So, here is a question for the SysAdmins here:

What are you guys/girls using for security when you are implementing Wireless APs into your LAN/WAN?

Is there anything that will keep these at least modestly secure? On a Windows LAN?

Is WEP/WPA as unstable for you as it is for us? Or am I just doing something seriously wrong?

SP

On my Linksys 802.11GS I have the reverse MAC address feature enabled (if you're not on the list you better learn to spoof) as well as I'm using a 128bit WEP key (I was using TKIP but my wife's PDA wasn't compatable).

So someone sniffs the network for a while, WEP is an easy one to crack, gets the mac address and then wouldnt it be as simple as changing their own mac after that? With wireless stuff you can change your mac every minute of the day if you wanted to...

All I think they need is a laptop with Linux and Kismet installed. Unless I am wrong every self respecting script kiddie has access to those...

SP

Wep is easy enough to crack; the mac address filter theid have to find the mac address and then clone it to get in. But other than that you have the point. I much prefer TKIP although it can drop a lot of wireless packets so it can suck

I dunno for sure, but isnt the mac address sent in the packets somewhere?

That would be what I would assume anyway... I will have to look into how to find the mac address I think.

SP

mac's are in the layer two headers, they are part of every frame.

Thanks Infinite for the confirmation.

In any case, this essentially makes wireless utterly insecure (on a windows machine) without going to (what seems to be overboard) a radius server or some other form of encryption/authentication.

My current plan at the moment is to make it invisible (not broadcasting SSID), to which the obvious bypass is kismet (deciphering the presence of a network based on the packets) but then since I know some guy is going to be driving up to the side of our building with a laptop with kismet on it looking for things like this, the next step would be installing linux on a workstation with a wireless card and kismet and scanning/monitoring from there.

I dont know the full extent of Kismets tools base but I am hoping at least for a bit of a heads up to people attempting to or making connection to the network.

Anyways, that is what I am hoping!

Joe

Kismet alone will not get you into anything. It's merely a wireless network monitoring tool. If you want to break WEP then you need something like snort as well. Snort uses the inherrent weakness in the WEP standard to discover the key. To do so you on average need to collect around 10 million packets. on a 100Mbps network that could possibly take hours.

See the thing you need to really consider is are you really that precious of a target that someone is gonna hang outside of your place, unnoticed, for hours on end just so they can have a chance to get into your [censored]? If you are out there pissing people off this much then I suggest you get yourself some sort of attitude adjustment instead of beefing up your wifi security. Being nicer to people will protect you better in the long run

Having said that, things like eap authentication and TKIP can greatly increase your defenses. I've done a lot of wardriving and pen testing of AP's, and have found that, for example, a cisco aironet with LEAP and TKIP enabled is for all intents and purposes inpenetrable (at lest from an 802.11 standpoint).

Also you can look into WPA, the sucessor to WEP. It has as well been proven flawed, but still offers greater security that WEP ever did.

Infinite