ClioSport.net
Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
-
When you purchase through links on our site, we may earn an affiliate commission. Read more here.
WiFi Security
- Thread starter MikeyK18
- Start date
Shed.
Google it, doesnt take long to figure out really.
sorry i forgot you were the master of the universe
Shed.
Sorry, wasnt having a go or anything, or even saying you should have looked on google. :dapprove:
My tone of writing was incorrect
What i should have said was - If you go on google and type hacking WPA or WEP there are plenty of resources available for this.
Sorry though, didnt mean owt by it.
SLK 350
I can crack WEP in about 5 minutes, ask my neighbours heh. Though I only use my Virgin line I can easily get there key. WPA/2 takes from a few hours upto 2 days depending on how many packets you can inject.
Hiding your SSID does bugger all, even my iPhone will sniff your network. Oh and Mac filtering, childs play... I'll just clone your Mac
Blackhatting is useful though, it's very easy to show IT managers why it's a very bad idea to use wifi on their network.
Hiding your SSID does bugger all, even my iPhone will sniff your network. Oh and Mac filtering, childs play... I'll just clone your Mac
Blackhatting is useful though, it's very easy to show IT managers why it's a very bad idea to use wifi on their network.
here you go... some best practice for WI-FI access point security
- Turn off service set identifier (SSID) broadcast on all internal, nonpublic, nonguest access points.
- When this feature is shut down, the access point will not advertise its presence and will foil casual attempts to catalog access points using tools such as NetStumbler. The access point SSID can still be discovered, but the process requires more-sophisticated detection tools and time to gather ambient data traffic. It is generally acceptable to broadcast the guest access point SSID, but even that can be suppressed if desired. If the guest SSID is suppressed, guests will have to manually enter the SSID in their wireless network profiles.
- Change SSIDs on all internal, nonpublic, nonguest access points to unique names, and consider not using names that reveal locations or owner.
- Access points are easier to discover if they use default SSIDs, because an attacker can request SSID names from a dictionary, especially the defaults shipped with new products. If the matching name is found, the access point will respond and confirm its presence. In addition to confirming its presence, the default name may reveal the manufacturer and model, which helps the attacker to form a targeted attack. If the SSID reveals the owner, the attackers can narrow their search of discovered access points to the individual or company they prefer to attack.
- Limit coverage of access points to areas that need them the most, and minimize coverage in unwanted areas via careful placement access points and by limiting transmission strength (by antenna setting and transmitter output setting).
- Access points are more difficult to attack if the assailant cannot easily reach a physical location close enough to attempt to associate with the company access point and has insufficient proximity signal strength to perform denial of service (DoS) attacks. Coverage can be estimated using planning tools, such as Wireless Valley from Motorola, and it can be measured in production through mobile Wi-Fi monitoring tools.
- Anticipate the need to support more than one type of authentication and airlink security combination.
- In many companies, limiting the choice for authentication and encryption to a single set may be impossible because of an ongoing need to support systems from different manufacturers and to support legacy equipment. The security administrator should select a first choice for PC workstations that can be supported on the majority of wirelessly enabled company systems. The strategic first choice will be Wi-Fi Protected Access 2 (WPA2) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or Protected Extensible Authentication Protocol (PEAP) for authentication, and Advanced Encryption Standard (AES) for airlink encryption. This first choice should be mandatory for all laptops and access points that will connect to the corporate network. Additional second choices should be made based on finding the largest number of systems that can be brought to the strongest level of protection. Exceptions to allow Temporal Keying Integrity Protocol (TKIP) for airlink encryption may need to be granted, for smaller mobile devices that lack the processing power to support AES. For example, the second choice could logically be WPA using EAP-TLS for authentication and TKIP for airlink encryption, or it might be Cisco EAP-Flexible Authentication via Secure Tunneling (FAST) or Lightweight Extensible Authentication Protocol (LEAP) on Cisco equipment and equipment supporting Cisco Client Compatibility Extensions. This secondary capability should be optional and used only for applications that cannot support the mandatory capability and only after a risk assessment has been performed. A comprehensive list of security choices will be found in Note 1 in order of strength.
- Migrate to WPA2-compatible WLAN network interface cards (NICs), wireless drivers, supplicants, and access points on all new purchases.
- All new WLAN purchases should require the current best standard, WPA2. Devices with non-Windows operating systems (OSs), especially smaller handheld devices, may need to use a third-party WPA2 supplicant. WPA2 support must be proactively investigated for all new purchases.
- Avoid the use of pre-shared keys (PSKs) in WPA or WPA2.
- PSKs used in WPA Personal mode and WPA2 Personal mode are vulnerable to authentication attacks and are not recommended for business systems. WPA Enterprise mode and WPA2 Enterprise mode use live access to an authentication server instead of PSKs.
- If public or guest access is to be allowed, use virtual LAN (VLAN) tunnels to route users to a point outside the firewall. Third-generation access points support VLANs that can be restricted to a set of access points and support VLANs that can be activated "on the fly" as users associate with access points within the company, including remote locations. Users can be defined in roles that cause them to be associated with a VLAN to suit any purpose, such as guest access. Use of separate access points to isolate traffic is possible but lacks the flexibility of VLANs.
- Guest users should be directed to the Internet, where they can use virtual private networks (VPNs) to connect back to their company portals. This option will also work with the company's own employees who are not registered for direct access to the LAN.
is it a program you use? just wondering cause i think my neighbour has tried hacking my wifi the git lolI can crack WEP in about 5 minutes, ask my neighbours heh. Though I only use my Virgin line I can easily get there key. WPA/2 takes from a few hours upto 2 days depending on how many packets you can inject.
Hiding your SSID does bugger all, even my iPhone will sniff your network. Oh and Mac filtering, childs play... I'll just clone your Mac
Blackhatting is useful though, it's very easy to show IT managers why it's a very bad idea to use wifi on their network.
Last edited:
185lb/ft dCi
you have to kick someone off the network(injection) so when they reconnect the handshake can take place again (the key gets exchanged) thats where you pick it up.
wep is pathetic tbh not meant for security.
Last edited:
B
Brown.
you tube has tutorials
mods delete if this post is considered malicious
http://www.aircrack-ng.org/doku.php
mods delete if this post is considered malicious
http://www.aircrack-ng.org/doku.php
