Wi-Fi Security

Wi-Fi SecurityWi-Fi Security

January 21, 2008

by

Larry Finger


Most laptops now come with built-in wireless capability, which can be very handy; however, always remember that the device is a radio. Whatever it broadcasts can be seen by any receiver tuned to that channel.

This presentation will cover how to protect your own (private) network, and how to protect yourself when you use a public network.


A “typical” home network

Wi-Fi SecurityWi-Fi SecurityWhy Secure the home network (part 1)

Protect your informationUsing a program called wireshark, I captured data from the tengointernet wifi. One of the messages contained the following:

href="/prize/prize-rules.jsp" target="_top">Prize Rules</a>';.prizes[2]='<a href="/prize/prize-winners.jsp " target="_top">

This gobbledygook is HTML, the language of web pages. These data contain no secrets; however, the parts I didn't show could be used to determine what sites you visit, etc.

Note: Wireshark does not work with Windows.


Things are not quite as bad as the previous slide would suggest.

When really sensitive information such as bank account numbers, log-in names, and passwords are transmitted, and you are using an “https” site, the data are already encrypted, and are usually safe. I'll cover the exception later.


Why secure the home network (part 2)

Keep strangers from using your Internet connection

You may have excess capacity, and sharing may not hurt, but what happens if the unwanted guest is downloading kiddie porn? The Internet record will point to YOUR connection!!! To my knowledge, no one has been prosecuted for this; however, why take a chance?

Wi-Fi SecurityWi-Fi SecurityHow do you encrypt your Access Point? There

are several flavors of encryption: WEP – Wired Equivalency Protocol WPA – Wi-Fi Protected Access WPA Personal (TKIP - Temporal Key Integrity Protocol

or AES - Advanced Encryption Standard) WPA2 Personal (TKIP or TKIP + AES) RADIUS – Remote Authentication Dial In User Service –

needs separate server - mostly for companies (highly secure)

WPA Enterprise – needs RADIUS server WPA2 Enterprise – needs RADIUS server

Wi-Fi SecurityWi-Fi SecurityWEP – Use only if it is the only encryption

available!!!

The designers did it badly. Even with the 128-bit version, the encryption can be broken in as little as 5 minutes!

Be aware that the conversion of a WEP passphrase into a hexadecimal string is not unique and the key used by your AP may not match that of the computer!! Put a passphrase into the AP, but copy the string for later usage.


WPA2 Personal – The best available encryption for the home network. Use this one if it is available.

WPA Personal – This method is less secure than WPA2, but is designed to work with equipment originally designed for WEP.

Unlike WEP, the WPA methods can only be cracked by dictionary attack. If the passphrase is 20 characters or more, cracking is essentially impossible. Use a strange combination of upper/lower case and special characters and/or numbers. My phrase is 28 characters, and includes special characters. WPA and WPA2 passphrase conversion is unique.


How do you set the encryption method?

The answer depends on the maker of your AP. For the Linksys models, you connect via a wired connection and point your browser to

192.168.1.1

This address is the default value for these routers. I'll show later how to determine these “magic” numbers.

Wi-Fi SecurityWi-Fi SecurityYou will be presented with this window.

No “User Name” is required. Note: If you have not already changed the default password, do

so now!

Wi-Fi SecurityWi-Fi SecurityAfter logging into the router, select the

“Wireless” and “Wireless Security” tabs, and pull down “Security” to get


To set up your AP for WPA2 with TKIP + AES, you would select

Wi-Fi SecurityWi-Fi SecurityThis slide shows the way to generate the WEP

key from a passphrase. Only the “Default” key will be needed

Wi-Fi SecurityWi-Fi SecurityIf you have a different make of access point,

the process may differ, but in general, you still will have to contact the IP address of the AP, log in, and select the encryption method

and passphrase.

To find the IP address that is needed, select “start/run”, put “cmd.exe” in the box, and click

“Ok”. In the window that pops up, type “ipconfig /all”. The address listed as the

“Default gateway” for the wired interface is what you need..

Wi-Fi SecurityWi-Fi SecurityI have now described what you do to secure your private network, but what can you do if

you are using a public network such as found in RV parks, libraries, motels, and coffee

shops?

The solution is a Virtual Private Network or VPN. Unless your employer has a VPN server, these are not free. The one I use

costs $40/year.

Note: VPN's will also work with wired connections.


A VPN is a network “tunnel” between your computer and the VPN server. With the tunnel, ALL transmitted data are encrypted before leaving your computer and is not decrypted until it reaches your VPN server, which sends your data on to the final target. Of course, if you are using https, there is an additional level of encryption.

Wi-Fi SecurityWi-Fi SecurityThere are three flavors of VPN's: PPTP – Point to Point Transfer Protocol

This method is easiest to implement, but relies on a password that is entered when you connect. It also uses a less-secure encryption than the other two.

SSL – Secure Sockets Library

This method uses a certificate, which was generated by the VPN provider, to authenticate the client. No password need be entered. Both the openvpn and ipsec programs use this method.

IPSec – Internet Protocol SECurity

This method is very secure; however, it requires modification to the operating system. Thus, it is harder to implement.


Besides encryption, VPN has other benefits: Access “blocked” sites Use blocked servers and services Eliminate “Man-in-the-Middle” attacks


References

Detailed description of encryption methods:

en.wikipedia.org

The commercial VPN provider that I use:

www.witopia.net


I will now show you the steps needed to create a PPTP VPN on Windows.

Date post:	01-Jan-2016
Category:	Documents
Upload:	shea-rowland
View:	19 times
Download:	2 times

Wi-Fi Security

Documents