Wireless Insecurity a Given
A few days ago, I found a great article on Techdirt
that I really loved. "You’re Not As Secure As You Think… Except Maybe On Wireless Networks " does a great job of showing an example of how most people believe that wireless networks are insecure by nature, therefore, if the general population believes that, then they are in essence as secure as they believe they are. From all the work with wireless that I have done, I can fully agree with the way this article is presented.
Out of the box, wireless networks are extremely vulnerable and insecure. Through recent studies I have done, I can conclude that over 50% of Wireless Access Points (WAPs) are left with no security enabled - not even MAC address filtering or any type of encryption - WEP or WPA. WEP has been crackable now for a few years using programs like WEPcrack. MAC address spoofing is also easily done by using ifconfig in *nix and a simple registry change in Windows XP. Even WPA PSK has been cracked (WPA itself has not been cracked, but the PSK - private shared keys - is susceptible to brute force and has been cracked). So, when I read the article on Techdirt, I had to completely agree.
But, when I read the original article on Information Week that the Techdirt article referred to, I had to really stop and shake my head. In it, Matthew Friedman reports that Justin Peltier - a senior security consultant with Peltier Associates and leader of Web hacking seminars for the Computer Security Institute - goes on to say that "Properly configures, wireless is actually much more secure than wired networking" and that proper configuration using the WPA PSK has to be turned on to achieve this.
I do not agree with this at all. Although the WPA PSK takes a lot longer to crack than WEP, it is still crackable. No matter how you look at it, wired access is still less secure than a wired connection. Peltier also states, "So many people have been brainwashed to believe that wireless is insecure, though." People brainwashed? After all that is crackable and can be done with WPA PSK, WEP, MAC address spoofing, detecting the SSID and so on.. I do not see how a "Security expert" can believe that wireless is "more secured than a wired network".
Top of the Page Related Articles on Aleeya.net:
- Wireless Networking - What others can see
- Wireless Networking - Where the Insecurity Lies
- Wireless Networking - The Wifi Movie
- Wireless Networking - Warchalking
- Wireless Networking - Borrowing An Internet Connection
Recent Entries:
- 07/05/2008: Windows Does not Report All Memory
- 01/01/2008: Firefox 3 beta - Minefield
- 01/01/2008: Happy New Year!
- 01/01/2008: Photoshop Thumbnails (.psd)
- 01/01/2008: Adobe Photoshop CS3 error
Search: Cosmos | BlogPulse
Bookmark: Del.icio.us | Furl It | Spurl | Tag!RawSugar | Simpy This! | Shadows Tag! | Blink It | My Web
Aleeya dotNet Tags: wireless, security, insecurity, WPA, SSID, WEP, MAC address, WAP
Technorati Tags: wireless, security, insecurity, techdirt, WPA, SSID, PSK, WEP, MAC, WEPCrack
Filed under: Security (Technorati) , Wireless (Technorati) .
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
This entry was posted on Thursday, October 13th, 2005 at 5:45 pm
You can also choose to read Search Engine Optimization, which is the previous entry, or Google a Terrorist Threat?, the next entry.
Top of the Page