Thursday, February 07, 2008

wireless network security

I'm payed a lot of money to keep a large network system secure. As a result I've learned and established proven network security techniques that are used throughout the network security industry. Wireless networking is the hottest craze to have swept through the networking world, if you haven't been paying attention. The biggest downfall of a wireless network, though, is the fact that anyone who receives the signal can potentially view the network traffic. Thus arrives our bestest friend: signal encryption!

Signal encryption comes in several flavors which range from disgusting, to nominally edible. WEP is by far the most disgusting example. If it were a food it would be in the Oscar Meyer freeze dried and vacuum packed food section of the supermarket. The flaws are apparent and easily exploitable by anyone marginally interested. Here is what wikipedia offers us, "If enough traffic can be intercepted, then it can be broken by brute force in a matter of an hour or two. If that weren’t bad enough, the time it takes to crack WEP only grows linearly with key length, so a 104-bit key doesn’t provide any significant protection over a 40-bit key when faced against a determined hacker." Makes you think twice about eating headcheese.

Our second choice is WPA encryption. It provides much better authentication that WEP putting it in the range of a good deli sandwich. Encryptions offered are TKIP(deli sandwich with non-head cheese), and AES-CCMP(deli sandwich wish avocado and all the extra junk). AES-CCMP is the standard for 802.11i and WPA2. The problem with WPA becomes your implementation. WPA Enterprise offers RADIUS authentication providing each connection with personal authentication. WPA Personal, on the other hand, relies on a passphrase to gain access. Problem being that there is only one passphrase coming in length from 8 to 63 characters. This could be subject to a brute force, or dictionary attack. A 63 character passphrase would offer far superior protection against an 8 character phrase, and at least 20 should be used. Wikipedia offers this, "Weak PSK passphrases can be broken using off-line dictionary attacks by capturing the messages in the four-way exchange when the client reconnects after being deauthenticated. Wireless suites such as aircrack-ng can crack a weak passphrase in less than a minute. WPA Personal is secure when used with ‘good’ passphrases or a full 64-character hexadecimal key." Thus, use strong passphrases in association with your WPA encryption, or you'll suffer from nothing less than a head cheese flavor in your master crafted deli sandwich. WPA2 encryption is the next standard in the line of upgrades to encryption and will be seen more widespread in the coming years. Compared with WEP and WAP it uses only the finest artisan craft breads and organic ingredients from local farmers.

I have overcome all of the deficiencies of encryption by employing a direct, psychological fear-based defense method. When a wardriver is attempting to scour wireless networks that may be harboring curried chutney or a really great pesto, you have to focus your defenses on a different level. What would be a potential downfall of connecting to an unknown wireless network not controlled by yourself? You guessed it(or not) a virus!!
The most effective form of wireless security has to be to change your SSID to something unsavory for anyone looking to get onto it. Start security right at the gates of your fortress. Who in there right mind would attempt to join a network called 'Virus', or 'Trojan Horse'? Better yet, shoot straight for their physical self. Name your network 'AIDS' or 'West Nile Virus'. That ought to deter just about anyone except the CDC, and then you might have a court battle with the feds if one of them really does catch something.
As proof of concept for my contribution to the field of wireless security, the college where I work has several student teams in the field of Construction Management who are attending a friendly cage-match competition against other colleges. At the several day slaughter fest of project scheduling and brutal array of speeches, the teams will need personal wireless networks to coordinate and spearhead attacks against their foes. My idea has been picked up as the leading security model of one of these teams and they will bring glory to our college with a vast arsenal of wireless security techniques.