Common concerns about wireless LAN security
I received a letter from one of my readers named Peter. Peter asks some good questions about wireless LAN security and wonders if I can answer some of his questions. Since these were all common questions that I hear all the time, I thought I would share with you my responses.
Peter:
If you are a home user in a residential rather than a apartment or college complex do you believe you can get away with any form of WEP considering the short range of the actual network. Or to put it another way; Its one thing for somebody in an apt building to crack all the WEP keys around them without moving from the spot, its quite another for somebody wandering in a neighborhood with equipment looking for a network to crack. The least of nosey neighbors will spot such a person pretty quick. Or am I just doing wishful thinking?
Answer:
It's wishful thinking. You usually can't spot a Wi-Fi hacker since wireless hacking can usually be done passively. Sometimes the hacking is done actively but it takes vigilance, software, and location tracking capability to be able to track an active attack. A hacker can passively spend 20 minutes collecting all WEP traffic from nearby neighborhoods from a single laptop. After that, he can crack all of the busy networks. Then the hacker can crack the non-busy networks by targeted active attacks using packet injection techniques. Remember, hackers love a challenge especially if they can pull it off in less than 10 minutes which all WEP networks will succumb to.
Peter:
It is my personal opinion that any code made can eventually be cracked if somebody puts their mind to it. Would you say that even the current advanced systems that you now recommend would have to be swapped out or upgraded every few year to assure their security?
Answer:
Wrong, there is no known entity that can crack 3DES or AES encryption. Check my blog out about cryptography. Good encryption and authentication algorithms are usually good for decades. Just look at DES and SSL for example. If you implement the best practice recommendations on using WPA-PSK with TKIP encryption for the home, and a minimum of PEAP authentication with WPA TKIP encryption for businesses, you will probably be good for at least a year or more. Once you swap TKIP encryption out with AES encryption, it will last many times longer. You will note that AES has a superb pedigree while TKIP is considered a temporary Band-Aid. It's true that there will be some maintenance on any computer system you implement and wireless LANs are no different. It's not only wrong to categorize all wireless LANs as breakable, but it's dangerous because it tends to lead people to just throw up their hands and say "why bother with it" and stick with their old broken schemes. There is a massive difference between being secure and doing a little maintenance once every few years to being wide open by default when using WEP or any of these myths on wireless LAN security.
Peter:
Is it possible to purchase a device designed with a very limited range on purpose (say 10 yards) so that a person in a residential home could basically operate without fear of anybody not directly outside the door?
Answer:
See my myths on wireless LAN security under "antenna placement" and power reduction. A good rule of thumb is that if you can see it from 10 feet away using your off-the-shelf omni directional antenna, the hacker can see it from 1000 feet using his high-powered directional antenna. Any kind of signal suppression technique hurts you a lot more than the hacker so don't even try it.
Peter:
Is it fair to say that the professional hacker is like the professional car thief, if he wants into your wireless system he is going to get in so the best you can do is to put up some security (even WEP) to keep out the casual lazy browser.
Answer:
Read this blog on simple recommendations for the home. If you follow the advice, a determined hacker cannot break in wirelessly. It would be infinitely easier for them to physically break in to your home and plug in to your network. In this case, wireless security is better than wired security which makes fear of a wireless hacker moot. Securing your car is very expensive and ineffective, securing your wireless LAN is simple and cheap.
Peter:
Say I have a 4 port linksys wireless router. If I configure it for only 4 IPs say 100-105 (with 100 being the router itself) when I have only 4 machines will that cancel out the issue since the person grabbing the code will not have the free IP to connect or is there software that will mask that too.
Answer:
See my myths on wireless LAN security again under the DHCP section. It takes less than a minute to figure out your IP scheme and then manually assign a static IP. It doesn't matter what your DHCP scope is. The subnet supports 250 plus hosts. Even if you used a micro-subnet like 192.168.1.0 to 192.168.1.7 using a special subnet mask of 255.255.255.248 which only allows you to use host IPs 2 through 6, and you had 5 active machines on your network using all 5 IP addresses, I can easily use an existing IP address even if it conflicts with an existing IP. At the very least, I can passively listen in on all of your unencrypted traffic if I don't steal one of your IP addresses.
Peter:
What is the hacker profile? To what degree should the regular non business Joe be afraid that he will be the target, or is that unlikely unless he lives next to a college where this stuff is done and the best software for it available?
Answer:
Wireless hacking is done for the same reasons other hacking is done. Some of the examples are, spam platform, hacking platform to attack other networks, information theft, bandwidth theft, and even just plain fun. Some of these can even bring you a visit from the FBI with accompanying handcuffs. I hope you have a good alibi when the Feds come cracking down on you for cyber terrorism.
Peter:
If systems using wireless are not using file sharing between system would the breaking in of the network just be a question of stealing an Internet connection?
Answer:
See answer #6 for other examples. Additionally, just because you're not running file shares doesn't mean I can't attack you once I break in to your wireless LAN. In fact, the vast majority of internal networks are open season for hackers. It's like the soft underbelly of the beast and is ripe for the picking regardless of the presence of file shares.
Peter, many people who have implemented my recommendations are really happy they did it and they realized that a secure wireless LAN for the home was relatively simple after they downloaded some software and firmware updates. It's a little harder for the enterprise because of the additional PEAP (EAP-TLS or EAP-TTLS are good alternatives) requirements which require a RADIUS server and some level of PKI deployment. However, even the challenges for the Enterprise can be conquered with the right knowledge.