+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Internet Related/Filtering/Firewall Thread, Which encryption for wireless? in Technical; In a school environment, what encryption do people suggest for wireless networks? At home I use WPA but I'm wondering ...
  1. #1

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,452
    Thank Post
    408
    Thanked 669 Times in 611 Posts
    Rep Power
    191

    Which encryption for wireless?

    In a school environment, what encryption do people suggest for wireless networks? At home I use WPA but I'm wondering if WPA2 is sufficient for a school environment.

    Any feedback appreciated!

  2. #2

    Join Date
    Dec 2009
    Location
    Northamptonshire
    Posts
    14
    Thank Post
    2
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    do you mean WPA2 personal or enterprise?

    If you are not using an 802.1X authentication server, Radius then WPA2 (AES not TKIP or mixed mode) is about as strong as you will get.

    TKIP has been compromised, not as bad as WEP was (Airsnort lads have made WEP next to useless) but TKIP can leave ARP compromised, and clever cookies can use this to infiltrate a network.

    If WLAN security is vital to you, then authenticate externally I would suggest.

    Hope this helps.

  3. #3

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,832
    Thank Post
    971
    Thanked 1,385 Times in 849 Posts
    Blog Entries
    1
    Rep Power
    457
    tbh what you could do is have no wireless security and use a vpn connection to connect into the network. No big overheads and you just put an ISA firewall between your hub and the network. You can even use that "Logon via dialup" check box (since it *dials* the vpn)

  4. #4

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,452
    Thank Post
    408
    Thanked 669 Times in 611 Posts
    Rep Power
    191
    It's out of WPA, WPA2 WEP-64, WEP-128.

    We can authenticate against AD on the wireless clients.

    Just don't want Joe Bloggs outside to be able to connect, that's all.

  5. #5
    AIT
    AIT is offline
    AIT's Avatar
    Join Date
    Dec 2009
    Location
    Nottingham
    Posts
    369
    Thank Post
    46
    Thanked 32 Times in 30 Posts
    Rep Power
    20
    WPA2 is the most secure out of any.

    WPA2 and WPA is easy to hack if many users connect and disconnect. (can not be hacked when no inactivity)
    WEP takes the longest to hack (but can be done when no ones using it)

    Out of any i would choose WPA2 (with a random word / numbers)

  6. Thanks to AIT from:

    Edu-IT (8th December 2009)

  7. #6

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,452
    Thank Post
    408
    Thanked 669 Times in 611 Posts
    Rep Power
    191
    Cheers!

  8. #7
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75
    Quote Originally Posted by AIT View Post
    WPA2 is the most secure out of any.

    WPA2 and WPA is easy to hack if many users connect and disconnect. (can not be hacked when no inactivity)
    WEP takes the longest to hack (but can be done when no ones using it)

    Out of any i would choose WPA2 (with a random word / numbers)


    Can you elaborate on that? I was under the impression that WEP was very easy to compromise but that required it to be in use so enough data can be collected to crack the key (same potentially with WPA).

    WPA can be cracked by targeting the initial shared key using basically a dictionary attack or a rainbow table.

    WPA2 uses the strongest methods and would take longer to crack that the other two.
    Last edited by cookie_monster; 8th December 2009 at 03:40 PM.

  9. #8

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,685
    Thank Post
    755
    Thanked 1,715 Times in 1,526 Posts
    Rep Power
    438
    Quote Originally Posted by AIT View Post
    WPA2 is the most secure out of any.

    WPA2 and WPA is easy to hack if many users connect and disconnect. (can not be hacked when no inactivity)
    WEP takes the longest to hack (but can be done when no ones using it)

    Out of any i would choose WPA2 (with a random word / numbers)
    Sorry I think that's completely wrong.

    WEP is hacked to the hills.

    WPA has been partially compromised.

    Ben

  10. #9
    AIT
    AIT is offline
    AIT's Avatar
    Join Date
    Dec 2009
    Location
    Nottingham
    Posts
    369
    Thank Post
    46
    Thanked 32 Times in 30 Posts
    Rep Power
    20
    Quote Originally Posted by plexer View Post
    Sorry I think that's completely wrong.

    WEP is hacked to the hills.

    WPA has been partially compromised.

    Ben
    Yes WEP is very easy to hack but can take up 2 15 minuits.

    WPA and WPA2 if not being used is impossible to gain access.

    However If you have lots of had shake request and a very fast computer you can easily gain access within 5 minuits. (i have done this)

    I would still recommend WPA2. As its much harder to do.

    To be totally honest i wouldnt transfer mision critical secure data over wireless anyway.

  11. #10
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75
    The FBI demonstrated a WEP hack on a strong key in 3 mins three years ago. WEP is a last resort.


    However If you have lots of had shake request and a very fast computer you can easily gain access within 5 minuits. (i have done this)
    Is the method you used attacking the passphrase or using another method?


    WPA-PSK may be vulnerable to a brute force attack but, with the choice of the right password, it becomes unfeasible. Assuming a decent utility is used, a 31 character long password of random upper- and lowercase letters and numbers results in 62^31, or 3.7x10^55 possible combinations. If we assume 60 attempts per second, it will take more that 1.3x10^36 times the age of the universe (15 billion years) to attempt every possible combination. The average time would be half that, or 6.5x10^35 times the age of the universe. Even if someone were to come up with a scheme that reduced the bruteforce time to 1 trillionth of what would be required otherwise, it would still take 6.5x10^23 times the age of the universe. And so on... Unless someone find another way to get the password (e.g., can determine from traffic (like with WEP), beats it out of me, hacks my laptop, etc.), my WAP will remain secure until long after I'm dead. And that's good enough for me.
    http://it.toolbox.com/blogs/unwired/...ng-wpapsk-6730
    Last edited by cookie_monster; 8th December 2009 at 03:59 PM.

  12. 2 Thanks to cookie_monster:

    Nixphoe (11th December 2009), sparkeh (8th December 2009)

  13. #11

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    7,224
    Thank Post
    1,441
    Thanked 1,859 Times in 1,252 Posts
    Blog Entries
    22
    Rep Power
    559
    Quote Originally Posted by cookie_monster View Post
    Is the method you used attacking the passphrase or using another method?
    Just going to post the same thing, as I understand it the strength of WPA2 is related to the complexity of the passphrase. Using a sufficent strength makes cracking WPA2 infeasible.

  14. #12
    AIT
    AIT is offline
    AIT's Avatar
    Join Date
    Dec 2009
    Location
    Nottingham
    Posts
    369
    Thank Post
    46
    Thanked 32 Times in 30 Posts
    Rep Power
    20
    Quote Originally Posted by sparkeh View Post
    Just going to post the same thing, as I understand it the strength of WPA2 is related to the complexity of the passphrase. Using a sufficent strength makes cracking WPA2 infeasible.
    Absolutely correct if you use a very week passphrase thatís easily calculated e.g. a word. Then itís just as easy to gain access as wep. Put a number in there and it will take considerably longer.

  15. #13
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,217
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    75
    Quote Originally Posted by AIT View Post
    Absolutely correct if you use a very week passphrase that’s easily calculated e.g. a word. Then it’s just as easy to gain access as wep. Put a number in there and it will take considerably longer.

    Well yes at the end of the day it's just a password but as it's one that you enter infrequently it should be a long one. I don't consider that to be a flaw more poor configuration.

    Interestingly

    WPA-PSK if deployed with a reasonably complex password of 10 or more random alphanumeric characters has never been broken whereas WEP can be broken in minutes.
    http://blogs.zdnet.com/security/?p=826
    Last edited by cookie_monster; 8th December 2009 at 04:12 PM.

  16. #14
    jjx
    jjx is offline
    jjx's Avatar
    Join Date
    Jul 2008
    Posts
    8
    Thank Post
    0
    Thanked 2 Times in 1 Post
    Rep Power
    0

    Three minute overview

    Quote Originally Posted by Edu-IT View Post
    In a school environment, what encryption do people suggest for wireless networks? At home I use WPA but I'm wondering if WPA2 is sufficient for a school environment.

    Any feedback appreciated!

    Here's a quick overview for you...
    For the full scoop, check out "A Brief History of Wireless Security" at Security Uncorked A Brief History of Wireless Security

    KNOWING YOUR NEED
    It really depends on the data you need to protect. In the US, we have specific regulations over data protection for personal information, health and financial. A school network could contain:
    - Student grades, names, gov ID, addresses <- Personal info
    - Student health information (mental/clinical) <- Health info
    - Employee names, addresses, gov ID <- Personal info
    - Employee health or insurance info <- Health info
    - Employee salary and benefits <- Financial data

    THREE MINUTE OVERVIEW
    Listed most secure to least secure.

    1. Enterprise mode 802.11i (WPA2 with 802.1X and AES) > Connects to directory services to authenticate users or machines and uses 802.1X for key rotation. Not currently broken because the encryption is secure (AES) and the key rotation (802.1X) is not broken.

    2. WPA or WPA2 with TKIP > Can be broken, but takes much more effort and the keys themselves aren't broken, the checksum is. The vulnerability is in the TKIP encryption (vs AES) and the threats under this type of attack are limited. TKIP was an interim crypto method before all hardware could support AES.

    3. WPA2 with PSK > Uses a pre-shared key instead of rotating keys created by 802.1X. Pre-shared keys are more vulnerable, especially when not configured to rotate at all. Even rotating PSKs are not as secure as 802.1X keys. PSKs also do not offer any type of user authentication, since the keys are shared. If someone violates a policy or attacks the network, tracking down the wireless user is much more difficult with PSKs.

    4. WEP with PSK > Just don't even do it.

    -jj
    Last edited by jjx; 9th December 2009 at 02:43 PM.

  17. 2 Thanks to jjx:

    mac_shinobi (9th December 2009), Nixphoe (11th December 2009)

  18. #15
    AIT
    AIT is offline
    AIT's Avatar
    Join Date
    Dec 2009
    Location
    Nottingham
    Posts
    369
    Thank Post
    46
    Thanked 32 Times in 30 Posts
    Rep Power
    20
    If you are a school and cant afford to use enterprise mode.
    i would simply suggest using wpa2 and putting your wireless nodes on a separate vlan.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. VOIP Encryption
    By matt40k in forum Wireless Networks
    Replies: 0
    Last Post: 29th January 2009, 06:04 PM
  2. Question about encryption
    By sidewinder in forum How do you do....it?
    Replies: 9
    Last Post: 28th November 2008, 12:57 PM
  3. Encryption
    By ScottStevinson in forum How do you do....it?
    Replies: 4
    Last Post: 14th July 2008, 10:27 AM
  4. Powerpoint encryption
    By roty80 in forum Educational Software
    Replies: 0
    Last Post: 6th May 2008, 12:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •