Securing Wireless Network
WPA Encryption Cracking: Is it Possible ?
The next generation of wireless encryption is Wi-Fi Protected Access commonly known as WPA. WPA borrows portions of the 802.11i standard, which promises security for future generations of Wi-Fi products and implementations. WPA deals with WEP’s static encryption key issue. WPA uses a Temporal Key Integrity Protocol (TKIP), which changes keys with every data packet. Other improvements include message-integrity checks that guard against forged packets.
Of course, WPA is not without flaw. The easiest way to use WPA turns out to be its biggest flaw and that is the Pre-Shared Key (PSK). WPA-PSK allows the administrator to specify a password, which must be known by all users for access to the AP. “With WPA-PSK, if you don’t make your password long, you’re susceptible to an offline dictionary attack where an attacker grabs a few packets at the time a legitimate station joins the wireless network and then can take those packets and recover the PSK used.” This hack is actually easier then the WEP crack because a hacker can quickly grab the data he/she needs when a legitimate client joins. After the data is collected the hacker doesn’t need to be near the WLAN and the network doesn’t need to be busy.
There are a few tools that can assist in a WPA-PSK crack. The first is KisMAC, however it is only useful to MAC users. Another is coWPATTY, which is a brute-force cracking tool that systematically attempts to crack the WPA-PSK by testing numerous passwords, in order, one at a time. Obviously this can be a time consuming process. This tool can only try 30-60 words per second with the possibilities are in the realm of 200 billion! Another tool is Aircrack, which can also capture data then perform a dictionary attack. Since this can be a time consuming process with a long enough pass phrase, which may deter crackers, I would recommend a pass phrase that is more then 20 characters and preferably not words that are found in the dictionary.
Securing IIUM Wireless Network
The security of wireless local area network (WLAN) solution works better with Wi-Fi Protected Access (WPA) WLAN protection compared to Wired Equivalent Privacy (WEP).
Currently, ITD have to admit there are some potential difficulties faced by IIUM user with using WPA, which include:
• Manual configuration of WPA settings: The support for setting Windows XP client WPA settings using group policy is not available in the versions of Windows earlier than Windows Server™ 2003 Service Pack 1. Until Service Pack 1 is available and you have deployed it in your organization, you will have to configure your clients manually (there is no way to script WLAN settings for Windows XP). You need to install Service Pack 1 only on the server on which you are editing the WLAN settings Group Policy object (GPO); it is not required on the clients, domain controllers, or IAS servers.
• Restricted availability of WLAN clients: At the time of writing, Microsoft only provides WPA support for Windows XP Service Pack 2 and later. PDA and Smart Phone operating systen running on Windows Mobile and Symbion does not support WPA yet. The only operating system that really support secured wireless environment is MacOS for iPhone and iPod. For those who want to get connected through SSID iium-gadget must comply with WPA requirement.
• Availability of WPA compliant hardware: Although WPA support is now mandatory for all Wi-Fi certified hardware, existing network equipment may need to be upgraded to support WPA. You will need to obtain firmware updates for any access points or network adapters that do not currently support WPA. In some (rare) cases, you may need to replace equipment if the manufacturer does not produce WPA updates. Again, it is a common problem to the low-end Microsoft product.
Manually Configuring Windows XP WLAN Settings for WPA
Until GPO support becomes available in Windows Server 2003 Service Pack 1, you must configure WPA settings on the client manually. WPA is supported on Windows XP Service Pack 1 with the WPA client download installed (or on Windows XP Service Pack 2).
Note: When GPO support becomes available, you can also use the following procedure to create a Wireless Network Policy using the same settings.
To manually configure WPA WLAN settings:
1. Open the properties of the Wireless Network interface. If the WLAN is displayed in the Available Networks list, select it, and click Configure…, otherwise click Add (in the Preferred Networks section).
2. Type the WLAN name into the Network Name (SSID) field (if it is not already displayed there) and, in the Description field, enter a description of the network.
Note: If you have an existing WLAN and you intend to run this side–by–side with the 802.1X–based WLAN of this solution, you must use a different Service Set Identifier (SSID) for the new WLAN. This new SSID should then be used here.
3. In the Wireless Network Key section, select WPA (not WPA PSK) as the Network Authentication type and TKIP as the Data Encryption type. (If your hardware supports it, you can choose the higher strength Advanced Encryption Standard (AES) in place of TKIP).
4. Click the IEEE 802.1x tab, and select Protected EAP (PEAP) from the EAP Type drop–down list.
5. Click the Settings… button to modify the PEAP settings. From the Trusted Root Certificate Authorities list, select the root CA certificate for the CA.
Important: If you ever need to re–install your CA from scratch (not just restore from backup), you will need to edit the client settings and select the root CA certificate for the new CA.
6. Ensure that Secured Password (EAP-MS-CHAP v2) is selected in the Select Authentication Method and check the Enable Fast Reconnect option.
7. Close each properties window by clicking OK.
Configuring Pocket PC 2003/PDA/Smart Phone for WPA
WPA was not supported natively in Pocket PC 2003 using Windows Mobile and Symbion at the time of writing; however, this may be implemented in the future. Support for WPA on other type of Pocket PC available from other vendors such Mac OS (iPhone and iPod),
Filed under: Uncategorized | Tagged: IIUM, IIUM Wireless, ITD, WEP, wireless, WPA, WPA Encryption Crack, WPA PSK
