Tuesday, December 08, 2009

Lack of Wireless protection is again in the headlights of security scrutiny.

The line for acceptable wireless security controls is constantly moving. WEP was never considered secure. It arrived broken and just became “brokener”.

WPA is now replaced by WPA2 and that latest version is under attack by dictionary attacks. It is very impressive that a wireless secret key is now worth 34 dollars.

The easiest way to protect yourself from attacks on your wireless device is to work on the elements that go into the encryption process. For the WPA-PSK process that involves the password and the SSID. Having a non-default SSID was always a good idea since it tells the potential attacker nothing about the network that they are sniffing. it is easy to change and can reflect your personality. Since the SSID (and SSID length) are used to slat the algorithm changing these from the default is the first step in securing a wireless connection.

Secondly, you need to choose a passkey of a reasonable length. To avoid repetitive phrases, I tend to use GRC password generator for 63 character keys. This can be a bit of pain for devices where the key has to be entered by hand (sometimes with a wiimote).

These two tasks should leave your wireless access device fairly secure but the other side of the coin (detective controls) should also be in place. More on that later.