Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Can my wireless network be hacked even with WPA2 encryption?

Posted on 2009-04-03
6
Medium Priority
?
1,724 Views
Last Modified: 2012-05-06
Hi,

I have a question about my wireless home network. I set it up so that it is using WPA2 encryption, a 10 digit numeric key, and security filtering by MAC address. I have not disabled SSID broadcasting.

What I want to know is easily can this setup be cracked? And if it's easy, what should I do to make it more secure so it's almost impossible to crack unless someone tries a brute force attack on the password?

Thanks!
0
Comment
Question by:aseem1234
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Assisted Solution

by:SCCMCanuck
SCCMCanuck earned 800 total points
ID: 24062726
WPA2 Is honestly the best out there for home use. The only thing that you could do to ensure it is 100% as secure as you can possibly get it is to use EAP encryption rather than TKIP. This should be an option on the router. However you need to ensure that your clients support auto-negotiation to this form of encryption or that they can be forced to use this type of encryption. If you are using scurity filtering based on mac and not allowing rogue mac addresses to connect ot the WAP you can rest easy. Its always a good idea to disable SSID broadcasting if you are certain that any users using the wireless network know how to connect to it.

If you want a good read on wireless encryption protocols check the following:

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

LEt me know if you have any further questions :)
0
 
LVL 9

Expert Comment

by:SCCMCanuck
ID: 24062779
Also note the following section in the article:

"Weakness in TKIP"

It talks about how the TKIP algorithm in WPA is vulnerable to a similar flaw found in WEP, albeit on a much smaller scale in terms of the size of packets that can be hacked and decrypted.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1200 total points
ID: 24065884
Your fairly secure. Also note the "weakness" is for WPA+TKIP not WPA2 + TKIP. One of the best things you have going for you is the use of 802.1x (the mac filtering you talked about). It is possible to spoof ones mac address, so it's not 100%. EAP can get complex to discuss, beacuse you can use eap-tls, peap-ms-chap and using PKI to secure it... EAP relates to 802.1x, and no matter which way you choose to use EAP, it is good to use.
Now the flaw I did see was a "10 digit numeric key". 10 digits would take a long time to brute-force, but it would take much longer to bf an alpha-numeric, varying case pass phrase. Well statistically speaking that is. The genius's ate Elcomsoft figured out a better way to accomplish BF:
http://www.elcomsoft.com/news/268.html for WPA and WPA2. Then if someone was really dedicated to getting into your lan, 802.1x would be the next hurdle, but that is typically much easier than cracking the wep/wpa(2)
I don't wait for WPA2 to get weaker still, and I run a VPN over all wifi connections, so I don't have to worry about what protocol the wifi is using. Depending on your WAP, you too can have vpn configured, or make secure connections to other host's over RDP (terminal service, remote desktop), because RDP itself is an encrypted protocol.
Further reading:http://www.elcomsoft.com/help/ewsa/about_wireless_security.html
http://technet.microsoft.com/en-us/library/bb457091.aspx
Oh, and as far as broadcasting your SSID, personally I don't think it's a big deal if you take the steps to secure the wap.
-rich
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:swift0
ID: 24068910
No, they cannot crack your wireless password.

WPA2 is very strong, also with your mac address filtering (if you set it up so only the mac addresses you choose can connect) will not let anyone connect to your wireless.

May I ask why you think someone might hack your wireless? I doubt anyone would spend so much time trying to get through your security.
0
 

Expert Comment

by:wirelesssguru
ID: 24776210
Yes, WPA1/2 is vulnerable to dictionary attacks and here is how. There is software aircrack-ng among others that can capture the 4 way handshake.

Once a hacker has the 4 way handshake, they can do an offline brute force attack. If you choose to use WPA1/2 PSK, just make sure you use a password that has letters numbers and symbols. Something you wont find in a dictionary and you will be fine.
0
 

Expert Comment

by:wirelesssguru
ID: 24776222
also, mac address filter is a low level security posture. 802.11 frames are not encrypted. Someone with an analyzer can see the layer 2 frames. One can simply see the mac and then spoof it to their wlan nic. In fact thats how I share my wifi account at the airports with my freinds. They spoof their macs to the registered mac i have with at&t and get on the airport wireless.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question