Solved

Can my wireless network be hacked even with WPA2 encryption?

Posted on 2009-04-03
6
1,636 Views
Last Modified: 2012-05-06
Hi,

I have a question about my wireless home network. I set it up so that it is using WPA2 encryption, a 10 digit numeric key, and security filtering by MAC address. I have not disabled SSID broadcasting.

What I want to know is easily can this setup be cracked? And if it's easy, what should I do to make it more secure so it's almost impossible to crack unless someone tries a brute force attack on the password?

Thanks!
0
Comment
Question by:aseem1234
6 Comments
 
LVL 8

Assisted Solution

by:SCCMCanuck
SCCMCanuck earned 200 total points
ID: 24062726
WPA2 Is honestly the best out there for home use. The only thing that you could do to ensure it is 100% as secure as you can possibly get it is to use EAP encryption rather than TKIP. This should be an option on the router. However you need to ensure that your clients support auto-negotiation to this form of encryption or that they can be forced to use this type of encryption. If you are using scurity filtering based on mac and not allowing rogue mac addresses to connect ot the WAP you can rest easy. Its always a good idea to disable SSID broadcasting if you are certain that any users using the wireless network know how to connect to it.

If you want a good read on wireless encryption protocols check the following:

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

LEt me know if you have any further questions :)
0
 
LVL 8

Expert Comment

by:SCCMCanuck
ID: 24062779
Also note the following section in the article:

"Weakness in TKIP"

It talks about how the TKIP algorithm in WPA is vulnerable to a similar flaw found in WEP, albeit on a much smaller scale in terms of the size of packets that can be hacked and decrypted.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 300 total points
ID: 24065884
Your fairly secure. Also note the "weakness" is for WPA+TKIP not WPA2 + TKIP. One of the best things you have going for you is the use of 802.1x (the mac filtering you talked about). It is possible to spoof ones mac address, so it's not 100%. EAP can get complex to discuss, beacuse you can use eap-tls, peap-ms-chap and using PKI to secure it... EAP relates to 802.1x, and no matter which way you choose to use EAP, it is good to use.
Now the flaw I did see was a "10 digit numeric key". 10 digits would take a long time to brute-force, but it would take much longer to bf an alpha-numeric, varying case pass phrase. Well statistically speaking that is. The genius's ate Elcomsoft figured out a better way to accomplish BF:
http://www.elcomsoft.com/news/268.html for WPA and WPA2. Then if someone was really dedicated to getting into your lan, 802.1x would be the next hurdle, but that is typically much easier than cracking the wep/wpa(2)
I don't wait for WPA2 to get weaker still, and I run a VPN over all wifi connections, so I don't have to worry about what protocol the wifi is using. Depending on your WAP, you too can have vpn configured, or make secure connections to other host's over RDP (terminal service, remote desktop), because RDP itself is an encrypted protocol.
Further reading:http://www.elcomsoft.com/help/ewsa/about_wireless_security.html
http://technet.microsoft.com/en-us/library/bb457091.aspx
Oh, and as far as broadcasting your SSID, personally I don't think it's a big deal if you take the steps to secure the wap.
-rich
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Expert Comment

by:swift0
ID: 24068910
No, they cannot crack your wireless password.

WPA2 is very strong, also with your mac address filtering (if you set it up so only the mac addresses you choose can connect) will not let anyone connect to your wireless.

May I ask why you think someone might hack your wireless? I doubt anyone would spend so much time trying to get through your security.
0
 

Expert Comment

by:wirelesssguru
ID: 24776210
Yes, WPA1/2 is vulnerable to dictionary attacks and here is how. There is software aircrack-ng among others that can capture the 4 way handshake.

Once a hacker has the 4 way handshake, they can do an offline brute force attack. If you choose to use WPA1/2 PSK, just make sure you use a password that has letters numbers and symbols. Something you wont find in a dictionary and you will be fine.
0
 

Expert Comment

by:wirelesssguru
ID: 24776222
also, mac address filter is a low level security posture. 802.11 frames are not encrypted. Someone with an analyzer can see the layer 2 frames. One can simply see the mac and then spoof it to their wlan nic. In fact thats how I share my wifi account at the airports with my freinds. They spoof their macs to the registered mac i have with at&t and get on the airport wireless.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to generate a csr to request an intermediate ca on os x 3 34
Cisco Access point 6 89
Printer Functions erratically 5 60
No Wireless Networks Visible In Windows 10 7 52
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question