What is IEEE 802.1X Terminology??? it it good to have enabled

[CJINOHIO03]

I have a wireless network with WEP enabled but I see this as an option too. I was having problems then de selected this and everything is working fine. Is that ok or not? CJ

[jeffmeden]

If you don't want to mess with it, leave it off. It's an authentication mechanism that requires specific configuration, and is usually only used in large scale networks. WEP is an OK first line of defense, if your clients support it you probably want WPA or WPA2 though, since it's not as easy to crack. MAC filtering is another popular protection if your router supports it.

[Rally Pat]

Unless you have CIA secret documents on your network, WEP will do you just fine. WEP is fairly easy to crack, but someone has to care enough to do it. More than likely, someone will find another network that is already open before they go at the throat of yours.

[Akula]

Unless you have CIA secret documents on your network, WEP will do you just fine. WEP is fairly easy to crack, but someone has to care enough to do it. More than likely, someone will find another network that is already open before they go at the throat of yours.

 

correction, WEP IS SUPER EASY TO CRACK.

 

.1x is an authentication mechanism for granting access to a network prior to having access to layer two. you have to have a radius server in order to do .1x.

 

If you can to WPA/PSK do that, it takes a brute force dictionary attack to break and had better flow monitoring so man-in-the-middle replay attacks are really tough.

[thorne]

Unless you have CIA secret documents on your network, WEP will do you just fine. WEP is fairly easy to crack, but someone has to care enough to do it. More than likely, someone will find another network that is already open before they go at the throat of yours.

I've lost faith in mankind. a geek endorsed wep...... It takes about 1 minute to crack wep with current programs. Thats right programs It's pretty damn simple to use auditor to do it.

 

WPA is the only answer for home users.

 

Geeks = Ipsec

[jeffmeden]

I've lost faith in mankind. a geek endorsed wep......

 

He's still young. And it's true that theres an obvious trade-off, if someone wants to go to the (minimal) effort of cracking wep they can, or they can move down the street and get the fully open access point, or they can break your door down and just steal your computer. It's all about what you're protecting; you aren't hiding something that mr big brother should know about... Are you?

[Rally Pat]

Well? Do you live next to a wardriver? I wouldnt give two shits if I was running WEP in my neighborhood (which I am not, I am running WPA), because I am surrounded by 65+ year old people. If you just want 8 year old Timmy to stop playing WoW on your connection, WEP will do you fine. Now if 8 year old Timmy is a hacker (which he could be, kids are getting smarter), then go with the higher protocol.

 

You know what, just go with WPA.

[thorne]

He's still young. And it's true that theres an obvious trade-off, if someone wants to go to the (minimal) effort of cracking wep they can, or they can move down the street and get the fully open access point, or they can break your door down and just steal your computer. It's all about what you're protecting; you aren't hiding something that mr big brother should know about... Are you?

No I make a living off of properly setting up networks.

 

Your analogy is ok. But honestly I used to war drive all kinds of places. And wep just ment it would be more fun to hack. It has 0 about what your protecting It has to do with Legal libility. open access point has already been shotdown. so I guesse your protecting your own ass.

 

If I hack your wireless. And quitely sit there sniffing data I'm sure someting bad will go across. And megaman your goofy. You have 2 computer security experts that live within a few blocks of your house.

 

If it takes very little effort to setup WPAPSK then why not do it. Plus the passwords you can make wfor that vs a hexkey are way easier to remeber.

[Rally Pat]

And megaman your goofy. You have 2 computer security experts that live within a few blocks of your house.

 

Being?

[thorne]

dw

[mrblunt]

WPA/psk, mac filtering on, SSID broadcast off. Sure there are ways to get past all this shit but for the average newb driving around trying to find access points hes probably going to lose interest in a few minutes. Besides whats he gonna find, your porn and maybe a few pics of your family vacation? Add some encryption software to keep stuff under lock and that's probably more than most people would ever need.

[thorne]

WPA/psk, mac filtering on, SSID broadcast off. Sure there are ways to get past all this shit but for the average newb driving around trying to find access points hes probably going to lose interest in a few minutes. Besides whats he gonna find, your porn and maybe a few pics of your family vacation? Add some encryption software to keep stuff under lock and that's probably more than most people would ever need.

nice setup

[Akula]

WPA2 with AES for Encryption, 802.1x for auth, all packets move back to an ICSA certified firewall. This is the best security available for free, xSec or Funk TTLS aren't free but xSec is the best (this is what the military does).

 

I work for an enterprise wireless lan vendor.

[jeffmeden]

There are absolutely trade-offs and saying 'use WPA2 in every situation' just doesn't work. Try setting a WPA2 login on a TiVo, and you will realize that not all networks support it in the first place. In a perfect world we would all be using quantum encryption for downloading pr0n and sending stupid joke emails, but reality is much different (the pr0n and jokes stay the same, sadly)...

[Akula]

There are absolutely trade-offs and saying 'use WPA2 in every situation' just doesn't work. Try setting a WPA2 login on a TiVo, and you will realize that not all networks support it in the first place. In a perfect world we would all be using quantum encryption for downloading pr0n and sending stupid joke emails, but reality is much different (the pr0n and jokes stay the same, sadly)...

 

You are absolutely correct. Scan-guns and voice phones cannot do AES encryption because thier nics are built with RC4 encryption engines and can only do WPA or WEP (they both use RC4). I was merely pointing out the most secure setup. The more traps you throw up the less I am going to try to get on your network. Most 802.11 airjacks are people looking for free internet, if you want to provide internet for free then do nothing.

 

Hidden SSID's take one packet to discover because the ESSID is always part of the 802.11 header.

 

The new WEP cracking tools take 3 minutes worth of null packets, or 1 minute worth of traffic to defeat wep clients utilizing weak IVs.

 

I can spoof a valid mac and you will never know, unless your AP supports 802.11 session numbering, most don't.

 

I guess you gotta decide what you want hidden, if you are surfing porn you don't really need anything. If you are going to your bank, you want very strong encryption (so DNS replays don't send you to my logging server).

 

WEP with an L3 encryption is pretty strong stuff.

 

If you want to really learn how to break into wireless networks you need to see this class one of my co-workers authored.

 

http://www.hotlabs.org/wlsat/