|
Posted by John Hyde on October 10, 2005, 12:51 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Greetings,
I am in the process of setting up wireless access in our small office.
The wireless access point hardware I have seen is all equipped to do up
to 128 bit WEP encryption and MAC filtering. A couple of questions:
1. I have read that WEP is broken. Is it really? Do I want to use
something else? One of the laptops that will be connecting is a few
years old and it's built in wireless supports WEP 128 but not other
encryption as far as I can tell.
2. MAC filtering seems to me to be a great idea. Adds a layer of
security. If WEP is enabled, is the MAC address of the laptop also
encrypted? Does it matter?
3. Thinking out loud now. If my laptop is busy looking for wireless
access points, and transmitting it's MAC address in the clear. Assume an
attacker learns my MAC address. Then I get to my office and log on to
the Wireless Access Point. It requires that I send the MAC encrypted.
Does the attacker have a crib that will them to pry open WEP 128? If
so, am I better off with just WEP and not MAC filtering?
Thanks for all your thoughts,
John
|
|
Posted by Imhotep on October 10, 2005, 6:56 pm
If you were Registered and logged in, you could reply and use other advanced thread options
John Hyde wrote:
> Greetings,
>
> I am in the process of setting up wireless access in our small office.
> The wireless access point hardware I have seen is all equipped to do up
> to 128 bit WEP encryption and MAC filtering. A couple of questions:
>
> 1. I have read that WEP is broken. Is it really? Do I want to use
> something else? One of the laptops that will be connecting is a few
> years old and it's built in wireless supports WEP 128 but not other
> encryption as far as I can tell.
>
> 2. MAC filtering seems to me to be a great idea. Adds a layer of
> security. If WEP is enabled, is the MAC address of the laptop also
> encrypted? Does it matter?
>
> 3. Thinking out loud now. If my laptop is busy looking for wireless
> access points, and transmitting it's MAC address in the clear. Assume an
> attacker learns my MAC address. Then I get to my office and log on to
> the Wireless Access Point. It requires that I send the MAC encrypted.
> Does the attacker have a crib that will them to pry open WEP 128? If
> so, am I better off with just WEP and not MAC filtering?
>
>
> Thanks for all your thoughts,
>
> John
Your security policies should match the security risk you are willing to
live with. In other words, do you have sensitive date? Critical data?
Analyze what you have on your computer and how "sensitive" it really is.
WEP is a very weak "encryption" protocol and I have read, but not done it
yet, that it can be broken in minutes. MAC filtering is moot and really
gets you little added security....
If your data is that important, ie you have SS#, credit card info, etc, etc
Just use some cat5....or look into some of the new wireless protocols.
Imhotep
|
|
Posted by Juergen Nieveler on October 10, 2005, 8:06 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> 1. I have read that WEP is broken. Is it really? Do I want to use
> something else? One of the laptops that will be connecting is a few
> years old and it's built in wireless supports WEP 128 but not other
> encryption as far as I can tell.
WEP can be broken with a few minutes of work and a few tools like
"Aircrack". You should use WPA instead. If the builtin system doesn't
support it, don't use it - buy another WLAN card.
> 2. MAC filtering seems to me to be a great idea. Adds a layer of
> security. If WEP is enabled, is the MAC address of the laptop also
> encrypted? Does it matter?
It doesn't matter. The encryption of WEP can be broken in minutes,
after that the attacker can see your MAC, adjust his computer, and he's
in.
> 3. Thinking out loud now. If my laptop is busy looking for wireless
> access points, and transmitting it's MAC address in the clear. Assume an
> attacker learns my MAC address. Then I get to my office and log on to
> the Wireless Access Point. It requires that I send the MAC encrypted.
> Does the attacker have a crib that will them to pry open WEP 128? If
> so, am I better off with just WEP and not MAC filtering?
WEP128 is broken, it's not even worth thinking about anymore.
Juergen Nieveler
--
ebius tagline. This is a moebius tagline. This is a mo ...
|
|
Posted by John Hyde on October 10, 2005, 6:34 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
>
>>1. I have read that WEP is broken. Is it really? Do I want to use
>>something else? One of the laptops that will be connecting is a few
>>years old and it's built in wireless supports WEP 128 but not other
>>encryption as far as I can tell.
>
>
> WEP can be broken with a few minutes of work and a few tools like
> "Aircrack". You should use WPA instead. If the builtin system doesn't
> support it, don't use it - buy another WLAN card.
>
>
>>2. MAC filtering seems to me to be a great idea. Adds a layer of
>>security. If WEP is enabled, is the MAC address of the laptop also
>>encrypted? Does it matter?
>
>
> It doesn't matter. The encryption of WEP can be broken in minutes,
> after that the attacker can see your MAC, adjust his computer, and he's
> in.
>
>
>>3. Thinking out loud now. If my laptop is busy looking for wireless
>>access points, and transmitting it's MAC address in the clear. Assume an
>>attacker learns my MAC address. Then I get to my office and log on to
>>the Wireless Access Point. It requires that I send the MAC encrypted.
>>Does the attacker have a crib that will them to pry open WEP 128? If
>>so, am I better off with just WEP and not MAC filtering?
>
>
> WEP128 is broken, it's not even worth thinking about anymore.
>
>
> Juergen Nieveler
Thanks for the reply. I'll be trying to find a firmware upgrade for the
laptop since it is built in. If not, I'll take the advice of finding an
alternate card.
I did find this interesting quote about WEP.
"WEP is better than nothing
If you can't use WPA, perhaps because you can't afford new base stations
and Panther upgrades for all your laptops, at least enable WEP, feeble
though it may. There is an old joke about two guys hiking in the woods
who spot a mean looking grizzly bear heading their way. One of the
hikers takes off his back pack, pulls out running shoes, and starts
putting them on. The other says "You idiot, you can't outrun a hungry
bear in the woods." The first replies "I don't have to outrun the bear,
I only have to outrun you." Even minimal security may be effective
against snoops who have plenty of unprotected targets to choose from.
Use the higher, 128-bit security setting, if possible, and change
passwords frequently."
From: http://world.std.com/~reinhold/airport.html
regards,
JH
|
|
Posted by Unruh on October 11, 2005, 4:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
>> WEP128 is broken, it's not even worth thinking about anymore.
>>
>>
>> Juergen Nieveler
>Thanks for the reply. I'll be trying to find a firmware upgrade for the
>laptop since it is built in. If not, I'll take the advice of finding an
>alternate card.
>I did find this interesting quote about WEP.
>"WEP is better than nothing
>If you can't use WPA, perhaps because you can't afford new base stations
>and Panther upgrades for all your laptops, at least enable WEP, feeble
>though it may. There is an old joke about two guys hiking in the woods
>who spot a mean looking grizzly bear heading their way. One of the
>hikers takes off his back pack, pulls out running shoes, and starts
>putting them on. The other says "You idiot, you can't outrun a hungry
>bear in the woods." The first replies "I don't have to outrun the bear,
>I only have to outrun you." Even minimal security may be effective
>against snoops who have plenty of unprotected targets to choose from.
>Use the higher, 128-bit security setting, if possible, and change
>passwords frequently."
>From: http://world.std.com/~reinhold/airport.html
That depends on whether or not someone wants to target you. do you have
competitors who you would rather not have on your network? They do not care
that the lumber yard down the street is easier to break into, they want
you.
Ie, if the bear wants you, for your red hat, being able to run faster than
your friend is irrelevant.
|
| Similar Threads | Posted | | wireless security | June 22, 2006, 2:23 am |
| using wireless internet without security | December 8, 2006, 4:02 am |
| wireless security tools | May 6, 2007, 10:53 am |
| Technical Question on wireless security | July 17, 2005, 7:05 am |
| Wireless adapter security question | April 10, 2006, 1:35 pm |
| wireless router password security | May 7, 2008, 9:59 am |
| THE NON-WIRELESS WIRELESS NETWORK MONITORING SYSTEM | September 14, 2005, 11:38 am |
| Home wireless router security by limiting the number of available IP addresses | June 16, 2007, 11:06 pm |
| Public Wireless Network together with Private Wireless Network | November 15, 2007, 3:39 am |
| Help for noob re wireless | January 16, 2007, 7:54 am |
|
XML site map