mc87
asked on
What is currently the strongest wireless network security
What is currently the strongest wireless network security
&
Can it be broken?
&
Can it be broken?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It's not likely to be broken, if you use a long passkey.
have a look at this article, there were some claims, it could be done ina shorter time!
http://www.eastmobiles.com/index.php?option=com_content&view=article&catid=27:wi-fi&id=106:wpa2-key-hack-nvidia
http://www.eastmobiles.com/index.php?option=com_content&view=article&catid=27:wi-fi&id=106:wpa2-key-hack-nvidia
Hi there.
out of the box: WPA2.
Yes, it can be broken. But not with a reasonable effort at the moment.
There was also found a security issue in WPA2 i think.
--TheDoctor
out of the box: WPA2.
Yes, it can be broken. But not with a reasonable effort at the moment.
There was also found a security issue in WPA2 i think.
--TheDoctor
I would additionally suggest you establish an vpn connection between the mobile device and the connection server.
For a start this could be openvpn. http://openvpn.net/index.php/open-source/overview.html
Tolomir
For a start this could be openvpn. http://openvpn.net/index.php/open-source/overview.html
Tolomir
and this is the company that claims they can do it
http://www.elcomsoft.com/ewsa.html
using an nVidia card.
http://www.elcomsoft.com/ewsa.html
using an nVidia card.
I would rather use the http://www.maximumpc.com/article/features/ati_radeon_hd_5970_undisputed_performance_champ
to get 103000 passwords per seconds ;-)
---
Elcom also say: If Elcomsoft Wireless Security Auditor fails to recover a Wi-Fi password within a reasonable time, the entire wireless network can be considered secure.
Tolomir
to get 103000 passwords per seconds ;-)
---
Elcom also say: If Elcomsoft Wireless Security Auditor fails to recover a Wi-Fi password within a reasonable time, the entire wireless network can be considered secure.
Tolomir
ASKER
is wpa2- tls stronger?
WPA2 is the strongest Wi Fi, but if you also use a VPN across the Wi-Fi link, you've got another layer of security which is even securier.
@Tolomir: I'm an nVidia fan, but also have a life, and why would anyone bother to hack WPA2!
I just wanted to point out, that currently ati cracks more passwords then nvidia does ;-)
@Tolomir: this week!
I suggest to read this article:
https://secure.wikimedia.org/wikipedia/en/wiki/Wi-Fi_Protected_Access#WPA2
including: https://secure.wikimedia.org/wikipedia/en/wiki/EAP-TLS#EAP-TLS
for home usage wpa2 with a strong preshared key like "8=3O!aq72;UQHT*@t$;o" is considered safe!
Tolomir
https://secure.wikimedia.org/wikipedia/en/wiki/Wi-Fi_Protected_Access#WPA2
including: https://secure.wikimedia.org/wikipedia/en/wiki/EAP-TLS#EAP-TLS
for home usage wpa2 with a strong preshared key like "8=3O!aq72;UQHT*@t$;o" is considered safe!
Tolomir
Strongest Wireless Security ....
It would be wrong to focus on encryption algorithm....
As Tolomir points out:
Wireless can be as secure as wired, maybe even more secure if done properly.
For corporate/business environment.
Use 802.1x with machine authentication and user-reauthentication. This way both computer AND username and password is authenticated. And you authenticate computers with a domain certificate, and username and password from domain authentication. The authentication mechanism is sent on secure encrypted channel. That way wireless access is based on something you have, a certificate/smart card, and something you know - username and password.
WPA/WPA2 is purely an encryption algorithm used to encrypt data.
- It would be impossible to capture in-the-air traffic to gather enough packets to decrypt data - as the WPA-encryption keys can be dynamic and changed every minute if you like
- It would - of course - be possible to do dictionary attack, or some other kind for random attack to break PSK --- it's all math !
for home user - a strong key is sufficient (once again - as Tolomir says)
Ask yourself this question: How many people would spend time and money to hack someones home wireless? Hence - WPA/WPA2-PSK is more than sufficient
For business/Corporate - many would, so PSK is NOT an option, onlyd 802.1X is a good enough solution
It would be wrong to focus on encryption algorithm....
As Tolomir points out:
Wireless can be as secure as wired, maybe even more secure if done properly.
For corporate/business environment.
Use 802.1x with machine authentication and user-reauthentication. This way both computer AND username and password is authenticated. And you authenticate computers with a domain certificate, and username and password from domain authentication. The authentication mechanism is sent on secure encrypted channel. That way wireless access is based on something you have, a certificate/smart card, and something you know - username and password.
WPA/WPA2 is purely an encryption algorithm used to encrypt data.
- It would be impossible to capture in-the-air traffic to gather enough packets to decrypt data - as the WPA-encryption keys can be dynamic and changed every minute if you like
- It would - of course - be possible to do dictionary attack, or some other kind for random attack to break PSK --- it's all math !
for home user - a strong key is sufficient (once again - as Tolomir says)
Ask yourself this question: How many people would spend time and money to hack someones home wireless? Hence - WPA/WPA2-PSK is more than sufficient
For business/Corporate - many would, so PSK is NOT an option, onlyd 802.1X is a good enough solution
Hello,
I am a security expert and I will say that everything depends of your enviroment.
Right now the strongest security that you can get is a wireless device integrated with radius server and do machine or user authentication. This feature is called 802.1x.
In regards of the encryption I suggest to use wpa2 enterprise AES so all the traffic between the client and the wireless device will be encrypted.
802.1x depending of the hardware can use differents EAP methods.
I suggest to use EAP-FAST if you have Cisco ACS if not use EAP-TLS.
If you are interesting I can go deeper and provide you with some configuration examples.
I am a security expert and I will say that everything depends of your enviroment.
Right now the strongest security that you can get is a wireless device integrated with radius server and do machine or user authentication. This feature is called 802.1x.
In regards of the encryption I suggest to use wpa2 enterprise AES so all the traffic between the client and the wireless device will be encrypted.
802.1x depending of the hardware can use differents EAP methods.
I suggest to use EAP-FAST if you have Cisco ACS if not use EAP-TLS.
If you are interesting I can go deeper and provide you with some configuration examples.