Wifi security ?s

[tshephard]

Hey!

1 I see articles they say to hide SSID, and then others say that hiding is silly - just change the SSID from default. However, if I can form a competent question... couldn't someone drive by, see my new SSID, go home, and overnight generate the table with my odd, but seen SSID and come back? In a dense suburban, wouldn't hidden at least makes others more likely targets? Or if 'they' are focused somehow at me, doesn't the table generation above still apply?

2 I'm using dual (series) Asus routers to form an external and internal scheme with double firewalls, etc; using external for guesting and Asus VPN. Wondering about VPN UN/PW intensity. I think all I'm doing is keeping others from using my VPN - there is no access to internal data. Others would have to guess Asus DDNS name, UN, PW only to gain access to external web anyway. Is there a threat besides bandwidth usage?

3 That Asus DDNS service - xxx.asuscomm.com - seems like a threat as there is no password there, only have to guess 'user'. Anyone?

THX all!

 

[stevech]

You'll be OK if you use WPA/WPA2 encryption in your WiFi router setup. And user devices to match.
Never run without encryption on.
Change your SSID to non-factory default. It's confusing if you don't.

Don't enable remote admin on your WiFi router, or don't do so for very long. Be sure your router admin password is set to something non-trivial.

Hiding SSID (disabling SSID in beacon broadcasts of IEEE 802.11) is not useful. The SSID is also sent in all data exchanges.

DDNS: if you really need it (do you?) I suggest using dyndns.org. Your router has a list of supported service providers.

IMO your dual routers with two firewalls etc should be eliminated. Costs performance (double NAT).

 

[jlake]

http://www.us-cert.gov/sites/default/files/publications/HomeRouterSecurity2011.pdf

 

[jdabbs]

One of the advantages of changing your SSID stems from how WPA/WPA2 cracking is conducted. Instead of trying passwords one-by-one until the wireless router/AP grants access to the network, WPA cracking works by computing the hash for a given password and comparing it to the hash intercepted by capturing a handshake on your network. In practice, there are lists of these hashes floating around on the Internet, so an attacker merely has to compare the captured hash to, say, a rainbow table containing 250k well-known passwords. If your passphrase is in that table, an attacker would have it in seconds. Fortunately, the WPA spec provides some protection. Each hash incorporates a salt which results in a different hash value for each passphrase. In WPA/WPA2's case, the salt is the SSID of the network. This means that if Alice's passphrase for her "linksys" network is ABC123, and Bob's passphrase for his "linksys" network is ABC123, the hash for each network will be identical. However, if Charlie's passphrase for his "Charlie's Angels" network is ABC123, it will be different from Alice and Bob's hash. If you have both an uncommon network name and a strong passphrase, you've made life difficult for a cracker.

Another concern is WPS. Instead of computing tens of millions of passphrases, an attacker might try to brute force a WPS PIN. Some routers mitigate this vulnerability by allowing you to disable the functionality, or tying it a physical button.

In terms of time-to-crack:


1. Common SSID+well-known passphrase (rainbow table)
2. WPS (if vulnerable)
3. Unique SSID+well-known passphrase (dictionary attack)
4. Common/Unique SSID+weak but unique passphrase (attacker has to compute hashes)
5. Common/Unique SSID+strong and unique passphrase (attacker has to compute many more hashes)

 

[sinshiva]

minor correction;

a rainbow table is when you generate all hash possibilities using every character combination specified in the design of the rainbow table. the purpose of the rainbow table is to brute force a key by finding a hash collision. Hash collisions are a result of an assymetric algorithm having a narrow window of resultant hashes, resulting in two completely different keys having an identical hash. This technique has proven extremely successful against the assymetric hash method, MD5.

in other words, a rainbow table is not a list of known passwords. any time you're using a list or database of known cleartext phrases/passwords, it's essentially just a dictionary attack.

[edit/] whoops, forgot the most important part;

rainbow tables are only useful when you have a copy of the hashed password already. how this works is that somebody gains access to a system that has the hashes stored in something like a password file/database. they snag that file and run the hashes through a precomputed rainbow table and with luck, you get a hash collision with the matching key. it will look completely different from the real password, but functions identically.

 

[stevech]

WiFi cracking - a residential WiFi system... (excluding university dorms), needs a motivated intruder. What's the motive?

For me, even if my disks are compromised/stolen, the financial data is protected as an encrypted virtual disk (SafeHouse software).

 

[sinshiva]

well, i'm not sure if i think this is a good or a bad thing, but quantum computing is going places and government funding will only take it so far. history is gonna repeat itself and we'll have quandroid brainterface networking, but this time i don't think we'll have algorithms that the processors don't just eat for breakfast. governments know everything about you in 20, corporations in 30, everybody in 40.

 

[jdabbs]

minor correction;

a rainbow table is when you generate all hash possibilities using every character combination specified in the design of the rainbow table. the purpose of the rainbow table is to brute force a key by finding a hash collision. Hash collisions are a result of an assymetric algorithm having a narrow window of resultant hashes, resulting in two completely different keys having an identical hash. This technique has proven extremely successful against the assymetric hash method, MD5.

in other words, a rainbow table is not a list of known passwords. any time you're using a list or database of known cleartext phrases/passwords, it's essentially just a dictionary attack.

[edit/] whoops, forgot the most important part;

rainbow tables are only useful when you have a copy of the hashed password already. how this works is that somebody gains access to a system that has the hashes stored in something like a password file/database. they snag that file and run the hashes through a precomputed rainbow table and with luck, you get a hash collision with the matching key. it will look completely different from the real password, but functions identically.

https://www.google.com/#q=wpa+rainbow+tables
Term has been coopted for almost a decade now. Take it up with the Internet, I guess.

In the case of WPA/WPA2 cracking, the purpose is not to find a collision. Instead it is to find a match with an already known password; this is accomplished by comparing the captured hash to a list of derived hashes. Many available tables take a list of well-known passwords (ones with a high frequency of occurrence) and compute their hashes. When you have the top million or so passwords, it makes sense to try "password123" before working your way up to "hRNzRjQe4G0cLtr" (dictionary attack). It makes even more sense to see if someone has already computed the hashes (rainbow table). If you use an uncommon SSID, you greatly decrease the chances of an existing rainbow table.

WPA/WPA2 uses PBKDF2, which relies on SHA1. SHA1 is much less susceptible to collisions than MD5, and it appears that no one has managed a successful collision with SHA1 yet. If you are attacking WPA/WPA2 with any hope of success, it will be either through WPS or the passphrase. You're not looking for collisions, you're looking for a matching hash, which identifies the passphrase in use.

WiFi cracking - a residential WiFi system... (excluding university dorms), needs a motivated intruder. What's the motive?

For me, even if my disks are compromised/stolen, the financial data is protected as an encrypted virtual disk (SafeHouse software).

Someone interested in child pornography or otherwise illegal downloads, threatening messages, stalking, or evading IP bans would be wise to use their neighbors' Internet connection. If you don't want the 4chan party van at your house, best keep your neighbors off your wireless network.

 

[sinshiva]

Someone interested in child pornography or otherwise illegal downloads, threatening messages, stalking, or evading IP bans would be wise to use their neighbors' Internet connection. If you don't want the 4chan party van at your house, best keep your neighbors off your wireless network.

you can make a wireless bridge from pretty far away, heh

 

[tshephard]

All interesting stuff, however...

1 If I have a changed SSID, can't someone go home and generate the table and come back. ( I understand they may have bought/created the easy ones, but can't a unique one still be rainbow'ed with very little effort?)

2 I have tried using 2nd RT as peer/switch, but cannot get any isolation for secure net from guest net. Asus's 'Set Isolated AP' simply does not seem to work (wireless clients can see homegroup/workgroup clients) per popup text help explanation. It seems the only way I can get guest isolation is double net, fw, nat, etc - unless someone has better way?

I didn't realize there was a security section at bottom of list - move if off-base!

 

[stevech]

All interesting stuff, however...

1 If I have a changed SSID, can't someone go home and generate the table and come back. ( I understand they may have bought/created the easy ones, but can't a unique one still be rainbow'ed with very little effort?)

No, SSID is just a network name. It's unrelated to the essential encryption you need to enable if not already done.
[/QUOTE]

 

[jdabbs]

1 If I have a changed SSID, can't someone go home and generate the table and come back. ( I understand they may have bought/created the easy ones, but can't a unique one still be rainbow'ed with very little effort?)

It would not take an attacker too long to go through a list of well-known passwords. From there, the time-to-crack depends on password strength, and a strong enough password can take years to crack.

 

[stevech]

It would not take an attacker too long to go through a list of well-known passwords. From there, the time-to-crack depends on password strength, and a strong enough password can take years to crack.

Yes, and hacker needs motive and proximity.

Media over-hypes WPA2 vulnerability. They did too, for WEP128. Just because some smart students cracked a cooperating victim.