Wireless networks that use a popular form of security known as Wi-Fi Protected Access (WPA) are vulnerable to an attack that could compromise certain communications in less than 15 minutes, two researchers plan to tell attendees next week at the PacSec 2008 conference in Tokyo. Martin Beck and Erik Tews - two graduate students …
When I was recently asked ...
... by a colleague regarding network setup, he wanted advice on security, particularly wireless.
My response was: If you think someone actually wants your data, as opposed to the casual bandwidth thief or other opportunist, then FFS, don't use wi-fi ... at all. And it might be a good idea to stay off the Internet altogether.
Personally, I blame Microsoft. No reason - I just don't like them.
what about non-TKIP WPA?
Is there any reason at this point not to be using AES, given that most recent, and some not-so-recent chipsets and WAPs support it? Certainly most of the later (such as WRT54 et cetera) blue Linksys kit supports AES, despite it not being specifically listed as WPA2 in the setup (you simply select AES over TKIP. I guess this is because the WPA2 interoperability standard, 802.11i, wasn't finalised at this point). Ballache for lusers who don't understand the TLA soup, but those of us in charge of networks transporting anything more sensitive than Myspace Mary and her laptop on a Homehub have no excuse to be using TKIP any more. In fact, we really shouldn't be using pre-shared keys either, with or without AES.
Bottom line: As Dragos Ruiu points out, if TKIP is vulnerable, even in such a limited way as this 'sploit demonstrates, ditch it. AES, AKA Rijndael, is still unbroken, resistant to cypher text analysis and more robust than TKIP/MIC. XP (both Home and Pro), Vasti, Linux, BSD (using wpa_supplicant) and MacOS support 802.11i encryption.
Besides, WPA/TKIP was a stopgap from the start, a snapshot of 802.11i while the WiFi Alliance got their arses into gear.
which apple products? my airport extreme supports wpa2 just fine?
Most devices work with AES
The PSP is the only one I can think of that doesn't support AES (but then it's an old device.. there's the new 'slim' version now that may do). I've got an old 11b hub that doesn't but haven't used that in years.
Total Information Awareness 42 InterNetwork Networks of the Seventh Happiness aka Shangri La Heaven
"And it might be a good idea to stay off the Internet altogether." ... By Anonymous Coward Posted Saturday 8th November 2008 13:34 GMT
The Soundest of Advice if you want Total Information Communication Security. In CyberSpace is Everything Transparent in TIA.
And it would be UnWise to Imagine that as an Answer whenever IT just Opens Portals ..... Heavens' Doors.. Can you Imagine what you See is Real and Create ITs Being? MeThinks that is a Gift4Giving2All
For most home users, what security they use for Wi-Fi is the same as the default security protocol on their router. Netgear used to be infamous for having no encryption whatsoever, so anyone in the neighbourhood of a Netgear wireless router could hop on the poor pleb's network...
As for me, I use WPA2 (AES encryption), with a 256 bit PSK (courtesy of GRC's "Ultra High Security Password Generator") and MAC address filtering. I've experimented with not broadcasting my SSID, but Vista gets unhappy if I try that...
Jolly Roger, 'cause it seems rather appropriate in the light of plebs with unsecured (or lightly secured) WiFi...
....do it without cables....
Let's hound the Barcode Scanner Manufacturers
The problem here is that most corporate wifi is used in the industrial context, running barcode scanners. Unfortunately most handheld barcode scanners use an old implementation of Windows CE that doesn't support WPA2. In fact, I know some scanners in operation that only support WEP. And neither of the units support upgrades (manufacturers want you to spend megabucks to replace handsets) Suffice to say that in a corporate environment Wifi should be firewalled off from the network at a minimum. I'm getting to the point where in some locations I just want to unplug it now.
What about filtering ?
My Wifi home port uses MAC address filtering on top of the WPA protocol-thingy.
I would think that it would prevent any sort of "guessing" of the key from any MAC address that is not authorized, wouldn't it ?
We've been looking at our wireless security, as we use WPA/TKIP.
The problem we have with WPA2 is that you cannot configure it in group policy unless you have a Vista or WS08 machine to open the GPO with. Not a problem here but our corporate office and other sites don't have this yet, and will not setup a Vista workstation purely for the management of one GPO.
RE: The broadcasting comment, not broadcasting is security through obscurity, which IMO is not security at all. Your actually better off broadcasting as your clients would give away the network anyway, as they sit there continually checking to see if the network is there.
Re: What about filtering?
Have you any idea how easy it is in a half-decent OS to clone a MAC address? ifconfig ath0 link 00:0f:de:ad:be:ef will do just nicely and that MAC address can be picked up rather easily using any decent wireless surveying software. MAC filtering is useless against an attacker with even skiddie levels of clue.
The ideal at the moment, if you really must use wireless, is WPA2-EAP running IPSEC over the link once associated, with "required" in your SPD for all localnet hosts, wired or wireless. Much extra load on your network stack and software crypto (unless you're a lucky sod with either a hardware cryptodev or a Via C7), but it's about as secure as it gets for now; even if they burst your wireless femidom, they still have the IPSEC dutch cap to worry about.
Here's a radical idea: If it's that sensitive a network, don't connect an AP to it. If you think of it as leaving a stray cable, plugged into your core switch, lying on the car-park for any old munchkin to connect to his OLPC*, you'll not go far wrong.
* Do OLPCs have a wired port? I must confess I really don't know.
Attack against WPA+TKIP is not comprehensive
I will say, that word sequence "Crack WPA" is very loudly...
This is a TKIP flaw... and Tews-Becker attack is based on old fashioned Korek's chopchop inductive packet guess idea. Idea is realized in aircrack-ng -4 tool against WEP (DWEP) an is very impressive: don't look for encryption key itself, find out short keystream to perform packet injectiion with arp(icmp) packets afterward.
TKIP utilize RC4 encryption with MIC(michael) packet integrity. In WEP case, if inductive guess is correct, AP answer is positve, in TKIP case, if packet guess is correct, but MIC fails, AP respond with: wait a 1 minute.
And so, there are 14 unknown arp packet bytes - MIC 8bytes, ICV 4 bytes and 2 last bytes from ip packet source and destination adreses ( ex. 192.168.1.X)and less than 15 minutes need to discover full arp packet.
Attack is very limited and employed in DoS attacks with arpd(dns, icmp ) packet injection.
Recommendation: move to WPA2 + CCMP