|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Experience with Verizon FIOS & wireless installation
|
It's all broken WEP, WPA ..etc. I've seen hack videos for both, and cracked both myself. Aircrack-ng can crack wep and wpa in minutes. Non-broadcasting SSID's are a joke. You still transmit beacon frames and if you listen long enough you will get the SSID.
No good suggestions, except 802.1x, and dynamic keying. If you want security you should go with a Enterprise solution with a RADIUS server behind it. If you don't care just use wep with dynamic keying. A VPN over wireless would also be a good solution. This way at least your data is secure.
I would be happy to show people a thing or two about wireless but it won't last an hour.
Also, you know those bluetooth headsets everyone wears, guess what; also broken. They have been hacked and it can be done from any linux box. Wear one into a meeting and with the right equipment it can become a listening device from up to a mile away. You can also send the target any audio information you chose.
No I'm not paranoid and will also be happy to show what I been able to learn about this technology. None of this stuff I've personally come up with. It's all available for anyone to see on the internet if you know where to look.
Brian Vagnoni
From: James Barrett [mailto:jadoba@jadoba.net]
To: Philadelphia Linux User's Group Discussion List [mailto:plug@lists.phillylinux.org]
Sent: Sun, 30 Sep 2007 15:33:54 -0400
Subject: Re: [PLUG] Experience with Verizon FIOS & wireless installation
On Sunday 30 September 2007 15:01, jeff wrote:
> george@georgesbasement.com wrote:
> > In the meantime, I've set up a proper username and password (from the
> > router's "admin" & "password1") as well as a 128-bit WEP key. Any
> > other security advice from the PLUG group ? Oh, yeah - the web interface
>
> 1. USE WPA!!!
Good advice. Better advice would be to use WPA2 with 256-bit AES encryption
(if available). If WEP is all that your router can handle, it is "better
than nothing" but still not good. WEP keys can be cracked within a short
period of time.
> 2. put the MAC addresses of all pc's connecting to the wireless into the
> wireless router and deny access to any other MACs.
More than a handfull of wireless devices allow one to change the MAC address
at whim. Additionally, kismet lists the MAC addresses of clients connected
to a wireless network. Using MAC address filtering would slow down an
attacker, but not for long.
> 3. always change default name and passwords
Good advice.
> 4. turn off SSID broadcast
Kismet allows an attacker to find the SSID of any network within range,
regardless of whether or not it is hidden. Having said that, it is probably
a good idea to pick a unique SSID.
> 5. use other than the default channel
This can help with connection strength, depending on your neighbors'
configurations. Otherwise it is really not that big of a deal.
> 6. strong passwords
Always good advice. Using a strong encryption passphrase will help prevent
brute-force attacks.
If you are completely paranoid, using radius authentication would be the next
step towards a somewhat secured wireless network.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|