A quick blurb about wireless security ...
Just don't. If you can get away with not using Wi-Fi, that's your better alternative. Wi-Fi is great from a convenience stand-point, which is why it's so inherently insecure.
Right off the bat, if you're using WEP encryption it's merely a matter of 5 minutes (literally, Google it) for someone with a laptop either running Linux or with a Linux LiveCD to break into.
If you're using WPA or WPA2, things get a little trickier. Hopefully you're not using a standard name for your router ("Linksys", anyone?) - if so the cracker only needs to download a Rainbow table and fire it up. If your password is a simple one, you're already hosed. Using a custom, obfuscated name? Good, you'll need it. Again we're back to the simple password dilemma - If your password can be found in a dictionary, or a simple permutation of a dictionary word, you're still vulnerable. The aforementioned cracker can simply kick your mobile, laptop, iPad, what-have-you off your Wi-Fi, record the packets sent through the air (wirelessly) as you reconnect, and take them home to crack. If you're using a strong SSID name and a strong password, the real only alternative at this point is bruteforcing your router with a known WPS exploit (Google Reaver). This takes 10-15 hours, or more - so hopefully if you find a van sitting in your driveway ... you'll realize what's going on and call the police.
So, stand up, shake the sleep out of your body, and run some Cat5e cables around your house. You deserve the privacy.
No comments:
Post a Comment