HP TouchSmart. Touch the future now.
Networking & wireless: Wireless Security w/New Router
Still not convinced they can do it without being an AP
by dfichtner - 9/6/06 1:54 PM In reply to: The demo resulted in ... by R. Proffitt
I still don't see their test working unless the attacking machine is an AP that the attacked machine hooks up to. They have not demonstrated how they can "sniff out" a signal from another laptop and just hack into it. I really am bummed that they used a 3rd party card with a MAC. Actually, I am very suspect because they never told us the card's brand name. It's as if they tried to keep it as annocuous as possible so they wouldn't get sued and have to prove it all or something.
With that said, I can't disagree with you that eventually, just about anything seems to be compromised eventually. People can be pretty creative in figuring out ways to hack stuff. The more technology there is, sometimes, it seems like the more holes develop. For now, though, I think WPA is pretty safe. Especially for the average home user.
I never saw any mention of a firewall in use during that video, or a good live virus scanner. Have to watch that one again.
Not so fast
by bmedicky - 9/7/06 7:18 AM In reply to: Nice try, but... not much new here by dfichtnerThe victim machine in the demo was NOT previously connected to the access point, as you seem to imply. At the start of the video, the guy clearly says that the victim machine does NOT have to be previously associated with the access point or authenticated in any way. You're missing the point when you tell us not to randomly connect to an unknown AP. That's not the issue here at all.
About random connections.
by R. Proffitt - 9/7/06 7:28 AM
In reply to: Not so fast by bmedicky
First let me apologise. There are so many exploits I've been shown and there are more that I'll mess up a reply now and then. Sorry about that.
But about random connections. SOME machines are set to automatically connect to nearby APs.
Maybe this is a feature that must go away since it can be part of the exploit?
Or should we be more demanding?
Bob
WPA stronger than you think
by kwkid - 9/6/06 10:26 AM In reply to: WPA/PSK stronger than you are giving credit for by dfichtnerdfichtner, my point was not about the strength, or lack of strength, of the WPA/PSK scheme of security. I agree, with all bits being utilized, with random numbers and letters, it has not been proven to be broken, based on your criteria. By the same token, my point was that the average hacker will/can not make themselves vulnerable by sitting within 100-200 feet of your house, trying to break your key for hours at a time without being noticed. The average home user doesn't have data valuable enough to warrant that type of attack, and if they did, they wouldn't be using wireless, they would be using an ethernet cable, IPSec encrytion, and L2TP at the bare minimum. I just want people to use a little common sense along with there security. That's all I was trying to say. People don't make their homes into Fort Knox to protect their wife's $114.95 WalMart gold charm.
What About Wireless Cameras
by sunman67 - 9/10/06 6:48 AM In reply to: Wireless Security w/New Router by ConfedBTW, the information provided on this post has been enlightening, especially for some one that is only a novice.
Based on what has been discussed (security issues), it probably would not be prudent for me to install wireless IP cameras, unless it is connected to the wireless router via an ethernet connection. Is this correct? I'm looking at the linsys wvc54g model, only because I have a linsys wireless cable router (wcg200). Also, can someone recommend another brand of camera that will work with my current router because based on reviews, this model is some what difficult to set-up, especially for a novice - like me. Thanks.
Tell what the issue there is.
by R. Proffitt - 9/10/06 7:08 AM
In reply to: What About Wireless Cameras by sunman67
Is that you don't want others to see the camera video?
But beware that I've found most wifi cameras to fail a simple test. Here it is.
Set it all up, get the video going. Now drop power to the camera. Count to 20 and then turn the camera power back on.
Every single wifi camera system so far never recovers.
-> This means this system would never make a good surveillance solution. Too unreliable.
Bob
Is this the same for hard-wired cameras?
by sunman67 - 9/10/06 10:47 AM In reply to: Tell what the issue there is. by R. Proffitt
Or is that because they are connected to a DVR/Computer, the entire system gets reset...
From what's I've dug into...
by R. Proffitt - 9/10/06 11:47 AM
In reply to: Is this the same for hard-wired cameras? by sunman67
It's the surveillance software that is at fault. It's not robust. On your average wired CCTV the DVR does not care if video vanished. It may sound an alarm but it doesn't hang the system.
Bob
firewalls
by infoneed - 1/10/07 7:41 PM In reply to: Wireless Security w/New Router by ConfedI,m new and want to hook up a wirless network and like everybdy concerned about security. I,m told to get a router with VPN as a firewall. Is this better
router wireless security
by dave45church - 2/1/07 3:25 AM In reply to: Wireless Security w/New Router by Confedi have a linksys-g adsl home gateway and are looking for a way to secure it ie lock it could someone help me. daveieboy
WPA/WPA2 security.
by Cyberdoc2k - 2/7/07 2:27 PM In reply to: router wireless security by dave45churchI guess I'll weigh in on how secure WPA/WPA2 is. At present the only effective attack against WPA/WPA2, is an offline dictionary attack. If you use a paasphrase for your PSK that consists of a word found in the dictionary, then you are extremely vulnerable. In one demonstation the word sausages was used. I took a little over 3 minutes to retrieve the PSK. When precomputed hashes were used it took only 0.2 seconds. To mitigate this threat, complex random PSK's must be used. Ideally, you want to use a 64 digit hexidecimal. Using a hex of this size negates the offline dictionary attack, since a hex is not going to be in a dictionary file, and a 64 digit hex is used as the Pairwise Master Key, avoiding the hashing procces that creates the vulnerability. This leaves an attacker with one optio, a good old fashion brute force attack. If a 64 digit hex is use then each of the 2^256 possibilities must be check. That comes out to
1.1579208923731619542357098500869x10^77 possibilities. If you could produce a device that could check a billion billion possibilities (no such device exists at present), then it would take you 3.671x10^51 years to check each possibility. Needless to say, this make the brute force method computationally infeasable. If you do not have a tool to produce such a value, simply go to:
https://www.grc.com/passwords.htm
While there is no such thing as forever secure, (Once upon a time it was computationally infeasable to brute force DES) with a little effort you can make WPA/WPA2 reasonably secure.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
