Wi-Fi Security January 21, 2008 by Larry Finger
Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however, always remember that the device is a radio. Whatever it broadcasts can be seen by any receiver tuned to that channel. This presentation will cover how to protect your own (private) network, and how to protect yourself when you use a public network.
Wi-Fi Security A “typical” home network
Wi-Fi Security Why Secure the home network (part 1) Protect your information Using a program called wireshark, I captured data from the tengointernet wifi. One of the messages contained the following: href="/prize/prize-rules.jsp" target="_top">Prize Rules ';.prizes[2]=' This gobbledygook is HTML, the language of web pages. These data contain no secrets; however, the parts I didn't show could be used to determine what sites you visit, etc. Note: Wireshark does not work with Windows.
Wi-Fi Security Things are not quite as bad as the previous slide would suggest. When really sensitive information such as bank account numbers, log-in names, and passwords are transmitted, and you are using an “https” site, the data are already encrypted, and are usually safe. I'll cover the exception later.
Wi-Fi Security Why secure the home network (part 2) Keep strangers from using your Internet connection You may have excess capacity, and sharing may not hurt, but what happens if the unwanted guest is downloading kiddie porn? The Internet record will point to YOUR connection!!! To my knowledge, no one has been prosecuted for this; however, why take a chance?
Wi-Fi Security How do you encrypt your Access Point? There are several flavors of encryption: WEP – Wired Equivalency Protocol WPA – Wi-Fi Protected Access WPA Personal (TKIP - Temporal Key Integrity Protocol or AES - Advanced Encryption Standard) WPA2 Personal (TKIP or TKIP + AES) RADIUS – Remote Authentication Dial In User Service – needs separate server - mostly for companies (highly secure) WPA Enterprise – needs RADIUS server WPA2 Enterprise – needs RADIUS server
Wi-Fi Security WEP – Use only if it is the only encryption available!!! The designers did it badly. Even with the 128- bit version, the encryption can be broken in as little as 5 minutes! Be aware that the conversion of a WEP passphrase into a hexadecimal string is not unique and the key used by your AP may not match that of the computer!! Put a passphrase into the AP, but copy the string for later usage.
Wi-Fi Security WPA2 Personal – The best available encryption for the home network. Use this one if it is available. WPA Personal – This method is less secure than WPA2, but is designed to work with equipment originally designed for WEP. Unlike WEP, the WPA methods can only be cracked by dictionary attack. If the passphrase is 20 characters or more, cracking is essentially impossible. Use a strange combination of upper/lower case and special characters and/or numbers. My phrase is 28 characters, and includes special characters. WPA and WPA2 passphrase conversion is unique.
Wi-Fi Security How do you set the encryption method? The answer depends on the maker of your AP. For the Linksys models, you connect via a wired connection and point your browser to This address is the default value for these routers. I'll show later how to determine these “magic” numbers.
Wi-Fi Security You will be presented with this window. No “User Name” is required. Note: If you have not already changed the default password, do so now!
Wi-Fi Security After logging into the router, select the “Wireless” and “Wireless Security” tabs, and pull down “Security” to get
Wi-Fi Security To set up your AP for WPA2 with TKIP + AES, you would select
Wi-Fi Security This slide shows the way to generate the WEP key from a passphrase. Only the “Default” key will be needed
Wi-Fi Security If you have a different make of access point, the process may differ, but in general, you still will have to contact the IP address of the AP, log in, and select the encryption method and passphrase. To find the IP address that is needed, select “start/run”, put “cmd.exe” in the box, and click “Ok”. In the window that pops up, type “ipconfig /all”. The address listed as the “Default gateway” for the wired interface is what you need..
Wi-Fi Security I have now described what you do to secure your private network, but what can you do if you are using a public network such as found in RV parks, libraries, motels, and coffee shops? The solution is a Virtual Private Network or VPN. Unless your employer has a VPN server, these are not free. The one I use costs $40/year. Note: VPN's will also work with wired connections.
Wi-Fi Security A VPN is a network “tunnel” between your computer and the VPN server. With the tunnel, ALL transmitted data are encrypted before leaving your computer and is not decrypted until it reaches your VPN server, which sends your data on to the final target. Of course, if you are using https, there is an additional level of encryption.
Wi-Fi Security There are three flavors of VPN's: PPTP – Point to Point Transfer Protocol This method is easiest to implement, but relies on a password that is entered when you connect. It also uses a less-secure encryption than the other two. SSL – Secure Sockets Library This method uses a certificate, which was generated by the VPN provider, to authenticate the client. No password need be entered. Both the openvpn and ipsec programs use this method. IPSec – Internet Protocol SECurity This method is very secure; however, it requires modification to the operating system. Thus, it is harder to implement.
Wi-Fi Security Besides encryption, VPN has other benefits: Access “blocked” sites Use blocked servers and services Eliminate “Man-in-the-Middle” attacks
Wi-Fi Security References Detailed description of encryption methods: en.wikipedia.org The commercial VPN provider that I use:
Wi-Fi Security I will now show you the steps needed to create a PPTP VPN on Windows.