Solved

Wireless

Posted on 2008-09-29
11
290 Views
Last Modified: 2013-12-27
HI Experts,

I've setup in my lab, the below wireless routers
Linksys wireless router WPA-PSK [network authentication] and TKIP [data encryption]
Also, another router (same model) but WEP for network authentication.

What tools (eg wireless NIC, programs) I need to be able to crack my key so I can secure it properly.

I know disabling the SSID is an excellent way of security it. Also, using certificate is another way.

appreciate any feedback
mcse2007
0
Comment
Question by:mcse2007
11 Comments
 
LVL 6

Expert Comment

by:Grizzly072000
ID: 22602452
Don't use WEP, it can be cracked within minutes.

"I know disabling the SSID is an excellent way of security it."
You're dead wrong.

"What tools (eg wireless NIC, programs) I need to be able to crack my key so I can secure it properly. "
Such tools are reserved for experts. Just get yourself a randomly generated 63-char key and change it regularly.

Setting up a Radius server would protect your network and offer control over who gets in on your network.
0
 
LVL 24

Accepted Solution

by:
DMTechGrooup earned 250 total points
ID: 22602460
Wait.. you know your key but you want to crack it?

WPA with a strong key is almost impossible to crack.

WEP can be cracked in 20 minutes.. so the moral is don't use WEP if you are affraid that it will be cracked.  SSID disable, MAC security are all worthless if you know how to crack WEP because WEP would actually be harder.

Since this is not a hackin forum, I am sure if you really want the answers google could help you.
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22602471
Don't use WEP, WPA2 is not going to be cracked, no matter what tool you choose.  Never disable SSID, it makes workign with wireless an unnecessary pain.  People cna find the SSID anyway.  Make it non-descript (Don;t make it the name of your business).
The WPA-PSK with TKIP is not too bad.  But it is only as secure as your key.  Like all passwords, the two criteria are 1) make it long (more than 8 characters) 2) Make sure it is not something from the dictionary (phrases are good "Mary had a little lamb," 3) Make it easy to remember (so people don't write it down on a sticky note on the monitor)
Grizzlies suggestion of a Radius server is good too.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22602654
These comments are all correct - I can verify that they are valid and that you will be good using the guidelines and suggestions provided in them.
0
 
LVL 6

Expert Comment

by:Grizzly072000
ID: 22602707
I'll add to it that there is no need for making a wireless key easy to remember in Windoze.

The wireless key is to be entered normally only *once*, when you establish your profile; And Windoze stores it on your machine. Anyone (almost) having access to your machine can get all the keys for all wireless profiles. It is also stored in the router and available from there.

So you might as well write it in some (hidden) text file. And you can give a copy of that file to any guest you might invite on your wireless network.

So there is no excuse not to use a 63-char key. And change it regularly!
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 8

Expert Comment

by:sstone55423
ID: 22605001
Except that everytime oyu change it, all of your wireless users have to manually change/reenter it.  If you have an office with 20 laptop users, that is a pain.  And if it is long, or complex, they will write it down.  Even if it is not that hard to get off of an unattended PC, it still is yet another vulnarability.  A short key that is in a dictionary could be cracked through brute force regardless of how good the encrption is.  Every character added to the password increases the time for the brute force attempt exponentially.  "Mary had a little lamb," would fail a dictionary lookup attack, and would take a brute force attack by even a supercomputer a thousand years to break.  If you make it "Q234*duH%%p" someone will write it down on and slap it on their monitor. (and complain every time they have to re-enter it).
0
 
LVL 6

Expert Comment

by:Grizzly072000
ID: 22605370
But if I make it  &c?_dXpWnQr,s2[2ti$.2M9+XTl2Kr?ki8^,mG(s7gH_W6_MS[6BMfH18%)U:zh  many won't even try to write it down since they'll quickly realise that it will be quicker for them to copy&paste it from some file I distribute through the network.
Again, such key is to keep outsiders out, not insiders. All wireless keys can be pulled out from Windows very easily once you have access to a machine.
0
 
LVL 6

Expert Comment

by:Grizzly072000
ID: 22605383
And yes, sure, my users hate me. That's why I'm paid for ;-)
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22611306
Laptops go outside the network all of the time, and are the primary (usually exclusive) users of wireless.  Having the key in a file on the desktop, or in email can expose the key, and then let someone with another laptop access whenever they want -- until you change the key.   Most environments never change their wireless key, or change it very infrequently.
0
 
LVL 6

Expert Comment

by:Grizzly072000
ID: 22611353
You did not get it. All wireless keys ever used by Windoze on a machine can be retrieved in a snap.
0
 
LVL 8

Expert Comment

by:sstone55423
ID: 22614475
Okay, so we both agree that you can get the keys if you have access (the people who know how to do that. -- WirelessKeyView)  And we agree that access to the laptop itself is the main vulnerability.  So, if we aren't going to stop a determined hacker, our goal should be to stop brute force attacks from outside, and stop lower skilled people who can't use the determined hacker approach (the kind of people known as script kiddies) or casual office workers looking over your shoulder.  That means we want to use keys that the user can remember in their head, and not write down.  
You point out yourself that a long incomprehensible key is of no added value, as a determined hacker can get that anyway.  Also, where I come from, elegence in security is in reducing risk, while maintaining, or increasing usability for the user.  A major decrease in ease of use for the user, for a very small reduction in risk is not a good tradeoff.
Also, my suggestions regarding passwords were general, and not exclusively for wireless security.
 
We can both agree that changing the wireless key periodically makes good sense.  For a network admin, finding a balance between reducing risk by changing it often, and ease of use for the user by never chaning it is a judgment call.  A key change once a day is dysfunctional.  A key change one a year is too isecure.  Depending on the nature of the given business, and the potential cost of losing data can determine what is right for a given business.  For some businesses once a week may be prudent, and for other businesses 90-120 days may be ideal.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Join & Write a Comment

In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now