Wireless Network Security – it’s a huge concern
I want to address important concerns about wireless network security, that a lot people don’t immediately understand about wireless:
- if you configure your wireless network with “no security” or “open authentication only” running, you basically have no security at all
- if you don’t configure PSK or 802.1X/EAP/RADIUS, you are basically sending all your traffic unencrypted
- if you don’t run the 4-way handshake, you have no encryption
I usually demonstrate these issues on my CWSP, CEH, and wireless hacking/pentesting classes. I emphasize and demonstrate that anything you transmit, which is not encrypted, is completely visible to anyone. A hacker can capture it, and see it, without any effort.
Usually capturing traffic, and showing students how easy it is to get the HTTP/FTP username and password, is enough to make the students sit upright. However, when I then view an entire Telnet session, or replay an audio call, everyone’s attention is guaranteed.
There is no magic involved. If data is sent, unencrypted, over the wireless airwaves, anyone can hear it. So, if you are at a coffee shop, at a stadium or airport, or on a guest network, with no PSK or 802.1X/EAP/RADIUS, you have a problem.
We need to fix this, you need to be enjoying your coffee at the coffee shop, or watching the game at a sports bar, without worrying about who is spying on you.
Only with an ‘S’ – how to overcome free wireless network security issues (and thus enjoy that coffee)
Well there is a solution to this problem, of course, “Only with an S”
What I mean is, on an open network, you only EVER use protocols with an ‘S’ in them:
There are, of course, exceptions to the rule, don’t be fooled by SMTP, instead use SMTP with TLS (watch out here – SMTP by default without TLS, is *open*).
I have an additional rule, referring to SNMP, to add here: if the thing in question has a number available, use the biggest number. So, use SNMPv3, not SNMPv1, or SNMPv2.
Of course, the ultimate security precaution is to always use VPNs. (The ultimate solution to the free wireless security problem, and it has an ‘S’!) If you always use a VPN whenever you are on a public network, even when you are on a network outside the office, all your traffic will be encrypted as it crosses from your device to the other end of the VPN tunnel.
Watch out here, some configurations allow you to use split-tunneling which allows you to configure some traffic to go down the VPN path, but other traffic (usually email or web traffic) to jump off and be sent out locally – this, of course, may be convenient but can defeat the safety of a VPN. If you are using this feature, make sure you are using secure protocols, for the locally “split” traffic.
That’s it. Happy New Year to everyone, and we’ll see you next time!
So here is my wireless network security summary:
- Only use protocols with an ‘S’
- If they have an ‘S’ and have a TLS option, turn it on
- If they have a number, use the biggest one
- Use a VPN when you’re out of the office
Safe web browsing and, remember, enjoy that coffee! 😊
If you are looking to make your mark in the IT Industry, then NC-Expert offers excellent training courses aimed at relevant IT industry certifications – contact us today to get started.