Wireless Networks... How Big a Security Risk?

[Enfinity]

For those of you that travel, I love my EVDO Rev A service. 128 bit encryption and broadband downloads.

 

[silver914]

Quote from gnome:

Yes, I'm concerned about a network in my house. What about a hybrid? Using an Ethernet router with a wireless POA? That way the most important concerens can be transmitted over a wired connection... ??

This would work. Although a wireless router does have ethernet ports and you can block access to the hardwired computers with your OS. In either instance each computer you set up on the network has moveable parameters as far as access and security go.

(Or, would the wireless portion possibly compromise the entire network?)

There's always that risk. You have to determine what's acceptable.

Gnome I know from your previous posts you have multiple computers, I just don't know how many. Is it possible to set up a small network with what you have and experiment?

 

[GTS]

Quote from gnome:

Yes, I'm concerned about a network in my house. What about a hybrid? Using an Ethernet router with a wireless POA? That way the most important concerens can be transmitted over a wired connection... ?? (Or, would the wireless portion possibly compromise the entire network?)

You could segment the network so that the wireless clients only have access to other wireless clients and the internet, not to the wired portion of your network.

 

[bigmrfrank]

Quote from silver914:

I agree 100%.

The OP made it sound as though he was trading from a home network and not a motel or public network. Two different animals depending on where "home" is. My comments were for my particular situation. I understand there are many scenarios and that each person should decide what's best for their own situation. In many cases it is advisable to NOT have a wireless network. Period.

I live in a very rural section of Idaho. If someone is trying to hack into my network I can see them, shoot them, and shovel what's left of them into a 15' deep hole with my backhoe somewhere on the other side of the pond on my 300 acres. Now, that's not an option if you live in Boston.

I wasn't directing my post specifically to you so no offense. And again we agree. "Home" is relative. In a city or even suburban setting any smart kid in the neighborhood can access a "home" network. Where you are the chances are slim unless you venture into town with your laptop. BTW, I've spend time up by you. Loved it. Largest elk and muley I ever took too.

 

[gnome]

Quote from bigmrfrank:

I wasn't directing my post specifically to you so no offense. And again we agree. "Home" is relative. In a city or even suburban setting any smart kid in the neighborhood can access a "home" network. Where you are the chances are slim unless you venture into town with your laptop. BTW, I've spend time up by you. Loved it. Largest elk and muley I ever took too.

Well, as I did some reading on WPA2, it seems it meets "FIP 140-2 government standards" for security.

How then could "any smart kind in the neighborhood" access a WPA2 network?

 

[bigmrfrank]

Quote from gnome:

Yes, I'm concerned about a network in my house. What about a hybrid? Using an Ethernet router with a wireless POA? That way the most important concerens can be transmitted over a wired connection... ?? (Or, would the wireless portion possibly compromise the entire network?)

It depends. Any form of wireless is a foot in the door. If someone were to gain access to the wireless device your network and all devices on it could be compromised. That said, there are some thing that can help.

Free software firewall - http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/

Zone Alarm blows.

Do not use any type of file sharing on the network. No shared folders, nothing. Use a USB drive if you need to transfer things.

Get a router that has a built-in hardware firewall. Some do, most don't.

 

[bigmrfrank]

Quote from sim03:

Have to disagree. I am no expert, but researched this when I set up my simple little WPA2 network.

Even the weaker WPA-PSK (pre-shared key) mode is vulnerable only to a brute force attack. (We are talking about remote hacking only... let's ignore a Watergate-style break-in, a laptop theft or loss, etc... under those scenarios, wired wouldn't be any safer than wireless.) With existing technology, hacking a mere 16-character passphrase (out of possible 63) would take many orders of magnitude longer than 15 billion years, an estimated age of the Universe. I can probably live with that...

Are you saying that there are methods of hacking WPA other than brute force? I have never come across that. A link would be helpful.

Only brute force as though brute force attacks are difficult? They're childsplay and not the only way.

Here's some hacking for dummies links.

http://www.google.com/search?hl=en&q=how+to+hack+wireless

http://www.google.com/search?hl=en&q=how+to+hack+wifi&btnG=Search

http://www.google.com/search?hl=en&q=how+to+hack+wireless+internet+connections&btnG=Google+Search

 

[bigmrfrank]

Quote from Enfinity:

For those of you that travel, I love my EVDO Rev A service. 128 bit encryption and broadband downloads.

Me too. Fast, cheap and very secure.

 

[silver914]

Quote from gnome:

Well, as I did some reading on WPA2, it seems it meets "FIP 140-2 government standards" for security.

How then could "any smart kind in the neighborhood" access a WPA2 network?

Just to get you started:

beginner's guide to hacking a wireless network


You are correct that WPA 2 is the most secure form of wireless network. That being said, not everyone has it or if they do they may not have it enabled. It is a hassle. Just one more thing to figure out for most non-tech types. More passwords. Face it, the average Joe just looks for the path of least resistance.

If you run WPA 2 you are not likely to have any problems with security.

 

[sim03]

Quote from bigmrfrank:

Only brute force as though brute force attacks are difficult? They're childsplay and not the only way.

Here's some hacking for dummies links.

http://www.google.com/search?hl=en&q=how+to+hack+wireless

http://www.google.com/search?hl=en&q=how+to+hack+wifi&btnG=Search

http://www.google.com/search?hl=en&q=how+to+hack+wireless+internet+connections&btnG=Google+Search

Please re-read my OP. I am talking specifically about hacking a WPA, particularly WPA2, network.

Since I can type in Google keywords with the best of them, please provide a single link that talks even in general terms about remotely hacking a WPA2 network with a 16-character or longer passphrase.

I don't believe it can be done today, even with computing power far beyond what a dedicated hacker might possess.

Your other assertion, that brute force is "child's play" is also wrong. While indeed not difficult to implement, it becomes exponentially more time consuming as the length of the passphrase increases, and 100% not feasible around 10-12 characters. (Try 62^10 = 8 x 10^17 possible combinations, for starters, where 62 is the number of upper and lower letters and digits in this language.)

Now, if people out there don't spend a little time RTFM and stick with WEP or 6-character passwords (or no security at all), that's their problem. Nevertheless, extremely high degree of security is available to every individual wi-fi user today, at no extra cost. Let's not spread paranoia and misinformation.