+ Post New Thread
Page 3 of 5 FirstFirst 12345 LastLast
Results 31 to 45 of 61
Wireless Networks Thread, WEP Hacked in Technical; Originally Posted by WEPHack Does having a 504 bit key increase the amount of time it takes to hack? Does ...
  1. #31

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by WEPHack View Post
    Does having a 504 bit key increase the amount of time it takes to hack? Does the length of the key have any other effect? e.g. connection speed.

    I've used a random generator to create the 504 bit key, so definitely not dictionary.

    Control panel is blocked other than display, yet you can still get to it through the notification area. Is some specific block required?
    The size/length of they key makes no difference in speed, however it's good to know what it is to hand so authorised Smartphones or other devices can be manually connected by an admin. The problem with a 504 bit key is that if everything could be scripted (like with Windows) then it wouldn't be an issue, but the reality is very different.

    I'm not quite sure how your users are accessing Network Connections if Control Panel is blocked. They should be able to join a wireless network, but not view properties such as TCP/IP or anything else related to networking.

  2. Thanks to Michael from:

    WEPHack (24th September 2013)

  3. #32

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by WEPHack View Post
    Going forward we will look next FY at replacing the wireless solution with something managed, if budget allows. (Budget being another problem...)
    A managed solution is only needed if you have more than 20-25 APs, otherwise save some cash and configure them manually, broadcasting the same SSID and key, but change the channel from 1, 6 or 11.

  4. Thanks to Michael from:

    WEPHack (24th September 2013)

  5. #33

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    11
    Now that's just bad advice.

    If it's an important installation like a school, you do not want to have all your access points autonomous.

    I would say anything from 6 AP's upwards is a contender for a managed solution.

    NM
    Last edited by neilmac; 24th September 2013 at 12:20 PM.

  6. Thanks to neilmac from:

    WEPHack (24th September 2013)

  7. #34

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by neilmac View Post
    Now that's just bad advice.

    If it's an important installation like a school, you do not want to have all your access points autonomous.

    I would say anything from 6 AP's upwards is a contender for a managed solution.

    NM
    It's all down to opinion, but I have many Primary schools working absolutely fine in this configuration. The only reason I say 20/25, is because setting up this many can or should I say is a tedious job. Obviously a managed controller does all the hard work for you.

    I'm pretty confident even a junior technician could correctly setup 6 APs in an afternoon at a push. It's not difficult to juggle three channels over six APs.

  8. Thanks to Michael from:

    WEPHack (24th September 2013)

  9. #35

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    11
    This is not opinion, it's an established best practice.

    If it's your home network, fine, but for a mission critical application like education, it need to be done right.

    You need to be leveraging as much use as possible from 5GHz, plus you need to make subtle changes to network configs that can be pushed out. Managed networks are much more aware, and perform better. Controllers manage much more than just the configs.

    Generally there isn't a huge saving when it's a lot of devices, the false economy is time and troubleshooting. If you have more than 6 AP's you should look at a managed solution. Just because some old networks function with a manual config doesn't mean it's a good way to do it.

    If you sell a customer 20 access points and no control plane (either local controller or web management) you are doing him a disservice.

    NM

  10. Thanks to neilmac from:

    WEPHack (24th September 2013)

  11. #36

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by neilmac View Post
    If your infrastructure allows, just create a new SSID mapped to the same VLAN and migrate users from old to new. Otherwise, bite the bullet and get some help, spend a weekend doing it when the school is closed.
    An update to the WG302 has enabled profiles, and the WNDAP350 can do that out of the box. There's still this compatibility issue with the Lenovos/Intel Centrino Wireless-N 2230 which I need to troubleshoot. My concern is that these are just the laptops tested, and we have several more oddballs. I'll see how the compatibility testing goes...

  12. #37

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by neilmac View Post
    This is not opinion, it's an established best practice.

    If it's your home network, fine, but for a mission critical application like education, it need to be done right.

    You need to be leveraging as much use as possible from 5GHz, plus you need to make subtle changes to network configs that can be pushed out. Managed networks are much more aware, and perform better. Controllers manage much more than just the configs.

    Generally there isn't a huge saving when it's a lot of devices, the false economy is time and troubleshooting. If you have more than 6 AP's you should look at a managed solution. Just because some old networks function with a manual config doesn't mean it's a good way to do it.

    If you sell a customer 20 access points and no control plane (either local controller or web management) you are doing him a disservice.

    NM
    I was unaware education was mission critical, but I do know a high uptime is expected. I consider a business is more mission critical in my opinion, especially when it can cost a business money when wireless availability isn't there (for whatever reason).

    Most devices are still 2.4GHz only or 2.4GHz/5GHz mixed. I think a better way is when newer wireless standards are published, which inevitably will mean they'll be 5GHz only anyway. I can't say I've noticed any significant disadvantage to using 2.4GHz instead of 5GHz and clearly manufacturers think so also.

    Controllers do go wrong and when they do, you'll lose all wireless availability. Individual APs connected via PoE work independently, so in theory they can be connected to any decent PoE switch. There are pros and cons to both methods, but the 20/25 is also about right to justify the need for a controller. Managing the wireless channels becomes considerably more difficult and any controller is going to cost considerably more than 6 APs.

  13. #38

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    11
    It depends on the level of education - certainly senior schools and universities are very reliant on good wifi.

    5 GHz has more available channels with no overlap so the capacity is higher for a given area. band steering should automatically push 5GHz capable devices to 5Ghz to reduce congestion in 2.4 GHz.

    Controllers can go wrong, so really important installations have redundant controllers. Cloud managed systems give you all of the features without the danger of a failed controller, most manufacturers are moving towards cloud managed.

    I will agree that around 6 AP's you can get away with autonomous. However more than 6 to me indicates you are covering a larger are and have more devices. Why wouldn't you want to have access to information that would allow you to centrally manage and troubleshoot your users ?

    The additional cost of a control plane is negligible compared to the benefits it brings, to do without is a poor solution.

    Out of interest, what autonomous access points are you installing ?

    NM
    Last edited by neilmac; 24th September 2013 at 01:08 PM.

  14. #39

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I agree, the higher you go up the education ladder the demands also get higher. I think it's safe to say however that most higher educational establishments would need more than 20/25 APs and could also budget for a controller, as well as a redundant controller.

    I do agree also that 2.4GHz is more busy than 5GHz, but that's fairly inevitable given that the last few generations of G and N were primarily based on 2.4GHz operation. As bandwidth use gets higher, it makes sense to move to 5GHz. To justify upgrading all 2.4GHz to 5GHz compatible wireless adapters just isn't justified, especially when you may have 50, 100 or even more to upgrade. It would literally cost thousands.

    You need a lot of time to monitor this kind of data, plus teachers these days are pretty good at highlighting problems as and when they occur. I prefer building up relationships with the staff I support and making myself visible, rather than sitting at a server for hours looking at wireless logs. It's how I work and it's how I encourage others who work with me to be the same.

    It depends on the requirements/needs, but HP and Cisco are the most common.

  15. #40

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    11
    I don't want to look like I am arguing with you, but your assumptions are wrong.

    802.11 - 1997 - 2.4 GHz
    802.11b - 1999 - 2.4 Ghz
    802.11a - 1999 - 5GHz
    802.11g - 2003 - 2.4 Ghz
    802.11n - 2007 - 2.4 Ghz and 5GHz, 40 MHz only in 5 GHz

    So, 5 Ghz has been an obvious option since 802.11n came out, in fact 5 Ghz is the only way to get the higher data rates with 2 spatial streams and 40Mhz.

    802.11 ac is to be 5GHz only, but not a reason to upgrade in and of itself.

    How old are your wifi adapters to not support 5 GHz ? Do you have short, mid and long term plans in place for these deployments ?

    Building relationships with the staff is the right tactic and too often overlooked, you are right to mention this and I hope everyone understands that this is a big part of the job. But not the only answer. If you have a problematic device you need to look at the system to fix it. If you have connectivity issues, how do you begin to troubleshoot it ?

    You need to understand how wifi works in order to maximise it and troubleshoot it. I encourage people to get trained and understand the technology they deploy. You need to be passionate about how wifi works in order to administer it correctly.

    As for vendor choice, Cisco autonomous access points are more expensive than lightweight, so for a large deployment the costs would be similar. You should get good education discounts so cost should not be a differentiator. Cisco and HP are both more expensive than many managed solutions. Have you looked at alternatives ? Do you know about options like AirTight ?

    Ultimitely, you deploy your own networks any way you choose, but there are established best practices and very good reasons for following them.

    NM

  16. #41

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I wouldn't say 5GHz was obvious for wireless N, hence that's why 2.4GHz and 5GHz options are available. As you say, AC will be 5GHz only, but this in theory (on paper) will deliver near gigabit wireless connectivity, which is a considerable leap from wireless N's peak of a typical 300Mbps.

    You'll find many lower end notebooks and netbooks have 2.4GHz only, so blame the manufacturers! To be honest the speeds offered by wireless N @ 2.4GHz is plenty for the majority of day to day tasks. Typically the device itself is the bottleneck - not enough memory installed or very large data transfers 1GB+ (which rarely happens).

    Buying quality APs makes all the difference, in terms of how much they can scale, the uptime and also keeping problems to a minimum. I've had very few problems with wireless and it's usually faulty hardware or a damaged AP which typically creates the problem. As I say, I do rely on people communicating problems as I have plenty to keep myself and others occupied. I wouldn't say I'm passionate about wireless networks personally, but I do take pride in all the projects I get involved with. As long as the finished article is on time, on budget and delivers excellent results then I can sleep easy

    There are many wireless solutions out there - many I've heard of and many I haven't heard of, such as Airtight like you mention. I could go and learn about all the different types of systems, security mechanisms or other, but that's why we need people like you who can deliver/answer these kind of questions. Clearly your specific interest/profession is in wireless networking, but I have responsibilities covering from A - Z and there's only so much I can cram into my brain, let alone the time to learn about every new technology.

    Anyway, back on topic, I hope the OP gets their wireless connectivity/security issues resolved.

  17. #42

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    So I've confirmed that the Lenovo/Intel Centrino Wireless-N 2230 chipset won't connect to the WG302 (with the latest firmware) using WPA2 AES. It will with WPA TKIP. It's fine with the WNDAP350, so I'm guessing the issue is with the WG302.

    Is there any huge benefit in switching from WEP to WPA TKIP if we're going to be changing all this in 6 months anyway?

  18. #43

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    11
    Absolutely - WEP can be cracked within minutes.

    Anyone with the key can read any traffic transiting your network, browse for shared files and worst of all, use your network as a gateway to the internet for all kinds of things.

    Any illegal activity from distributing child porn to spamming to cyberattacks will point directly to you IP address. You MUST close this.

    NM

  19. 2 Thanks to neilmac:

    WEPHack (24th September 2013)

  20. #44

    Join Date
    Sep 2013
    Posts
    25
    Thank Post
    35
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Having checked, the WAP does offer a joint WPA/WPA2 mode, and that does seem to be working with this wireless chipset. I'm guessing it tries to negotiate at the stronger encryption, then drops lower if it can't make the connection.

    There was mention above of WPA being hackable with TKIP. How does that compare with WEP hacking for time, ease etc.?

    One advantage to a longer wireless key is it makes it near impossible to remember if seen, so I may opt for the long key for this reason alone.
    Last edited by WEPHack; 24th September 2013 at 04:53 PM.

  21. #45

    Join Date
    Sep 2013
    Location
    UK and Europe
    Posts
    115
    Thank Post
    0
    Thanked 56 Times in 46 Posts
    Rep Power
    11
    WPA is OK as long as you use a complex password. If you only have WPA you don't get 802.11n speeds, but you don't have that anyway. If supported, allow WPA/WPA2.

    Just get off WEP !

    NM

SHARE:
+ Post New Thread
Page 3 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Website hacked...
    By _Bat_ in forum Web Development
    Replies: 8
    Last Post: 27th July 2007, 09:17 AM
  2. Are we being hacked?
    By Paul_L in forum General Chat
    Replies: 2
    Last Post: 13th September 2006, 08:31 AM
  3. Replies: 34
    Last Post: 9th May 2006, 12:56 PM
  4. Text WEP key for hex input
    By NetworkGeezer in forum Wireless Networks
    Replies: 2
    Last Post: 16th March 2006, 07:16 PM
  5. Video demonstrating hacking WEP in 10mins
    By Geoff in forum Wireless Networks
    Replies: 11
    Last Post: 3rd February 2006, 06:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •