Tech Talk (03/08)
Wireless Security
by Brian K. Lewis, Ph.D.*
Member of the Sarasota Personal Computer Users Group, Inc.
Wireless security really
relates to three different topics—a wireless network, Wi-Fi
hotspots and cell phone modem wireless Internet for laptops. Each of
them has their own security problems and considerations. As each of
these systems becomes more widespread, they become more of a target for
those who want access to other people’s information. So, if you use any
of these wireless systems, the first two especially, you need to be
aware of the hazards you face and how to protect against them.
We’ll start with the wireless network (WLAN) used in
a home or small office. This usually involves a wireless router and one
or more computers connected to it. I had a small home setup with a
router and three computers, sometimes four, depending on what I was
working on at the time. I’m sure many of you have a similar setup
depending on how many members of your family use computers.
No matter what type of LAN you use, the most basic
security is always important. Never connect to the Internet with any
setup without a firewall and up to date anti-virus software on your
computer.
As I have learned, many of the methods I have
advocated in the past for protecting your wireless network don’t really
provide the protection you would expect. Two of the more common
recommendations have been filtering of the MAC address by the router and
turning off the broadcast of the SSID (service set identifier),
essentially the routers call sign. The problem is that there are a
number of software programs (sniffers) that are available, free, on the
web that will quickly pick up this information from any unencrypted
network. Then it is relatively easy for the hacker to fake the MAC
address and log on to the wireless network. Generally, the process takes
only seconds. If the network has file sharing turned on, then your
computer is completely open to the hackers roaming. As for the SSID
there are four ways that this will be broadcast even if the standard
broadcasting is turned off. Hiding the SSID makes the WLAN less user
friendly, but does not prevent a hacker from obtaining it simply through
a probe request.
The best way to protect your wireless network is by
encrypting the communications that occur between the router and the
computer. If you are still using an 802.11b router, then you may only
have access to the WEP (wired equivalent privacy) protocol which was
part of the 802.11b standard. This allowed the user to establish a 64
bit or 128 bit key in the router software. (As a side note, the secret
portion of a 64 bit key is only 40 bits and the secret portion of a 128
bit key is only 104 bits.) With a WEP established, the computer was
required to use this key to log on to the router. With WEP turned on,
each packet to be transmitted is first encrypted and then passed through
a shredding machine called RC4. One problem associated with WEP is key
management. When we enable WEP according to the wireless standard, we
need to visit each wireless device that we use and type in the proper
WEP key. If the key is compromised due to some reasons, either you have
to change the key or lose all security. However, the primary problem
with using a WEP key is that it is easily broken. There is free software
on the web that can break a 128 bit WEP key within minutes. On one
hacker web site I saw a table displaying the results from a half-dozen
different packages. They broke WEP keys in times ranging from a few
seconds to a few hours.
Don’t consider that because your house or your office
is not close to the road that you are safe from a hacker’s attention.
The antennas used by hackers in drive-by situations have a range of a
mile or more. So, if you are still using a router with WEP it is time to
consider a change. If you can’t get new firmware for your router that
supports the newer WPA standard, then a total hardware upgrade should be
considered.
Routers using the 802.11g or 11n standard have
incorporated a better security protocol referred to as WPA (Wi-Fi
protected access). Some newer routers also support WPA2, an improvement
on WPA. The easiest-to-use and most widely supported version is WPA
Personal, sometimes referred to as WPA Pre-Shared Key (PSK). To encrypt
a network with WPA-PSK you provide your router not with an encryption
key, but rather with a plain-English pass-phrase between 8 and 63
characters long. Using a technology called TKIP (for Temporal Key
Integrity Protocol), that pass-phrase, along with the network SSID, is
used to generate unique encryption keys for each wireless client. And
those encryption keys are constantly changed. This increases the
difficulty for the hacker in obtaining packets and cracking the key
before it is changed.
The problem with the pass-phrase is that most people
use short common words as the phrase. In researching this article, I
found a hacker site with a detailed method for obtaining and decrypting
WEP and WPA keys. In fact the comment on the site was that most "user"
keys are so simple that they can be cracked in seconds once the WPA
packets have been saved on the hacker’s computer. You should not use any
dictionary words in either the pass-phrase or the SSID. You should also
use a pass-phrase as long as possible – 63 characters and include
numbers, upper-lower case and punctuation such as @, #, & and *. Does
this guarantee that your network can’t be hacked? Of course not, just
that it increases the difficulty. If you make it difficult enough the
hacker will turn to a system that is easier to crack.
Now we need to consider Wi-Fi hotspots. When you take
your laptop to any location where you find free access to a Wi-Fi
system, have you thought about the security of this network? In many
urban areas local governments are trying to establish city wide
hotspots. If you don’t have to log in to one of these networks with an
encrypted password, then the network doesn’t have an adequate level of
security. Everything you transmit is "in the open". Although it is
transmitted in hex packets, these are very easily converted into plain
language. Also, can you be certain that the location you have logged
onto is the location it says it is? One of the newer techniques is that
referred to as the "evil twin". Rogue hot-spots try to resemble
legitimate locations to get users to log on. This is the latest version
of the e-mail phishing scam. Once logged on, the illegitimate site can
then record passwords, web sites and any other information transmitted
by the user. The rogue spot can even pass the user on to the legitimate
site and still have the ability to record passwords, bank account
information, credit card numbers and anything else it wishes to capture.
Just to give you one example of the extent of these
rogue hot-spots. I found a quotation from the security officer of a
university campus: "We see hundreds of rogue stations and access points
around our campus, and trying to determine which one poses a security
risk is like finding a needle in a haystack." The point is, if you use
your laptop at any of the thousands of hot-spots that provide free
access, you have no way of knowing when your information is being
stolen.
So what’s a user to do? Certainly the availability of
free Internet access is much too tempting to avoid it altogether. One
recommendation is to use VPN (virtual private network) software or
encryption software whenever you are accessing the Internet via a
hot-spot. Interestingly both the paid and free versions of the ZoneAlarm
firewall can now notify the user when connecting to a rogue hot-spot.
However, in my mind the first two choices provide more security. In
essence the VPN provides you with a private connection from your
computer through the hotspot router to the Internet. With encryption and
the security protocols, the VPN makes a very secure connection.
There is a low-cost VPN available from JiWire.com
called Hotspot Helper. Hotspot Helper’s VPN uses IPSec (a security
protocol) and encrypts data using a 128-bit AES key, but unlike many
VPNs, it doesn’t require you to enter login credentials or arcane
network parameters for access. The whole connection process is automatic
and takes anywhere from 10 to 30 seconds. Once it’s enabled, all inbound
and outbound traffic on your system travels through an encrypted tunnel,
which prevents other wireless clients from eavesdropping on your
transmissions or accessing your system via the wireless link. (Hotspot
Helper’s tray icon displays a lock icon when the VPN is enabled.). Now,
I must admit I have not used Hotspot Helper. I have just evaluated
reviews, commentaries and the company web site. Hotspot Helper is
available for a free 10 day trial. After that it is $24.95 per year. I
don’t think you can get this level of security at any lower price. Also,
since there is a free trial, you can check it out for yourself.
There is another VPN available that is free. It
doesn’t offer quite the same range of security as Hotspot Helper. You
can find it at:
http://www.anchorfree.com/downloads/hotspot-shield/
There is one other way to get secure access to the
Internet when you are on the road. That is by using a PC modem card that
connects to either the Verizon, Sprint or AT&T wireless network. These
cards, sometime referred to by Sierra’s registered name as "aircards",
provide an encrypted connection to the provider’s data network and the
Internet. In a short explanation, they use the government AES encryption
algorithm. These cards do have drawbacks. You can’t get a broadband
signal everywhere and they are not cost-free. The monthly costs range
from $50 - $80 depending on the provider and other terms.
However you use your wireless connection, be sure
that you are surfing safely. Always keep security uppermost when dealing
with wireless connections.
*Dr. Lewis is a former university and medical school professor of physiology. He has been working with personal computers for over thirty years, developing software and assembling systems. He can be reached at bwsail at yahoo.com.
Return to Brian
Lewis' Index
Return to
Columnist's Index
Copyright 2008. This article is from the
March 2008 issue of the
Sarasota PC Monitor, the official monthly publication of the Sarasota
Personal Computer Users Group, Inc., P.O. Box 15889, Sarasota, FL
34277-1889. Permission to reprint is granted only to other non-profit
computer user groups, provided proper credit is given to the author and
our publication. We would appreciate receiving a copy of the publication
the reprint appears in, please send to above address, Attn: Editor. For
further information about our group, email:
admin@spcug.org/ Web:
http://www.spcug.org/
The Sarasota Personal Computer Users Group, Inc. has 1,100+ members
and was established in 1982. We are members of the Assoc. of PC User
Groups (APCUG), the Florida Assoc. of PC Users Groups, Inc., and we are
members of the America Online Ambassador Program.
See http://www.spcug.org for all reviews from the Sarasota PC
Monitor, go to the Newsletter Section.