Posted: 7/3/2009 8:25:47 AM EDT
|
What is the best home wireless encryption I hcan get and use right now? Currently I am running WPA2 AES on a buffalo router.
I found videos on youtube stating you can now hack that in 30 minutes with a notebook. Is this true? |
|
Quoted: What is the best home wireless encryption I hcan get and use right now? Currently I am running WPA2 AES on a buffalo router. I found videos on youtube stating you can now hack that in 30 minutes with a notebook. Is this true? I use as much the router lets me plus I use a MAC filter and I don't broadcast the SSID. |
|
So, a determined attack will overcome most precautions, and wireless certainly does allow attack vectors that don't exist in wired networks.
You can disable SSID broadcasting by the access point, but clients send in the clear. MAC addresses can be faked and IP addresses can be spoofed. WEP is trivially cracked with a few minutes of traffic. Rogue high-power access points are effective . . . You may already share my opinion that wireless home networks, though convenient, are best used for insecure, casual network use. And that the odds of your family members understanding that and behaving accordingly is near zero. === I don't run wireless at my home, but if I did My firewall/access point would segregate wireless traffic from the rest. I would try hard not to do sensitive stuff on it. Your access point and client should support AES preshared keys. Generate that key with a good long passphrase. Consider a wireless IDS (intrusion detection system) with a rogue AP alert mechanism. Walk around and see where you get signal outside your home. You might even enjoy playing with antenna types. Still, rogue APs and amplifiers . . . Hack your own network. Honestly, for me it's not near worth it. When I want to sit outside, I have a 100-foot cable. Pulling cable is a pain when you are doing it, but there are always tricks (such as running through ductwork) for tricky bits. The 802 specs allow long runs, so that pushing up to the attic or down to the crawlspace (conduit is really cheap, for neat freaks, and expanding foam insulation keeps crawlies where they belong) and then running horizontally and then up/down the target wall is usually a good option. Happy surfing. |
|
Quoted:
What is the best home wireless encryption I hcan get and use right now? Currently I am running WPA2 AES on a buffalo router. I found videos on youtube stating you can now hack that in 30 minutes with a notebook. Is this true? For small enough values of True, yes it is. Really, the hacks being shown are nothing more than a Dictionary attack. They work by simply brute-force trying over and over to associate to the Wireless AP via WPA2-AES using a randomly selected passphrase from a Dictionary file, or a completely randomly generated passphrase. The key to blocking these sorts of attacks is twofold: 1. USE A LONG COMPLEX PASSPHRASE!!! Every digit you add to the passphrase makes it significantly more difficult to guess, therefore requiring more time to brute-force attack. The best passphrases are random strings of digits, characters, and symbols. You can find random passphrase generators on the web where they will generate a key, then you can copy and paste it into all your devices. This techniques, with a key length over 25 characters, is considered essentially uncrackable (as much as anything is uncrackable) by current IT industry standards. Here's one generator: https://www.grc.com/passwords.htm It even explains how to enter the key, and how to compensate for some devices which are slightly 'dumb' about WPA2 keys. 2. Change your key occasionally. At least twice a year, preferably every 30-90 days. This means the attacker has to start over, IF he even knows you have changed the key. Good Luck! FluxPrism CCNP, CCDA, CCNA, MCSE, PP-ASEL |
|
Quoted: Quoted: What is the best home wireless encryption I hcan get and use right now? Currently I am running WPA2 AES on a buffalo router. I found videos on youtube stating you can now hack that in 30 minutes with a notebook. Is this true? For small enough values of True, yes it is. Really, the hacks being shown are nothing more than a Dictionary attack. They work by simply brute-force trying over and over to associate to the Wireless AP via WPA2-AES using a randomly selected passphrase from a Dictionary file, or a completely randomly generated passphrase. The key to blocking these sorts of attacks is twofold: 1. USE A LONG COMPLEX PASSPHRASE!!! Every digit you add to the passphrase makes it significantly more difficult to guess, therefore requiring more time to brute-force attack. The best passphrases are random strings of digits, characters, and symbols. You can find random passphrase generators on the web where they will generate a key, then you can copy and paste it into all your devices. This techniques, with a key length over 25 characters, is considered essentially uncrackable (as much as anything is uncrackable) by current IT industry standards. Here's one generator: https://www.grc.com/passwords.htm It even explains how to enter the key, and how to compensate for some devices which are slightly 'dumb' about WPA2 keys. 2. Change your key occasionally. At least twice a year, preferably every 30-90 days. This means the attacker has to start over, IF he even knows you have changed the key. Good Luck! FluxPrism CCNP, CCDA, CCNA, MCSE, PP-ASEL Wow thats neat. i've used GRC's "Shelds Up" but never noticed that password generator. |
| pick a random private net, filter by mac address, disable ssid broadcast, full length random key wpa2 encryption, change default router password, disable router configuration from wireless and internet, segregate wireless clients from lan and each other, vpn to a trusted site |