Written By: Donovan Hoare,
Director ATS All Technology Solutions.
Wireless Technology has been around for years, It’s in every office, built into every laptop and cellphone, most restaurants and malls even have free wifi you can join. Wireless has only improved, this is not an article about technical details. If you want that Google or duckduckgo (If you like privacy) wireless standards.
This article is to see if wireless is a good thing and more importantly is it safe and worth the risk.
So I grew up in a time long before wireless, ok I’m not that old, but my first LAN gaming sessions were over RS232, then token ring Coaxial networks running IPX/SPX. There was no such thing as the internet. At least not for the average joe soap on the street.
It was a much simpler time. No hacking, no viruses and no internet.
In those days I got my first one-gigabyte hard drive and my friends and I couldn’t comprehend how we could fill it.
If you told us then, that we will be able to run 150 megabits network over the air “No cables” We would have laughed and said where is my hoverboard. However, it is not only here, it is in the average household.
So to answer, is it awesome? The answer is yes. Go home take out your laptop and work on the internet from anywhere in your house. Yes, it’s awesome. Go to a meeting in a coffee shop and arrive a little early, work from there.
As far as wireless in the business, “my opinion” It has problems. I always recommend cable networks over wireless. There are a lot of technical reasons which are beyond the scope of this article.
So now we know it is awesome, but is it safe and worth the risk. The answer is YES IF.
The IF is the main question here.
The Security Risk
Wireless has three default security options “Here we get a bit more technical” WEP, WPA, WPA2.
WEP is NOT secure, do not use it, do not connect to a network that does use it, WPA is more secure but preferably leave it be.
All wireless access points, routers, modems have had WPA2 built in.
As far as WPA2 security goes, it is good, you can’t decrypt the password on the fly. But it has a flaw.
I’m going to write this in as much as layman’s terms allow me.
WPA2 works by your wireless device connecting to the access point (router, modem etc) they do a connection handshake. The wireless device connects to the access point and supplies its password to the modem, the modem then replies with a success or failure, if successful there is a “handshake” in the background. Yes, this does seems like a secure method of access, but there is a flaw.
What if I told you that I as a penetration tester or someone of disrepute like a hacker can capture the handshake and take it home. Not only that we can capture your handshake from our cellphones. All we need is you to make the connection.
So you want to know how does that help.
This is where phase two begins, we can be in our office and give “your key” to our servers and our servers will try password combinations on your handshake until your handshake tells our server this is correct. In hacking, this is known as a Bruteforce Attack.
Now depending on your password, this can take days, weeks or even months to brute force, and this is where the security risk with WPA2 resides.
Once your “IT guy” or yourself has completed configuration on your access point, how often do you change it? The normal answer from my average client or security test after a breach is “NEVER”. So if I can crack any password in months and you never change your password. It’s a no-brainer. I can get a 100% success rate on hacking your network
(Yes there are ways to detect if someone is on your network but this article is for average companies and home users using low level IT personnel for their company security, not fortune 500 Companies).
But the main protection is to choose a decent password 16 characters with Upper case, Lower case, Numbers And Special Characters. Please don’t choose a word, with the number one after it. donovan1 is not a good password, rather use a password generator like http://passwordsgenerator.net/ and end up with the following password: Aj#F^PC@5nDdad&)
Can the above be hacked? the answer is yes, it will take well over a month to even months on an average machine.
The next step is to change your password monthly.
This will then make the hacker decide is the time worth the resources for the reward. Remember all you have to be is stronger than an easier target and they move on.
So in conclusion wireless is perfectly safe, its the users and IT staff that are not.
So with a disclaimer, this is not the only way to protect yourself, as a penetration tester there are a lot of ways to get hacked. Just remember to be safe.
Should you wish to find out more about ATS services in handling your IT infrastructure or doing penetration testing to see your current status please click here. Contact US