basic infos about wireless-security?

yesterday was the day I was fearing for years now: i could not avoid
setting up a wireless lan any more.
Well, everything worked out fine, but I didnt feel good about it, cause
I didnt have any clue about security.
I finally configured a 128-bit WEP-key but I read securityfocus and know
about cryptoanalysistools like aircrack and methods how to generate
traffic to crack such a key within a few minutes.
Yesterday and today I was googling around the world to learn about
improvements, client-authentication-methods and so on.
But still I feel like a frog in the mud and dont know much about all
this and cant find any recent info.
The wireless-LAN-howto on TLDP is from 2002, the 3com-security-guide
talks about, how secure a 256-bit WEP-key is and so on.
Netgear offers a MAC-based authentication in his accesspoints and tells
that MAC-adresses are not fakeable (which is not what I know from
cable-based NICs) and some papers talks about new WPA-PSK methods but I
even dont know if this is older or newer than WEP.

In about three weeks I'll setup a WLAN in my office and I'd like it to
be as simple as possible but very secure. I guess there is no way around
some VPN for the clients to protect the inner network and this is
fairly easy (with pptp or ssh) and ok.

But what is with client-authentication?

I want to be sure that noone unauthorized will use my
internet-connection, but it should be possible for visitors to use my
WLAN to read their mails by entering a passphrase or a key but without
me needing to reconfigure the accesspoint.

Is there any recent article/paper/HowTO on how to setup a secure and
useable WLAN, that explains the benefit of SSID (some articels say,
thats like a password, others say that this is very easy to crack).

I feel quite lost and I am really suprised that such a widespread
technology is so mysterious when it comes to security. The manuals for
the router I installed yesterday (D-Link) is a joke. It doesnt even
recommend using any security and default-settings is "no encryption" and
"open access". I looked the manual for WEP, but only found it on the
edge of a screenshot of their configuration-mask.

And what the rumours about new techniques available in the near future,
using rotating keys and AES-encryption. Is this something I should think
about when buying an Acesspoint now? Or is this some far future?


any insight and any link to some useful information is highly appretiated,
thnx,
peter



--
http://www.goldfisch.at/know_list

peter pilsl <(E-Mail Removed)> wrote:
>
> yesterday was the day I was fearing for years now: i could not avoid
> setting up a wireless lan any more.

Here's the quickie tutorial:

WEP: Bad. Based on a single static preshared key, the WEP algorithm contains
fundamental flaws that allow attackers to figure out the WEP key by capturing
enough traffic. It's not uncommon for this to take as little as 30 minutes.

WPA/WPA2: Since WEP was so bad, work was started on a new standard, 802.11i.
Attacks developed faster than the new standard, though, so the really important
bits of it were released as WPA. It uses a whole heirarchy of rotating keys,
making a) it virtually impossible to crack the keys in the same way as with
WEP, and b) a given key usefull only for a limited time until new keys are
rotated in.

WEP uses the RC4 encryption algorithm. 802.11i was written with new hardware
in mind, so it specifies the new AES encryption algorithm. Since only newer
hardware has this, WPA uses what is called TKIP, which is just a new way of
using the RC4 algorithm in a more secure fashion.

MAC authentication is pretty trivial to overcome, since nearly all drivers
allow you to specify the MAC address to use. The management portions of all
wireless frames are unencrypted, so it's trivial to listen for a valid MAC.

WPA "Enterprise" uses 802.1x to perform authentication and generate master
session keys dynamically. Unless you really want to set up a radius server
and an authentication scheme to provide this, you're probably better off
picking a reasonably secure passphrase and using WPA-PSK. This does use a
static shared secret, but it can be a handfull of words, making it easier to
remember than a 104 bit WEP key, and the vastly improved TKIP algorithm means
that it is infinitely safer.

This should give you enough of a framework to google for any other details
you're interested in.

--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC

peter pilsl wrote:
>
> yesterday was the day I was fearing for years now: i could not avoid
> setting up a wireless lan any more.

[...]

Please do share any info you may get through e-mail -- I'm also
very interested in the subject, although I'm lucky enough that
such day hasn't arrived yet for me :-)

From what I read in www.howstuffworks.com (moderately technical
articles -- addressed to the average Joe), they talk about WEP
as a mechanism in which you have to *manually* enter encryption
keys for each access point (plus the "hub", IIRC). This sounds
to me like the acronym suggests: Wired Equivalent privacy -- if
the encryption key is 128 or 256-bit with an algorithm considered
"unbreakable" for the current standards (such as AES, or 3DES,
etc.), then that sounds pretty convincing to me.

Then again, I can not tell for sure -- I've never read any
detailed technical info on it, or set up one myself; so, I can
only guess.

I'm thinking about one possible problem -- if the encryption
key that you use is for a symmetric algorithm, and that is the
same key that it's *always* used, perhaps that might lead to
possible attacks to recover the key? (again, I'm not sure if
that is the case -- perhaps the keys that they talk about are
public-private keypairs and session keys are generated at
random and negotiated upon connection?)

Carlos
--

Carlos Moreno <(E-Mail Removed)> wrote:
> I'm thinking about one possible problem -- if the encryption key that you use
> is for a symmetric algorithm, and that is the same key that it's *always*
> used, perhaps that might lead to possible attacks to recover the key?

Yes, and it has. Current tools like airsnort can determine the WEP key based
on traffic analysis, sometimes as quickly as 30 minutes depending on traffic
levels.

> (again, I'm not sure if that is the case -- perhaps the keys that they talk
> about are public-private keypairs and session keys are generated at random
> and negotiated upon connection?)

This is more like what happens with WPA and WPA2 networks. The master keys
(either generated on the fly as part of the 802.1x auth process, or typed in as
pre-shared auth phrases) are used to generate a whole heirarchy of keys, with
different ones used for authentication, unicast, broadcast, etc. This, plus
the fact that the keys are periodically regenerated, makes recovering the
master key virtually impmossible.

--
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC