Hi all,
As a bit of a test yesterday myself and James decided to do some testing on our test router in the office...
We were using a freely distributed linux distro and a Macbook pro running the distro. We decided to see if it were possible to acquire the wep key on the router and how long it would take.
After running the software for about 4 minutes (1 minute setting up the driver and starting the scan, 1 minute to handshake with the router, 1 minute to inject and about 30 seconds of cracking) we managed to get our routers 64bit wep key.
I tested at home on my router with a 128bit key and broke that in 23 minutes...
Of course if anyone is dedicated they will get your key, although to help with this threat we suggest, if your hardware supports it, to use WPA/WPA2. This takes much longer and is much more difficult. We have tested trying to grab our WPA2 key, and currently, unable to actually get this.
This may be a little be a little scaremongering but, if anyone is using a 64bit key I highly suggest you change to using WPA, or at least 128bit wep.
Of course I will not be giving details, or guides out of how I did it, but I will answer any questions.
Also ADSL24 do not condone the breaking of any secured system. We were doing it in a controlled environment, on our own hardware to test the positives and negatives of each security protocol.

Hi James

Thanks for posting this prompt, for everyone to look at their security settings. As the family 'techie', I usually get called upon to set up wireless routers and such like. I've never used WEP since WPA became available.

But why bother with any security? Whether at our own home, or at other folks, I frequently find networks with no security at all.

If you have to use WEP, and many devices will only support that such as a Nintendo DS, there are a couple of things you can do such as hide the SSID and do some MAC filtering. These will only make cracking WEP about 10 seconds longer for someone determined, but will deter the casual person. My advice is to only run WEP when you need it and keep an eye on your logs.

If you are running your access point on a *nix PC with squid, why not obfuscate the output with upside-down-ternet ( http://www.ex-parrot.com/pete/upside-down-ternet.html )

Hi Kenneth,
Security is always a good measure to have. For example, you have an unsecured wireless network. I could, not saying that I am a malicious person of anything, falsify my mac address, and download any illegal content I wanted. I don't think it would be a very nice experience to have the police knocking on your door blaming you for downloading such material, should your router have logging, it will look like it came from a trusted mac address on the network. With an unsecured network there is a chance that people would leave the default router password on, I have actually seen this. If this is the case a piece of modified firmware could easily record all keystrokes thus leading to passwords for email and bank details.
If people use no security, you may as well give your bank details to the first person you see, as by running an unsecured network you are basically giving them away.
With more and more people using a form of high speed internet, laptops and wireless, with bandwidth allowances going up and up I do feel that people should be aware that they need to secure their systems the best they can.
128bit WEP should be fine for any average home user. 64bit should not be used, it is far too easy to break, even for anyone with 1/2 ounce of interest in *nix based OS.
Security is also not a hard thing to implement, it takes a few minutes and it provides peace of mind. An ideal solution is WPA2 16 digit PSK key, hidden SSID, MAC address filtering, router admin password changed and also regular key changes.
Although the most secure network is one that is unplugged. No network will ever be totally secure, but we can make it much harder to get into...

James

Hi James

Just want to make clear, my 'Why bother' question was rhetorical, and cynical.

I'm convinced we should do all we can to make our networks as secure as possible. It just amazes me that so many people just don't get it!

Haha, whoops :)

I agree totally on the second point :)

Hi JamesL

I have done this test as well for work as we use scanners on a wireless network to pick stock and i dont recommend wpa as we cracked this in 5 minutes, wpa is easier to crack than wpa as all you need is one handshake and you have all the info you need in a IV file, the password is cracked bu a dictionary file that is freely available on the internet, one recomendation if you use wpa make a passphrase up that has capiatals numbers and symbols in it.

Hi JamesL

I have done this test as well for work as we use scanners on a wireless network to pick stock and i dont recommend wpa as we cracked this in 5 minutes, wpa is easier to crack than wpa as all you need is one handshake and you have all the info you need in a IV file, the password is cracked bu a dictionary file that is freely available on the internet, one recomendation if you use wpa make a passphrase up that has capiatals numbers and symbols in it.
Indeed, any good password should be a mixture of numbers and letters and not be a dictionary word.
WPA in 5 minutes, very impressive. Was it WPA or WPA2?

im using WPA-PSK. How do i get into the security settings of either the WEP or WPA as I connect to my router via an adapter using XP. I wanna change my password for WPA but cant find it on the XP settings.

I went to control panel, and then network connections, right clicked my wireless connection and I can litrally only change it to different WPA settings, theres no option for WEP (i dont want wep but id like to know the option of how to change it back).

im using WPA-PSK. How do i get into the security settings of either the WEP or WPA as I connect to my router via an adapter using XP. I wanna change my password for WPA but cant find it on the XP settings.

I went to control panel, and then network connections, right clicked my wireless connection and I can litrally only change it to different WPA settings, theres no option for WEP (i dont want wep but id like to know the option of how to change it back).
You are already on WPA. As long as you are not using a dictionary word like...."potato" you should be fine.
The best way is to mash the keyboard and use something like: h349FHhnyUE3489. This cannot be bruteforced and is also near impossible to guess :).

James

but how do i change my password?

Should be in your router configuration page...once that is changed make a note of it and place it in your wireless control panel. Easiest way is to ethernet in, make the change, pull the ethernet and see if it works. if not, try again with the ethernet and plug the machine back into the router.....

yeah i can change that, but then i lose connection because in my wireless settings in XP somewhere, the password to connect to the router doesnt match anymore.

my router is in another room, and i connect to it via an adapter.

I tend to use a 63 char wpa-psk key for wireless (no wpa2 support), and I change it about once every 3 months.

Its a randomly (well technically psuedo-random) generated ASCII 'one-time pad' cypher which should remain unbreakable for the foreseeable future.

I think current estimates are that it will be 20+ years before these keys can be cracked, at least by brute force attacks. Someone could alway find some kind of crib that has been overlooked I guess, but I think that the largest threat to computer security are social engineering techniques - as the biggest flaw in any security system is always going to the human in the middle. ;)

@fishstar

how are you connecting to the adapter? a separate driver or are you just using the windows wireless networking drivers?
[obviously I am assuming that your not a OSX or Linux user here :)]

If your using a separate manufacturer driver for your wireless adapter, then you should just need to select an option from its icon in the taskbar or through an option [in the relevant program group] in the start menu.

If using the windows built-in drivers then you should have to just disconnect the wireless (i.e by removing the adapter) and then re-connect, at which point you should be prompted to re-enter the wireless key.

If your still having problems then post the make/model of your wireless adapter and the OS that you are using, and either myself or someone else can lookup the adapters manual and point you in the right direction.

hope that helps :)

And of course the classic password on a post-it note stuck on the monitor :)

And of course the classic password on a post-it note stuck on the monitor

Well ppl always like to pick something fairly simple for them to remember, and if its too complicated ppl tend to write it down or think up a rhyme or some such to remember it and that can be exploited by social engineering.

I read an article a few months back, think it may have been on theregister, where a very simple technique was used to get loads of corporate passwords from people. Basically a group of attractive women were let loose at some tech expo and had a list of quite leading questions to ask the (mostly male) attendees .. they were able to gain enough information to either figure out the mostly likely passwords or in some cases were out rightly given passwords by the people they interviewed :D

its fine now thanks.

XP requires a patch for WPA2, and you need Genuine (dis)advantage to verify it.

I use WPA2-PSK with AES encryption which I believe has yet to be cracked.

wireless networking is such a pain in the ass, that 9 times in 10, your better off without it.

unfortunately, i have the need to have some wireless networking, and one of my security measures is a 'extra' wireless adaptor.... a very old 11b one.. the security on it is set a little less stringent than therest of the network, and the wireless adaptor is connected direct to a old 400Mhz celeron box.... running windows 2000 server, running a web server and email server..... nothing on it relates to any of my business, and had no value what so ever....

up to now, after checking firewall logs, and other system logs, none of the more secure wireless acces points have been touched, but the so called weakend route has had several attacks, all pritty much un-sucsessful....

Genuine crackers will always go for the easy route.... and if they fail, they dont bother with the more secure points of entry, unless they are particularly targeting you....

most hacks come from little kiddies who downloaded a HacK3r$ hANd800k from limewire or somthing, and do not have much more skill than doing a port scan and attempt to connect via telnet to any open ports....

A good place for unique passwords is www.grc.com/passwords/

If you are remotely interested in IT security from a laymans point of view then I can highly recommend Steve Gibsons "Security Now" podcasts. These are suitable for the complete novice right through to IT security professionals.

http://www.twit.tv/sn

I expect many of you have had cars so a past number plate is a useful choice that you may be able to remember like F763DTL not likely to be guessed. Don't use your present car though :)

I tend to use a 63 char wpa-psk key for wireless (no wpa2 support), and I change it about once every 3 months.

Its a randomly (well technically psuedo-random) generated ASCII 'one-time pad' cypher which should remain unbreakable for the foreseeable future.

I think current estimates are that it will be 20+ years before these keys can be cracked, at least by brute force attacks. Someone could alway find some kind of crib that has been overlooked I guess, but I think that the largest threat to computer security are social engineering techniques - as the biggest flaw in any security system is always going to the human in the middle. ;)


Bang on!