Exploiting and Protecting 802.11b Networks

iforgotmyfirstlogon writes: "A couple of guys from Extreme Tech drove around New York, New Jersey, Boston, and Silicon Valley with a high gain antenna to see how many (secure and) unsecure wireless networks they could tap into. They used NetStumbler and Linux AirSnort to help them search. Results? They came across over 800 networks and less than 40% had any sort of security."

802.11b Insecurities

[pryan]

It takes less than 1000 packets to crack the cryptographic protocols in 802.11b WEP, regardless of key strength. Even those 802.11b networks with so-called security probably aren't very secure against someone casing the network. Use a higher-level protocol such as Kerberos or IPSec on top of the WEP.

So put it outside the firewall.

[Ungrounded Lightning]

WEP is not the answer. Tunneled SL, or some sort of VPN end to end security is the only way to protect your connect.

Hear hear.

So the thing to do is to put the wireless LAN port on the logical OUTSIDE of your firewall and let the laptops all tunnel in through it. Your firewall can also filter connections between the WLAN and your net feed.

For the open net your users can also encrypted-tunnel to the tunnel server and go out from there, to avoid eavesdroppers. With this configuration there's no reason to bother with WEP.

Go ahead and route packets between the net and the wireless port if you're feeling altruistic, or restrict WLAN connections to the tunnel server(s) if you're not.

Re:Any How-to Doc on how to secure your wireless L

[indiigo]

read the article:
http://www.extremetech.com/article/0,3396,apn%25 3D 7%2526s%253D1024%2526a%253D13880%2526app%253D5%252 6ap%253D6,00.asp

There are no Secure 802.11 networks...

[Black Art]

Not when you can crack all of them with AirSnort.

All it takes is time and traffic.

Of course, it still amazes me that so few had even the most basic levels of security installed.

Then again, most of the managers I have worked for seem to think that if you take steps to protect yourself, you become liable if you get hacked. (Yes, I know that makes no sense. Never stopped them...)

There's already a solution -- 802.1x

[Anonymous Coward]

What always amazes me about these daily stories on the "insecurities" of 802.11b is that not a single person mentions that IEEE already has a solution -- 802.1x.

Using 802.1x, a computer/user must authenticate to the access point through standard RADIUS/EAP mechanisms (e.g., smart card, certificate, MD5-based challenge response, etc.). If you are unable to authenticate, the access point (or wired Ethernet switch, for that matter -- this isn't 802.11b specific) will refuse to forward any of your packets to the network.

There are also provisions in 802.1x to have the access point authenticate to the client, in order to prevent man-in-the-middle attacks, among other things.

Furthermore, 802.1x provides means to give each user a different WEP key, and to cycle those keys at various intervals. This greatly reduces the exploitability of the cryptographic flaws in WEP. (These flaws should still be addressed, though.)

Finally, 802.1x is already available today, in Windows XP.