Books
in black and white
Main menu
Share a book About us Home
Books
Biology Business Chemistry Computers Culture Economics Fiction Games Guide History Management Mathematical Medicine Mental Fitnes Physics Psychology Scince Sport Technics
Ads

wireles network hacks mods - briere D.

briere D. wireles network hacks mods - Wiley publishing, 2005. - 387 p.
ISBN: 0-7645-9583-0
Download (direct link): wirelesnetworkhacks.pdf
Previous << 1 .. 55 56 57 58 59 60 < 61 > 62 63 64 65 66 67 .. 87 >> Next

Sharing your keys with your friends
The easiest way to “turn on” WPA in a home or small office network (the kind we think you’re most likely to be working on) is to use a pre-shared key or PSK. You can think of the PSK as a master password for your WPA network — you need to pass that password along to anyone whom you authorize to use your network.
WPA uses that master password to create the keys to the network encryption, and also to authorize users (they must know your PSK to connect to your access points).
A PSK isn’t a foolproof means of authenticating users. If your network users blab the PSK to others, you lose your authentication. Or, if you choose a really stupid password (like “password”), strangers can launch a dictionary attack (using common words, in other words) and figure it out. For true user authentication, you need to use an authentication system like we discuss in the following section, “Figuring out a new 802 — .1X.”
Typically, you won’t give the actual PSK to your users: The PSK is a 64-digit hexadecimal string — which means that it’s gobbledygook to the human eye and a real pain to type! Instead, you give them a passphrase (often called the
Chapter 8: Staying Safe in the Wireless World 131
shared secret) that’s anything from 6 to 63 characters of letters and numbers. WPA systems automatically generate the PSK from the passphrase, and do so in a consistent way (so different computers, access points, and client devices all generate the same PSK from a given passphrase).
The big leap forward in WPA (compared to WEP) is that the PSK is used in combination with TKIP to change the encryption key with every packet of data that crosses your network (by using some random numbers and special mathematical functions). WEP, on the other hand, uses the same key with every packet, and that key is shorter in length and easier to guess.
As long as your PSK isn’t given away by a user or guessed at (don’t use your dog’s name, in other words), you can consider WPA with a PSK to be really secure for whatever purposes you use your wireless network.
Figuring out a new 802 — .1X
An even better way of securing your network is to step up to the business class seats of WPA: WPA Enterprise. WPA Enterprise (and there are enterprise variants of both WPA and WPA2) adds an authentication element to WPA using a system known as 802.1X.
Stop shaking your head — we know how annoying all of these acronyms and 802-dot-whatevers are. If we could avoid them, we would! Note that 802.1X has only one “1” — it’s a “dot one,” not a “dot eleven” standard. In fact, 802.1X is a standard brought over from the wired networking world. Also, don’t confuse 802.1X the standard with 802.11x , the generic term often used for 802.11a/b/g.
As sharp readers will note (that means you!), 802.1X is another IEEE standard (see Chapter 2 for more on the IEEE), and it is designed to provide a few things in the context of WPA:
^ User authentication: 802.1X uses cryptographic techniques to determine that users are exactly who they say they are (we talk about how this works in a moment).
^ Network/access point authentication: 802.1X also uses cryptographic techniques to ensure that the access point and network that your users connect to is actually yours — and not some rogue access point that’s trying to lure your users in to steal data or your passwords from them.
This double-ended authentication of both the user and the network is called mutual authentication. It’s a big deal in corporate networks and also for hot spots where you’re paying (or collecting money) for network access and exchanging data like credit card numbers.
132 Part II: Boosting Performance on Your Wireless Network_________________________________________
^ Key management: 802.1X offers a big jump forward in encryption security by managing the encryption keys for all users. Instead of creating a single PSK that all users get, 802.1X creates new keys on a per-user and per-session basis. This key management means that there’s an even lower chance of some bad guy figuring out your network keys — because by the time a particular key gets figured out (already an unlikely event), it has been replaced by a new key.
To make 802.1X work in your network, you need a few things:
^ An access point or router that supports 802.1X: This AP or router has certification from the Wi-Fi Alliance (www.wifialliance.org) that says WPA-Enterprise.
If the device supports WPA2-Enterprise, it’ll say that too! We refer to either certification as just WPA-Enterprise here.
^ Client devices and software that supports 802.1X: This is called the 802.1X supplicant. Your client device also needs to have the WPA-Enterprise logo.
A server — in your network or remotely located (on the Internet, for example) — that provides the 802.1X authentication and key management: These servers are usually called RADIUS (Remote Access Dial-In User Service) servers.
Previous << 1 .. 55 56 57 58 59 60 < 61 > 62 63 64 65 66 67 .. 87 >> Next