Unsecured free wifi spots:
Most wifi spots are unsecured. User data is shared as clear text as all users access the internet via free wifi spots. Though some hotspots authenticate users. This does not secure the data transmission or prevent packet sniffers from allowing people to see traffic on the network.
Some free wifi venues offer VPN as an option, such as Google WiFi. This solution is expensive to scale. Others such as T-mobile provide a download option that deploys WPA support specific to T-mobile. This conflicts with enterprise configurations at Cisco, IBM, HP, Google, and other large enterprises who have solutions specific to their internal WLAN.
"Poisoned free wifi spots:"
A "poisoned spot" refers to a free public hotspot set up by identity thieves or other malicious individuals for the purpose of "sniffing" the data sent by the user. This abuse can be avoided by the use of VPN.
Wi-Fi Protected Access - (WPA)
A Wi-Fi Protected Access security scheme for wireless networks, developed by the networking industry in response to the shortcomings of Wired Equivalent Privacy (WEP). WPA uses Temporal Key Integrity Protocol (TKIP) encryption and provides built-in authentication, giving security comparable to VPN tunneling with WEP, with the benefit of easier administration and use. WPA-PSK is a simplified form of WPA.
Wifi phone:
A WiFi phone is a wireless telephone that looks similar to a mobile phone but places calls via a combination of voice over IP and WiFi rather than via a cellular network. Current WiFi phones use Skype or Vonage for their voice over IP service. To compete with WiFi phones, several cellular carriers have created "Dual-mode phones", which can be easily switched between using a WiFi connection when one is available and a traditional cellular network connection when WiFi is not available. These phone can easily be connected to to free wifi network by following set up instructions.
Wi-Fi Protected Access (WPA and WPA2):
A Wi-Fi Protected Access is a class of systems to secure wireless (Wi-Fi) computer networks. It was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points.
WPA2:
WPA2 implements the full standard, but will not work with some older network cards. Both provide good security, with two significant issues:
• Either WPA or WPA2 must be enabled and chosen in preference to WEP. WEP is usually presented as the first security choice in most installation instructions.
• In the "Personal" mode, the most likely choice for homes and small offices, a passphrase is required that, for full security, must be longer than the typical 6 to 8 character passwords users often employ.
History:
WPA was created by the Wi-Fi Alliance, an industry trade group, which owns the trademark to the Wi-Fi name and certifies devices that carry that name.
WPA is designed for use with an IEEE 802.1X authentication server, which distributes different keys to each user; however, it can also be used in a less secure "pre-shared key" (PSK) mode, where every user is given the same pass-phrase. The design of WPA is based on a Draft 3 of the IEEE 802.11i standard.
The Wi-Fi Alliance created WPA to enable introduction of standard-based secure wireless network products prior to the IEEE 802.11i group finishing its work. The Wi-Fi Alliance at the time had already anticipated the WPA2 certification based on the final draft of the IEEE 802.11i standard. Therefore, they intentionally made the tags on the frame fields (also known as information elements, or IEs) made different from 802.11i to avoid the confusion in unified WPA/WPA2 implementations.
Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger initialization vector, this defeats the well-known key recovery attacks on WEP.
In addition to authentication and encryption, WPA also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key. A more secure message authentication code (usually known as a MAC, but here termed a MIC for "message integrity code") is used in WPA, an algorithm named "Michael".
The MIC used in WPA includes a frame counter, which prevents replay attacks being executed.
By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, WPA makes breaking into a wireless LAN far more difficult. The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards.
Due to inevitable weaknesses of Michael, TKIP will shut down the network for one minute if two frames are discovered that fail the Michael check after passing all other integrity checks that would have caught noisy frames. It will then require generation of new keys and reauthentication when the network restarts, forcing the attacker to start over.
No comments:
Post a Comment