning off dhcp does much because you could test out the most popular addressing schemes in about 5 minutes and probably find out enough to get on.

So is it secure enough for broadband sharing, of course, but its also not 100% secure either, and way less than that if you just "plug and play"
 


<< and also use a VPN connection. You can intercept all the packets all you want, but you aren't going to make anything out of it.. And you aren't going to get access to the network....well nothing is uncrackable, but it's sure going to be hard as hell. >>



Yup. Any higher-layer encryption is infinitely better than the link-layer garbage that gets thrown in at the 802.11b stage. Personally, I don't mind using an unencrypted wireless net, because I don't care if people see what websites I look at. Any websites that I put passwords into are SSL encrypted (except for Anandtech, of course), and I log into my work servers over SSH. That's the best way to go, but it still isn't ideal.

Really, they need to fix WEP in 802.11g. Does anyone know if they are going to do it? The whole "initialization vector" sent in the clear was a ridiculously stupid idea...
 


<< Two of my neighbors share my cable modem using 802.11b. I have not enabled WEP but changed the SSID. I am not that worried, and no one else around really knows jack about computers. >>



Yeah, but someone could be "wardriving" with NetStumbler running. I've done it at school trying to find a wireless network for a teacher once. It would have worked but the AP was off. Even with WEP on, someone could just use AirSnort and after capturing like 10million packets (couple of linux ISO's) it can crack the key in under a second.
 


<< I personally don't think turning off dhcp does much because you could test out the most popular addressing schemes in about 5 minutes and probably find out enough to get on. >>


Correct, and I'm sure you'll be testing 192.168.0.X and 192.168.1.X. But I'd advise using a wacky private class A address (10.X.X.X). Without DHCP running, you'll be wasting A LOT of time trying to figure out that IP. 😉


<< Personally, I don't mind using an unencrypted wireless net, because I don't care if people see what websites I look at. >>


Don't take it so lightly man. If someone gets into your network, they become YOU. For instance, someone wants to hack a server but they don't want it traced back to their IP. Instead of trying to plant a trojan or hack a machine to spoof an IP, they just need to tap into your network and launch an attack through YOUR IP. Now guess who they are going to come and talk to once they trace who the IP belongs to.

Enter new new era of IP spoofing.
 


<< Don't take it so lightly man. If someone gets into your network, they become YOU. For instance, someone wants to hack a server but they don't want it traced back to their IP. Instead of trying to plant a trojan or hack a machine to spoof an IP, they just need to tap into your network and launch an attack through YOUR IP. Now guess who they are going to come and talk to once they trace who the IP belongs to. >>



Agreed. It's certainly an issue. There is currently no way to prevent someone from using your 802.11 wireless lan if you have an access point set up.

But I haven't heard of a single case of anyone getting into trouble because of a spoofed 802.11 IP address. That is, it may happen, and say a D-DOS attack might get back-traced to an IP address of some poor unsuspecting 802.11 user, but I find it hard to believe that he would be held responsible (or even the person setting up the wireless AP).

Of course, at that point, you're at the mercy of your ISP... is it worth their time to hassle with you or should they just drop you?
 


<< There is currently no way to prevent someone from using your 802.11 wireless lan if you have an access point set up. >>


Not true. If you have a domain, someone can find your AP and do whatever to it, but they aren't going to get access to the domain without a valid user name and password. This will keep them from spoofing your IP (internet IP that is). If you want to get REALLY serious, have ALL wireless clients outside an internal proxy server (for your LAN only) and have them log in using a VPN connection. ALL users will be logged going through teh proxy and you can even dump the data on a server running MS Access or better yet MS SQL. If you have an AP, pretend that it is another open door (like the internet) that people can walk through. It's kind of funny that people would use all kinds of firewalls on their front end but forget about their back door. I treat my wireless connect like a back door and I make sure that thing is bolted shut 24/7.


<< Of course, at that point, you're at the mercy of your ISP... is it worth their time to hassle with you or should they just drop you? >>


Dude, if someone pretends to be you, your least of your worries is going to be your ISP. If they decide to hack into an establishment and get some "records," your ISP isn't the one who is going to be knocking at your door. 😉 Chances are that if you leave the back door to your home unlocked, nothing will happen. But I make sure that bad boy is locked and have a security system to alert me when it gets "unlocked." I treat my computer system at home the same way. 😉
 


<< If you have a domain, someone can find your AP and do whatever to it, but they aren't going to get access to the domain without a valid user name and password. >>



Sure, there are ways to protect your internet connection by blocking IP address assignment and things of that nature (running up some serious $$ in software cost in the process, something that few home users are willing to do), but you still can't prevent layer-2 access to your wireless LAN to someone completely unknown. And THAT is not something that I would be comfortable with regardless of how securely I think I've set up the rest of my systems, if I were worried about people breaking in.

It's tantamount to giving people a hacking platform...



<< If you want to get REALLY serious, have ALL wireless clients outside an internal proxy server (for your LAN only) and have them log in using a VPN connection. ALL users will be logged going through teh proxy and you can even dump the data on a server running MS Access or better yet MS SQL. >>



Okay, you've lost me here because I don't know of a way to construct VPNs without first assigning IP addresses to the wireless clients. And if you do that the normal way, you've already lost the battle... Remember, we're not trying to protect the company servers behind a firewall; we're trying to prevent unauthorized hackers from using our 802.11b LAN to access the Internet or do damage to other systems, wherever they may be.

Now, if you're talking about using VLANs for a VPN-like effect, then you might be able to use such a scheme, but now you're talking about hardware that 95% of consumers out there aren't going to buy. After all, the whole topic here is "Is 802.11b secure enough for home broadband sharing?" I know that I can't afford a VLAN-enabled switch for home!



<< your ISP isn't the one who is going to be knocking at your door. >>



No, you're quite right, the FBI will be doing that favor for you if the attack was serious enough. But what I'm saying is that you haven't done anything fundamentally wrong. It's like someone stealing your car and running over people with it: you're not to blame, even if the car was unlocked. There are NO legal precedents established putting blame on the owner of equipment that gets misused, and the FBI is completely aware of that fact. I know several lawyers that would have a field day if anyone got prosecuted for something like that!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top