Most modern wireless routers have various encryption methods using variants of WEP and WPA encryption toprotect people hacking into your home network or stealing your wireless signal.
The IT consultant for our office does not trust wireless, and has all kinds of dire warnings about the WPA encryption on a wireless router being hacked by bad guys. I think he is full of crap and that getting into a wireless network using some variant of WPA encryption is not a trivial thing to do, and that it should be perfectly safe from hackers, even technically astute ones, hopping around looking for a free wireless signal or some network to hack. If a black NSA van pulls into a nearby parking lot I might re-think that position, but for 99.999% of any hackers without without physical access to the interior office hardware it’s pretty much impregnable.
Is he right or is the vulnerability of wireless networks with WPA encryption being vastly over dramatized?
Assuming that is accurate your consultant is crying wolf about equipment mostly found in landfills and clueless consumer’s houses, not in real tech businesses.
A vulnerability for WPA using TKIP was released recently from japanese researchers. So thats cracked. That leaves you WPA using AES, which sounds secure, but who knows. There could be an issue with the implementation.
Most security conscious places do something like put the wireless gateway outside the firewall and have users use vpn to get onto the corporate lan. VPN technologies like Ipsec have a lot more thought and testing to them than what the wireless consortium punches out.
Youd also use WPA+AES in that scenario just for internet or just to keep out snoopers. Of course you should have a long and complex pass-phrase as dictionary attacks are using in wpa all the time.
Id argue your consultant is right. We keep seeing these encryption schemes cracked over and over. Wireless WPA/WPA2 + VPN is really the only responsible way to do this.
This is true if you keep current on the latest vulnerabilities. Case in point: CSS, the encryption used on DVDs, is in hugely widespread use and is completely and utterly broken. It offers no hint of security at this point. It can’t be changed, though, without relegating all current DVD players (hardware and software) to immediate obsolescence.
I have a related question. Why is there no off-the-shelf way to have a wireless network that is accessible to all (anybody can connect) but secure in the sense that it is encrypted. I understand that the “pass phrase” serves as an ecryption key, but what about a public key encryption scheme. Does the authentication problem make such encryption worthless?
Why bother complicating the router will all these crazy options? If you want this then run an ssh tunnel to a web proxy or a vpn or whatever. The wifi consortium tries to keep this simple and encrypted but open is an edge case.
Well, to take one example, the municipality where I live provides free wireless in certain parts of downtown. It’s open, naturally. Unfortunately, as a consequence, it’s unencrypted. It’s not clear to me how you’re suggesting remedying this. I’m also not sure why you’re calling this an “edge case”; open access is common and convenient, but nobody who uses it wants eavesdropping to be trivially easy.
Is there a distinction between a secure network as in only authorized users can access the Internet and a secure network as in no one else can intercept/read your transmissions?
That is, it’s one thing to try and keep someone from using my wireless connection, stealing my bandwidth, and downloading songs traceable back to me. It’s another thing to be sitting in a hotspot and *safely *enter my name/password on a secure site. Is either possible? Neither? All those people using Starbucks and other wi-fi spots, are they (if they’re mildly tech savvy) just surfing nominal sites and not checking email, logging in anywhere, etc.?
Not typically. Most WiFi protocols implement authentication and encryption together; I think WEP can be run in encryption-only (meaning no authentication) mode, but I’m not sure about that. For the most part you either get both or neither – this is the unfortunate situation that Uncertain was referring to.
No, most people at Starbucks probably don’t know any better or simply don’t care. Secure sites (HTTPS) will remain secure regardless of your wireless setup because HTTPS uses its own security scheme, much the way VPNs do, but most webmail providers, etc. don’t bother with this. Too bad, really, but on the other hand it hasn’t seemed to cause an explosive public outrage or anything. Most people’s Facebook accounts or SDMB logins just aren’t that interesting to others, I take it.
Yup, here’s an Article from tgdaily about a cookiejacking method. It should be noted they can’t get your password from this, but they can get unfettered access to your email for up to a few days. I think HTTPS still protects this (the only webmail I know of that allows you to force this is Gmail, it’s under settings), but I wouldn’t be surprised if there were nastier methods that account for HTTPS. Of course, there are also programs you can install to bump up the security another level, but as always with security it’s just a matter of the hacker’s knowledge and how far they’re willing to escalate. Well… unless you’re using a series of One Time Pads or something I guess.
Oops, sorry, I misread your question the first time.
The first thing you’re talking about is access control, as in who gets to go online and who doesn’t. The second thing is the safety of your communications once you’re connected.
What I said in my last post is true, but it’s a bit more nuanced than that. Let me try to clarify:
You can control who gets to go where without preventing eavesdropping. Starbucks does this with their special login page, for example. Their hotspot itself is unsecured, but you have to login with your Starbucks/AT&T account on a webpage before you can go online.
However, your traffic can still be seen by anyone else in the vicinity with a packet sniffer because it’s sent over the air unencrypted.
Preventing eavesdropping is more difficult, even on secure networks. I THINK – but I’m not sure about this, so please correct me if I’m wrong – that all users on a WEP/WPA/WPA2 network share the same encryption key, so they can still eavesdrop on each other’s traffic (but they will be protected against strangers altogether unconnected to their hotspot).
This means that logging into insecure websites like the Dope can be risky even on a secured wireless connection. But, again, I’m not sure about this and I hope somebody will chime in to either confirm or deny it.
On the other hand, secure website technologies (HTTPS) function independently of your wireless security and do not rely on hotspot encryption. Your online banking site should be secure even if you’re on a wide-open WiFi hotspot. This is accomplished through public key cryptography.
Well, I wouldn’t be surprised either, but it’d certainly be a Big Deal. That would mean internet banking, trading, corporate communications, etc. are all vulnerable.
I do not think any such weakness has been publicly announced yet. But of course, it’s entirely possible somebody found a weakness and is secretly exploiting it for their own nefarious ends.
It is an edge case. I dont think you understand networking well enough to see the problem here. Let me explain.
Lets say we have two computers here. Computer 1 and 2. Lets say we’ve implemented wireless encryption but not authentication. Both these machines are using AES with two different keys.
Now they are essentially two machines plugged into a switch. Someone who is not connected to that router cannot read the packets because of encryption. Computer 3 is the hacker’s computer and he wants to read those packets. He just joins your open network and runs wireshark or ettercap. He now has everyones unencrypted packets.
See? Once you are a member of that ethernet group, you can sniff the traffic because its plaintext once it reaches the ethernet interface you are all sharing. So there’s really no good case here to encrypt the air interface but to let anyone onto the router, as any router member can run a sniffer, arp poisoning, etc.
Now look at this scenario with application level encryption like HTTPS or VPN or SSH or whatever. The hacker gets all your packets, but they are useless to him.
I believe there are a few weaknesses, but nothing a well-informed user can’t avoid. One, a clueless user can always click “yes, accept the highly dodgy and completely invalid certificate” if their connection is highjacked. Most modern browsers throw up lots of big scary warnings to deter even the most willfully clueless.
Two, if a user goes to their bank website by typing (for example) [noparse]http://www.myrandombank.com[/noparse], the site will normally redirect them to secure https[noparse]://www.myrandombank.com[/noparse]. But an attacker can exploit that redirect from the unsecure site for a man in the middle attack.
The upshot with all this appears to be that if you are using WPA or WPA2 with AES (as we are) you are currently secure from outside attacks penetrating your network via the wireless access, and that claims to the contrary are chicken little grandstanding.