This article will address at a summary level the most significant security risks in the wireless computing environment. The purpose of the article is to introduce in a centralized fashion the scope of the problem and the most significant talking points on the issue of wireless security and to summarize where the industry is in addressing these problems and where it is going.
What a dry sleepy read!
I think everyone knows by know that for little money you can buy a keychain that lets you wardrive for WAP’s. Encryption – most people hardly deploy it.
When it comes to wireless, in most cases people are jumping ahead too far too fast (a bad lesson learnt from M$). If you don’t mind treading on the latest frontier for hackers, be my guest.
We have been using WPA with a passphrase. Does anyone know if this is unsafe?
Wireless is about as secure as a Virgin girl
in a prison with convicted rapist.
Some routers are very susceptible to brute force cracking. There are no protocols built in to prevent multiple logins and the WPA can eventually be cracked. WEP is the poorest excuse for encryption with WPA a second. There is a third protocol being developed and soon to be implemented on wide spread scale. That being said, if you have stuff you want secure, forget Wireless for now.
~me
A little search on google gives a lot bad news about WEP and WAP.As users still tend to choose passwords which are easy to remember WAP isn’t the relief for failure WEP.
http://www.google.de/search?hl=de&q=cracking+WPA&btnG=Google-Suche&…
A little research will show that both WPA and WEP are very easily cracked — provided you collect enough packets to inspect. Both can be cracked passively and off-line. One need only snoop a quarter to a half-million encrypted packets and store them. You can then, offline, apply a number of tools to generate the proper key in a couple of minutes.
Given that, it’s certain that anyone who wanted to crack it could with sufficient time and traffic. Home users will have less traffic and take more snooping, so you are effectively protected vs. war driving (but not your next-door neighbor).
So, VPN over WEP/WPA is probably the best.
However, in a corporate environment, the insecurity of WEP/WPA may not be the weakest link at all. Probably not, actually. Employees, contractors, plain-text password transmission, open live ports in a empty conference rooms, patent drafts sitting on your desk for the cleaning cre to review, etc. The mind boggles.