No wonder wireless struggles to take off!

strauchr

I was just watching this show on BBC 3 called The Real Hustle.

They had this so called 'IT Security Consultant' on it and he says:

"I would never use wireless for any transactions over the internet.

I mean come on, maybe a public open wireless internet connection, but not any. What about secure ones?

He just makes it sound so insecure to general public, what an idiot.

eurotrash

i don't like wireless. i feel it isn't under my control as much as wires.

keatron

Just keep in mind that most of the biggest and most costly hacks in history had nothing to do with wireless.

wildfire

i don't like wireless. i feel it isn't under my control as much as wires

Trust me coming from a military background in telecoms u dont need to be at the wire to pickup whats going on, emf does that for you, or even better your monitor.

Wireless has been slow on the uptake for a number of reason, Im pro wireless myself, however if it isnt implemented properly it is a great big security hole!

Programs like ehtereal and kismet and be used to capture data very easily trust me, I thought id try to break my own wireless network, a laptop a card linux and a few free programs and Im in through wep after about 45 mins

Even with WPA PSK sniffing is possible and decypthering, the only decent way is by implementing WPA2 with a Radius server or a VPN Sec tunnel.

You average joe is gonna read what Ive just written and think HUH? what? most people at home want to plug and go.

As for business like you say there are too many scare stories out there, and without the proper skills and people to implement them they may aswell post their information on a notive board.

With up and coming technologies such as Wimix (802.16) offering much higher data rates and better inherent security I think we will see an increased uptake, especially in the mobile world we now live on.

Now Ive distracted myself from study for too long back to the books


PS whats a MOS master??

Webmaster

The sheer increase of knowledge of wireless networks and wireless network security I've seen in these forums of the past several years alone shows wireless will remain on the uprise and I'm sure it will eventually start getting a better rep in terms of security. Eventually every IT pro involved with networks will have to learn the technology.

Here's another recent topic partly on the same subject:
www.techexams.net/forums/viewtopic.php?t=13482

wildfire

The sheer increase of knowledge of wireless networks and wireless network security I've seen in these forums of the past several years alone shows wireless will remain on the uprise and I'm sure it will eventually start getting a better rep in terms of security. Eventually every IT pro involved with networks will have to learn the technology.

Agreed, Wireless is getting bigger at an exponential rate (man I can't spell)

And hopefully new up and coming technologies will make it the de facto for home connectivity and enterprise remote connectivity.

Thanks for the link to the other topic intresting read, air on the side of caution though when "playing"

heres a story I read a few months back and saved

http://www.engadget.com/2005/07/22/u-k-man-arrested-fined-for-using-open-wifi-signal/

mobri09

Especially with the free open source tools! Anybody can easily donwload and compromise a network or computer with them . Nothing will ever be secure, wired or wirless. If its not an attack on the outside its an attack from a corrupt employee on the inside.

JDMurray

wildfire wrote:

Even with WPA PSK sniffing is possible and decypthering, the only decent way is by implementing WPA2 with a Radius server or a VPN Sec tunnel.

Try using a WPA-PSK passphrase composed of 63 random characters and a key rotation interval of 120 minutes. And change the passphrase every 30, 60, or 90 days depending upon the amount of traffic carried by the WLAN.

If you look at all the WPA cracking tools out there, you'll see that most perform a simple dictionary attack against the passphrase in the hopes that it is easily discoverable, which a very random passphrase is not. The brute force WPA crackers are thwarted by a very long passphrase and a very short key rotation interval.

JDMurray

mobri09 wrote:

If its not an attack on the outside its an attack from a corrupt employee on the inside.

More than 70% of all computer security intrusion incidents come from insiders--either through direct, internal intrusions, or by "insiders" supplying information to external intruders.

keatron

wildfire wrote:

PS whats a MOS master??

Just another certification Microsoft gives you if you pass the Word Expert, Excel Expert, Access, and Powerpoint exams. I had to teach those classes to a big client last year and I figured it would only help my credibiltiy with them. Not technical at all.

Wildfire, you should read my post in the security forums "Simple Wireless security lab" I talk briefly about cracking WEP there. I plan on hitting WPA soon. After posting that, I went back and did it all again using Backtrack (it's a combination of the popular pentesting linux live bootable cd distros whax and auditor). I must say it was even faster using no more than that cd, didn't have to download anything. It took me just under 15 minutes. However, give me Nmap, a poorly protected Windows box and Metasploit and I can do much more damage in a shorter period of time. And it doesn't matter how far away it is, unlike a wireless exploit.

wildfire

Just another certification Microsoft gives you if you pass the Word Expert, Excel Expert, Access, and Powerpoint exams. I had to teach those classes to a big client last year and I figured it would only help my credibiltiy with them. Not technical at all.

Ah ok I know now, have got MOS (just the normal one) but hadnt heard of master.

I personally attempted a WPA crack myself using a dictionery attack, I used a simple dictionery attack and 8 hours later was still collating data, ah well, its doable I spose just couldnt do it and I gave up.

Heres a video I found about 6 months back which makes it look all so easy! well it isnt lol!!

http://www.crimemachine.com/Tuts/Flash/WPA.html

Its worth remebering that this type of attack is active and Will be spotted!

Whereas as tools like airopeek and Kismet are passive only

RussS

Me - I'm thinking that if there are many more waves floating around I am gonna start glowing in the dark

strauchr

Yeah but how is HTTPS sessions less secure over wireless than wired is my point? And a statement by a so called IT Securty Professional that annoys me.

JDMurray

strauchr wrote:

Yeah but how is HTTPS sessions less secure over wireless than wired is my point?

Any communication transmitted over a wireless link is technically "less secure" because it is more easily interceptable than on a wire or cable. This does not mean the protocol itself is any more vulnerable, but the packets themselves certainly are.

JDMurray

wildfire wrote:

Heres a video I found about 6 months back which makes it look all so easy! well it isnt lol!!

http://www.crimemachine.com/Tuts/Flash/WPA.html

Let me point out that the "attack" in this tutorial was only successful because the key was very easy to crack (key=1234567. Had the key been 63 random characters, and a very short key rotation period used, it would not have been successfully cracked.