Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1762
  • Last Modified:

Can my wireless network be hacked even with WPA2 encryption?

Hi,

I have a question about my wireless home network. I set it up so that it is using WPA2 encryption, a 10 digit numeric key, and security filtering by MAC address. I have not disabled SSID broadcasting.

What I want to know is easily can this setup be cracked? And if it's easy, what should I do to make it more secure so it's almost impossible to crack unless someone tries a brute force attack on the password?

Thanks!
0
aseem1234
Asked:
aseem1234
2 Solutions
 
SCCMCanuckNetwork AnalystCommented:
WPA2 Is honestly the best out there for home use. The only thing that you could do to ensure it is 100% as secure as you can possibly get it is to use EAP encryption rather than TKIP. This should be an option on the router. However you need to ensure that your clients support auto-negotiation to this form of encryption or that they can be forced to use this type of encryption. If you are using scurity filtering based on mac and not allowing rogue mac addresses to connect ot the WAP you can rest easy. Its always a good idea to disable SSID broadcasting if you are certain that any users using the wireless network know how to connect to it.

If you want a good read on wireless encryption protocols check the following:

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

LEt me know if you have any further questions :)
0
 
SCCMCanuckNetwork AnalystCommented:
Also note the following section in the article:

"Weakness in TKIP"

It talks about how the TKIP algorithm in WPA is vulnerable to a similar flaw found in WEP, albeit on a much smaller scale in terms of the size of packets that can be hacked and decrypted.
0
 
Rich RumbleSecurity SamuraiCommented:
Your fairly secure. Also note the "weakness" is for WPA+TKIP not WPA2 + TKIP. One of the best things you have going for you is the use of 802.1x (the mac filtering you talked about). It is possible to spoof ones mac address, so it's not 100%. EAP can get complex to discuss, beacuse you can use eap-tls, peap-ms-chap and using PKI to secure it... EAP relates to 802.1x, and no matter which way you choose to use EAP, it is good to use.
Now the flaw I did see was a "10 digit numeric key". 10 digits would take a long time to brute-force, but it would take much longer to bf an alpha-numeric, varying case pass phrase. Well statistically speaking that is. The genius's ate Elcomsoft figured out a better way to accomplish BF:
http://www.elcomsoft.com/news/268.html for WPA and WPA2. Then if someone was really dedicated to getting into your lan, 802.1x would be the next hurdle, but that is typically much easier than cracking the wep/wpa(2)
I don't wait for WPA2 to get weaker still, and I run a VPN over all wifi connections, so I don't have to worry about what protocol the wifi is using. Depending on your WAP, you too can have vpn configured, or make secure connections to other host's over RDP (terminal service, remote desktop), because RDP itself is an encrypted protocol.
Further reading:http://www.elcomsoft.com/help/ewsa/about_wireless_security.html
http://technet.microsoft.com/en-us/library/bb457091.aspx
Oh, and as far as broadcasting your SSID, personally I don't think it's a big deal if you take the steps to secure the wap.
-rich
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
swift0Commented:
No, they cannot crack your wireless password.

WPA2 is very strong, also with your mac address filtering (if you set it up so only the mac addresses you choose can connect) will not let anyone connect to your wireless.

May I ask why you think someone might hack your wireless? I doubt anyone would spend so much time trying to get through your security.
0
 
wirelesssguruCommented:
Yes, WPA1/2 is vulnerable to dictionary attacks and here is how. There is software aircrack-ng among others that can capture the 4 way handshake.

Once a hacker has the 4 way handshake, they can do an offline brute force attack. If you choose to use WPA1/2 PSK, just make sure you use a password that has letters numbers and symbols. Something you wont find in a dictionary and you will be fine.
0
 
wirelesssguruCommented:
also, mac address filter is a low level security posture. 802.11 frames are not encrypted. Someone with an analyzer can see the layer 2 frames. One can simply see the mac and then spoof it to their wlan nic. In fact thats how I share my wifi account at the airports with my freinds. They spoof their macs to the registered mac i have with at&t and get on the airport wireless.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now