C is for Colin

That's good enough for me!

Sunday, October 12, 2008

Time to start scaring wireless users again...

For those who don't pay attention to the IT/Security news, WPA-PSK has taken another hit.

For those who don't know me, I have spent too much time working with wireless technology, and tend to indicate that the sky is falling, or that evil monkeys are going to steal our kidneys.

I tell people to make sure they have encryption (and WEP doesn't count) on their wireless routers, or people can find a way to nab their personal information from a distance. I've been told that I seem to enjoy scaring people. It might be true.

But with the new advances in using graphics cards to speed up the cracking process make it possible for someone with too much time on their hands to take down a home network. Products have even been released using this technology that help you, uh, recover your forgotten WPA password. Doing a bit of number crunching reveals that about 50% of the home networks out there can be cracked with about 3k USD of gear in about a week. While this doesn't quite make it as bad as the WEP situation, where a hacker could casually watch everything you type with about a minute of effort, it does mean that a geek with an expensive gaming rig can take apart a small business network and listen in on, well, anything they feel like.

There are still ways to protect yourself, or at least minimize your risk of being vulnerable to this, listed here from simple to safest:
  • Change your SSID (network name) to something non-standard - Using a simple SSID puts you in that 50% up easily hackable networks.
  • Use long, high entropy passwords - anything in English has very low entropy, so if you want it to be secure but memorable, make it an entire sentence. Or two. And change it once a month.
  • Use WPA-enterprise - either create a bunch of certificates and pass them out, or make everyone use their own password to log on (PEAP or TTLS).
  • Use a VPN, and live with the network performance hit.
For my own part, my wireless network has a nonstandard name and a long (but plain English) password. I would imagine that in the near future I will take some time to start tightening things up a bit - more on that later if I find a neat and tidy way to pull it off.
Posted by at
Labels:

1 comment:

Anonymous said...

Seven winners shall be selected from every drawing to win their share of $1,000 FREE PLAY! Winners shall be announced on the Casino4Fun website and notified via their email handle on file. One random drawing will happen between 10AM EST and 3PM EST on the first Monday of each month in 2017. All free slot play which You redeem have to be performed by You within thirty days of the redemption date, or it's going to routinely and permanently expire. We might receive information about you from other sources and mix or 카지노 사이트 link that with information we now have about you.

December 1, 2022 at 7:25 PM

Post a Comment

Subscribe to: Post Comments (Atom)