Despite what the most media sources have been saying, WPA certified wireless networking is not actually broken. Rather than write-up a long complicated description of what was actually discovered, this has already been done (see grc.com's Security Now podcast #170 TKIP Hack). I'll try to keep it short and simple.
First, as I noted on an old post on Wireless security, WEP (Wired Equivalent Protection) is totally broken so, you should NOT still be using this. The WPA "crack / hack" discovery is simply a weakness in the protocol, TKIP (Temporal Key Integrity Protocol) used by many people that are currently using the WPA certified security. WPA was an early implementation of the 802.11i specification before it was finalized. What you want to use to mitigate what is really a very minor weakness in WPA is WPA2. WPA2 is the 802.11i specification in it's completed / finalized form. Now once you switch to WPA2 you also want to use AES and NOT TKIP.
If your equipment doesn't support WPA2, Check and see if there is a newer firmware for your router(s) and access points that may support WPA2. If your are stuck with WPA, check and see if your router supports QoS (Quality of Service) and make sure you have it disabled. It is likely the if you have QoS enabled it is doing you no good anyway. QoS is a key feature in the slight weakness of the WPA crack. Another name for QoS on some wireless routers is WMM (WiFi Multi Media). This is a fairly new Wi-Fi Alliance certification on some routers. All this new acronym indicates is an interoperability certification using a subset of the 802.11e subspec. So, again disable WMM if it is enabled. Another way to mitigate this attack would be to reduce the re-keying time from the default of 3600 seconds (60 minutes) to less than 12 minutes, say 660 seconds (11 minutes). Then the attacker runs out of time before being able to complete the attack on one packet. Doing this also removes the possibility of a DoS (Denial of Service) attack that could be done by injecting packets with bad MIC (Message Integrity Code).
So, bottom line. Use WPA2 with AES / CCMP (NOT TKIP or AES+TKIP) and use a long randomly generated security key. My favorite site for generating very high quality, cryptographic-strength keys is GRC's Perfect Passwords page. FYI I also use his Perfect Paper Passwords service for shorter strings I can use for passwords and Passcards.
The minor weakness discovered only allows the attacker to get a short packet of relatively known contents once every 12 minutes or once every 4-5 min with QoS/WMM and issue a reply attack with up to about 7 fake packets. These short packets are probably DHCP or ARP packets. They can't actually decrypt your packets and they don't have the time to fake a larger data packet since your router will likely re-key once an hour. This re-keying causes the attacker to have to start over from scratch.
No comments:
Post a Comment