You're Not As Secure As You Think… Except Maybe On Wireless Networks
from the myths dept
Stories that list out the top (insert random number here) myths about security seem to come out every other week or so. However, this latest one from Information Week is somewhat amusing in that it’s basically a list of items saying you’re not nearly as secure as you think you are, but then the last point basically says: except if you’re on a wireless network. Apparently, the idea that wireless networks are insecure has been so drilled into so many minds that many people ignore the fact that you can be pretty secure on a wireless network if you know what you’re doing.
Comments on “You're Not As Secure As You Think… Except Maybe On Wireless Networks”
Need to Understand Wireless
Wireless security is much more than WEP. Turning WPA-PSK (Shared Key) is just as bad as WEP. Since the user is going to use a small passpharse that can easily be broken. Also makes a big deal about MITM, yet fails to mention that as an issue with Wireless. His article is right on the other points, guess his editor did not want an all negative article. We seen this before from Analyist, and publications. Wireless is not as bad as people are saying. Yea, its WORST!
Say what?
Wireless networks use radio waves… how is broadcasting your data over the air more secure then through a wire?
It’s the difference between a walky-talky and telephone.
Re: Say what?
Are you running any encryption on that wired network of yours? I thought not.
read it again
“As long as you know what you are doing”
did you not read this? if you encrypt your wireless, and block the things you need to block, its more secure than wired, mainly because wired does not have as many security features as wireless, becasue people think that it IS safe, and wireless is NOT, but id say its the opposite becasue of the hype.
Re: read it again
You can crack anything with enough time – wireless is easily cracked because it’s right there in the air. And if you apply “As long as you know what you are doing” on wired networks – it’s far more secure (ie. fiber cables, network tunneling, user authenthication [biometrics or smarcards] data encryption, intrusion detection, proper network management and just to name a few tricks). That network consultant guy – he’s on crack – suggesting that wireless is more secured or IPv6 is bulletproof.
Re: Re: read it again
Heh. The point of the article wasn’t that wireless networks are completely secure. Everyone knows they’re not… but to counter the argument that they’re automatically not secure and dangerous to use.
Re: Re: Re: read it again
Ok I see now, I was thinking more about home use; wasn’t considering a large building. Yea, someone could splice in and collect the packets. But they can just get to the wireless router or the CAT cables and do that too. But really it would be a hell of a lot easyier to sit out in a car and collet a few million packets and just crack it.
Re: read it again
Wired is fine as long as you use good WEP and its not financial/goverment/enterprise class data xfers
Re: read it again
Wireless is fine as long as you use good WEP and its not financial/goverment/enterprise class data xfers
No Subject Given
I would NOT rely on WEP encryption. It can be broken within a half hour or less using two laptops with the right software. I ran WEP on my network for a while thinking it as very secure… then I did some research and learned just how vulnerable I was.
You’re much better off using WPA since the key changes often enough to keep anyone from being able to figure it out. Unfortunately, not all wireless adapters support it. The standard IBM T42 laptop being one of them.
If all you have for encryption is WEP I’d suggest, MAC Address filtering, non-broadcast SSID, turning it off when not in use, and setting up a honeypot (an un-encrypted wireless router that is standalone and not connected to the Internet… to help slow most “war-drivers” down).
The biggest mistake you can make is thinking no one in your neighborhood is “tech savvy” enough to hop on your network. Not only can you not know that for sure… but war driving is becoming a popular hobby for a lot of people.
Re: No Subject Given
Don’t forget turn off DHCP and also change the channels. With different channels having different strengths, a lot of people overlook the fact that you want the wireless to be in the range of where
you are, but not past it.
Also.. I have seen countless number of people take those precautions BUT not change the default settings for the SSID and password <shakes her head>
As for if you have to use WEP.. unfortunately a lot of people still do. Netgear, Linksys, D-Link and others who did not have WPA on their firmware (or compatibility on the NIC) a few years ago…
There are still people running the same WAPS. Heck there are still some that don’t even care if it is unsecured.. and do not understand why.
I had to do demonstrations to teach how to install wireless a couple of years ago.. and I also did many installs.
Some may call it cheesy, but I made a flash video of some of it one night when I was bored.
http://www.girlgeekette.net/2005/09/04/wireless-networking-the-wifi-movie/
I even have some posts on the subjects on wireless from experiences I have seen and researched / taught
http://www.girlgeekette.net/category/wireless-info/
No Subject Given
wireless is not safe…..wire is not safe…..
the internet is not safe…..there is no such thing as secure………….i run 2 servers….& im not safe….these damn kids these days hack everything they see……….
lol
Anyone with a little know-how of wireless networks with a wireless capable laptop and a linux live CD (take your pick of the hundreds out there) could crack any level of encryption there is out there on WiFi access points. This even includes the latest WPA with either username athentication and sercure certificate. And as for MAC filtering… spoofing a MAC address is one of the oldest tricks there is. The most secure computer there is is the one that is unplugged.
Re: lol
You are wrong.
You are all missing the point here
“You’re Not As Secure As You Think… Except Maybe On Wireless Networks” – The title says it all… On a wired network, there is a sense of security… which is falsely placed. Hence a wired network is not as secure as you “THINK” it is.
On the other hand, for wireless, it is taken for granted that the network is not secure, and hence it is as secure as you “THINK” it is.
Re: You are all missing the point here
Thank you! If people did not already have it in their mind that wireless was NOT secure… then it would not be as secure as they “thought” it was… hence they think it is not secure and they are right, it is NOT… being where they get it is as secure as they think it is. (love that play on words! .. its like trying to figure out triple and quardruple negatives with fuzzy logic)
(For the most part that is.. I have to agree there ARE ways to lock it down good and have it MORE secure than most believe it is(n’t), but it will never have the security that wired does.)
No Subject Given
Geez man it ain’t rocket science: enable strong encryption and MAC filtering and you can feel pretty good about your wireless network.
Re: No Subject Given
MAC filtering – it is easier to spoof a MAC than using Wepcrack to crack wep… its just s key change in teh regiatry or ifconfig in linux.
And when reading packets, its not hard to find the MAC address to spoof or the ip scheme used..
it is not exactly the best defense around.
Re: Re: No Subject Given
It’s not about being 100% secure, it’s about making it difficult for people to break into your system. Yes, MAC address can be spoofed. Yes, WEP can be cracked. But if you have two wireless networks in range with similar signal strengths, and network A is not broadcasting SSID, uses MAC filtering, uses 128 WEP and manually assigns an IP while network B is set at “out-the-box” settings, which one are you going to tap in to?
Re: Re: Re: No Subject Given
Depends on who you are. There are pleanty who would purposely crack the WEP and MAC filtered one just to show how unsecure it is. Out of the box is no challenge.
WPA.. now that is a different story. Especially combined with MAC filtering, no ssid broadcast, change the defaults, change channels to reduce the signal strenth, disabling dhcp, etc.. That is the one to use to make it “more” secure.
The whole point of the article anyway was to show that people realize how insecure wireless.
WEP and WPA both suck
Run IPSec ontop and then and only then are you truely secure.