Re: Hackers and Microsoft Engineers, very amusing

david20_at_alpha1.mdx.ac.uk
Date: 06/22/05 

Date: Wed, 22 Jun 2005 11:09:32 +0000 (UTC)

In article <42b90e06$0$67264$157c6196@dreader2.cybercity.dk>, "Dr. Dweeb" <NOSPAM_5msg0h202@sneakemail.com> writes:
>Z wrote:
>> david20@alpha2.mdx.ac.uk wrote:
>>> Unfortunately in the name of user friendliness Windows default is to
>>> add every Wireless network you have ever connected to into it's list
>>> of preferred networks and then send out probes for each of these
>>> networks and finally to connect to the first one it finds automatically.
>>
>> That's odd, my Windows XP Pro system doesn't behave that way.
>>
>> I'm prompted to connect.
>>
>> Maybe I have a defective version of Windows?
>
>My windows 2003AS/EE does that. I have a few different connections
>available here in my apartment block :-) My net is secured (no broadcast,
>encrypted and MAC address btw). Maybe I should modify that behaviour - I am
>sure there is a button I can push somewhere to fix this.
>

Are you using WPA rather than WEP encryption ?
WEP can be broken very very quickly.
All newer cards and access points should support WPA and you should be able to
get firmware updates to support it on older equipment from pretty much all
vendors. (One of the design goals of WPA was that it would work on existing
cards and access points. The newer official standard 802.11i which some vendors
are calling WPA2 uses a more processor heavy encryption and requires new
hardware. Hence it will probably be sometime before most people migrate to
802.11i).

For home use you will be pretty much stuck with WPA-PSK (WPA with Pre-shared
key) unless you can setup your own radius server to use WPA with 802.1x.
WPA-PSK is OK so long as you setup a good pass-phrase (at least 20 characters)
otherwise it might be cracked using a dictionary attack (see
http://www.tinypeap.com/html/wpa_cracker.html).

(I was going to add that the tinypeap site also includes a beta firware
upgrade to some Linksys Acess points which adds a radius server to them so
that you can use WPA with 802.1x. However I just noticed that they have
stopped distributing the binaries at the moment due to a copyright
infringement issue with the FreeRadius project. Since 802.1x removes the need
for setting up a pass phrase it removes the possibility of the
dictionary attack).

Hiding the SSID doesn't really increase security. It only stops it being
broadcasted by the access point - the moment someone starts using the wireless
network the SSID is available in the clear for anyone sniffing the air
waves. Tools such as Kismet make this easy.
Not having the SSID broadcast may also cause problems and Microsoft explicitly
recommends against this practise see for instance
http://support.microsoft.com/default.aspx?scid=kb;en-us;811427

Limiting the MAC addresses able to access your Access points is only a very
minor impediment. Again the MAC addresses of clients using the access point are
available in the clear hence it is relatively easy for someone to note them
down and then alter the MAC address of their system to match and then access
your access point.

 

David Webb
Security team leader
CCSS
Middlesex University
 

>Dr. Dweeb
>
>