OCDProgrammer.com

It's Microsoft's World, and I'm just living in it
View Clarence Klopfstein's profile on LinkedIn

Clarence Klopfstein's Facebook profile

This site is under construction...

Categories

New Comments

Referring Sites


Disclaimer

  • This is MY blog. The views represented here are not in relation to anybody else. Please read my full disclaimer for a more complete disclaimer.

Wireless Security

December 17, 2007 03:00 by ckincincy

A few weeks ago I was watching a news report about how WEP security sucked.  How easily it was hacked and such.  Well WEP was my main security process on my home network. 

So I figured I needed to change my settings a bit.  Change my wireless router to use WPA (AES) Pre-shared key, then had to figure out how to make my wireless router work on it as well, in the past I've tried to do this but couldn't figure out how to setup the Windows Wireless network manager to use this new setup.

Figured that out after a little bit of work.  Basically had to change my Network Authentication to WPA-PSK, Data encryption to AES and then enter my predefined network Key.  And it worked, I am now setup so my network is WPA based AND Mac address filtered.

I'm certainly not a network guru, but that should hold for a while on making sure my network is safe. 


Comments

December 17. 2007 09:35

While WPA2 - PSK is better than WEP it still depends on the length of the PSK and keeping the PSK confidential.  You should be sure to have a PSK of at least 10 characters...

For even more protection (assuming you have a Windows Server running all the time) is to use WPA2 Enterprise.  You can configure the included IAS services (Microsoft's Radius Service) to authenticate your users using a simple username and password.  If you don't have a Windows Server available then keep an eye on www.TekRadius.com for an upcoming release (due by the end of December) that will run on Windows XP/Vista and support WPA2 Enterprise authentication.

Questions?  Drop me a line (http://www.dscoduc.com/contact.aspx) and I will be happy to help!

Chris |

December 17. 2007 10:05

I was hoping you'd chime in, as I knew you were working on this.  So is www.TekRadius.com your service you were emailing me about?

I have another wireless post in the queue, please comment on that when it shows if you have something to offer.

And my key is just a tad longer (by a tad... I mean a LOT) than 10 characters.  And it would be hard to hack via a dictionary attack.

Plus I have a MAC filter on it, so if somebody is still able to hack in... more power to them!

ckincincy |

December 17. 2007 10:48

The TekRadius product is the Radius services I will be using for the authentication method (I started with Windows IAS Services but it only provides for NT security objects for authentication), but the solution will be entirely web driven.

As for the dictionary attack, that's not what you have to worry about.  Anytime you use a static key it is possible to reverse engineer the key.  That's how WEP was defeated, and how WPA2 PSK will eventually be defeated as computers get faster and faster.  The difference with WPA2 Enterprise is that the password is encrypted using CHAPv2 and sent with PEAP, making reverse engineering virtually impossible.

The other problem with PSK is that you have to share it with other people that you want to allow use of your wireless.  Sometimes difficult to remember (you used a complex PSK didn't you?) and then added to multiple machines (more opportunity for the PSK to be seen).

Anywho, I will be posting in my blog when I get my solution working...  In the mean time if you have any questions feel free to contact me (this topic is more inline with what I do everyday for a living).

Cheers!

Chris |

Comments are closed