[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Experience with Verizon FIOS & wireless installation
|
Regarding strong passwords ans smart people.
"I don't need to remember my own phone number, I can just look it up in
the phone book."; Albert Einstein. He would have written his password
under the keyboard no doubt.
Brian
From: Brian Vagnoni [mailto:bvagnoni@v-system.net] To: Philadelphia Linux User's Group Discussion List [mailto:plug@lists.phillylinux.org] Sent: Mon, 01 Oct 2007 01:43:54 -0400 Subject: Re: [PLUG] Experience with Verizon FIOS & wireless installation
As far as the WPA crack please see this video on my site. I didn't make this but I found it very interesting:
http://www.v-system.net:81/flashmovies/whax-aircrack-wpa.swf
Brian
From: Brent Saner [mailto:brent.saner@gmail.com] To: Philadelphia Linux User's Group Discussion List [mailto:plug@lists.phillylinux.org] Sent: Mon, 01 Oct 2007 01:03:48 -0400 Subject: Re: [PLUG] Experience with Verizon FIOS & wireless installation
the reason wpa is preferred over wep is because with wep, you WILL crack it, given enough time. with wpa, you either crack it or you don't. if you have a good encryption and a good key and a good algo., it's uncrackable. it's possible you just got lucky with the WPA crack you did. but there is no surefire for cracking WPA. if you have knowledge contrary to this though, you're welcome to share.
bluetooth security is an oxymoron. ;) it wasn't intended to be secure, it was intended to be portable. unfortunately with wireless technology, it's either one or the other at the moment.
but i do agree about the RADIUS server. as for VPN, it's just another layer. don't let VPN make you feel invincible- hell, don't let ANY layer make you feel invincible. there is no such thing as a 100% uncrackable security.
On 10/1/07, Brian Vagnoni <bvagnoni@v-system.net> wrote:
It's all broken WEP, WPA ..etc. I've seen hack videos for both, and cracked both myself. Aircrack-ng can crack wep and wpa in minutes. Non-broadcasting SSID's are a joke. You still transmit beacon frames and if you listen long enough you will get the SSID.
No good suggestions, except 802.1x, and dynamic keying. If you want security you should go with a Enterprise solution with a RADIUS server behind it. If you don't care just use wep with dynamic keying. A VPN over wireless would also be a good solution. This way at least your data is secure.
I would be happy to show people a thing or two about wireless but it won't last an hour. Also, you know those bluetooth headsets everyone wears, guess what; also broken. They have been hacked and it can be done from any linux box. Wear one into a meeting and with the right equipment it can become a listening device from up to a mile away. You can also send the target any audio information you chose.
No I'm not paranoid and will also be happy to show what I been able to learn about this technology. None of this stuff I've personally come up with. It's all available for anyone to see on the internet if you know where to look.
Brian Vagnoni From: James Barrett [mailto:
jadoba@jadoba.net] To: Philadelphia Linux User's Group Discussion List [mailto:plug@lists.phillylinux.org
] Sent: Sun, 30 Sep 2007 15:33:54 -0400 Subject: Re: [PLUG] Experience with Verizon FIOS & wireless installation
On Sunday 30 September 2007 15:01, jeff wrote:
> george@georgesbasement.com wrote:
> > In the meantime, I've set up a proper username and password (from the
> > router's "admin" & "password1") as well as a 128-bit WEP key. Any
> > other security advice from the PLUG group ? Oh, yeah - the web interface
>
> 1. USE WPA!!!
Good advice. Better advice would be to use WPA2 with 256-bit AES encryption
(if available). If WEP is all that your router can handle, it is "better
than nothing" but still not good. WEP keys can be cracked within a short
period of time.
> 2. put the MAC addresses of all pc's connecting to the wireless into the
> wireless router and deny access to any other MACs.
More than a handfull of wireless devices allow one to change the MAC address
at whim. Additionally, kismet lists the MAC addresses of clients connected
to a wireless network. Using MAC address filtering would slow down an
attacker, but not for long.
> 3. always change default name and passwords
Good advice.
> 4. turn off SSID broadcast
Kismet allows an attacker to find the SSID of any network within range,
regardless of whether or not it is hidden. Having said that, it is probably
a good idea to pick a unique SSID.
> 5. use other than the default channel
This can help with connection strength, depending on your neighbors'
configurations. Otherwise it is really not that big of a deal.
> 6. strong passwords
Always good advice. Using a strong encryption passphrase will help prevent
brute-force attacks.
If you are completely paranoid, using radius authentication would be the next
step towards a somewhat secured wireless network.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group --
http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
-- Brent Saner 215.264.0112(cell) 215.362.7696(residence)
http://www.thenotebookarmy.org
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|