Number 300 - May 2008
Wireless Security
by Brian K. Lewis, Ph.D.*
Sarasota Personal Computer Users Group, Inc.
   Wireless security really relates to three different topics - a wireless network, Wi-Fi hotspots and cell phone modem wireless Internet for laptops. Each of them has their own security problems and considerations. As each of these systems becomes more widespread, they become more of a target for those who want access to other people's information. So, if you use any of these wireless systems, the first two especially, you need to be aware of the hazards you face and how to protect against them.

   We'll start with the wireless network (WLAN) used in a home or small office. This usually involves a wireless router and one or more computers connected to it. I had a small home setup with a router and three computers, sometimes four, depending on what I was working on at the time. I'm sure many of you have a similar setup depending on how many members of your family use computers.

   No matter what type of LAN you use, the most basic security is always important. Never connect to the Internet with any setup without a firewall and up to date anti-virus software on your computer.

   As I have learned, many of the methods I have advocated in the past for protecting your wireless network don't really provide the protection you would expect. Two of the more common recommendations have been filtering of the MAC address by the router and turning off the broadcast of the SSID (service set identifier), essentially the routers call sign. The problem is that there are a number of software programs (sniffers) that are available, free, on the web that will quickly pick up this information from any unencrypted network. Then it is relatively easy for the hacker to fake the MAC address and log on to the wireless network. Generally, the process takes only seconds. If the network has file sharing turned on, then your computer is completely open to the hackers roaming. As for the SSID there are four ways that this will be broadcast even if the standard broadcasting is turned off. Hiding the SSID makes the WLAN less user friendly, but does not prevent a hacker from obtaining it simply through a probe request.

   The best way to protect your wireless network is by encrypting the communications that occur between the router and the computer. If you are still using an 802.11b router, then you may only have access to the WEP (wired equivalent privacy) protocol which was part of the 802.11b standard. This allowed the user to establish a 64 bit or 128 bit key in the router software. (As a side note, the secret portion of a 64 bit key is only 40 bits and the secret portion of a 128 bit key is only 104 bits.) With a WEP established, the computer was required to use this key to log on to the router. With WEP turned on, each packet to be transmitted is first encrypted and then passed through a shredding machine called RC4. One problem associated with WEP is key management. When we enable WEP according to the wireless standard, we need to visit each wireless device that we use and type in the proper WEP key. If the key is compromised due to some reasons, either you have to change the key or lose all security. However, the primary problem with using a WEP key is that it is easily broken. There is free software on the web that can break a 128 bit WEP key within minutes. On one hacker web site I saw a table displaying the results from a half-dozen different packages. They broke WEP keys in times ranging from a few seconds to a few hours.

   Don't consider that because your house or your office is not close to the road that you are safe from a hacker's attention. The antennas used by hackers in drive-by situations have a range of a mile or more. So, if you are still using a router with WEP it is time to consider a change. If you can't get new firmware for your router that supports the newer WPA standard, then a total hardware upgrade should be considered.

   Routers using the 802.11g or 11n standard have incorporated a better security protocol referred to as WPA (Wi-Fi protected access). Some newer routers also support WPA2, an improvement on WPA. The easiest-to-use and most widely supported version is WPA Personal, sometimes referred to as WPA Pre-Shared Key (PSK). To encrypt a network with WPA-PSK you provide your router not with an encryption key, but rather with a plain-English pass-phrase between 8 and 63 characters long. Using a technology called TKIP (for Temporal Key Integrity Protocol), that pass-phrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. And those encryption keys are constantly changed. This increases the difficulty for the hacker in obtaining packets and cracking the key before it is changed.

   The problem with the pass-phrase is that most people use short common words as the phrase. In researching this article, I found a hacker site with a detailed method for obtaining and decrypting WEP and WPA keys. In fact the comment on the site was that most "user" keys are so simple that they can be cracked in seconds once the WPA packets have been saved on the hacker's computer. You should not use any dictionary words in either the pass-phrase or the
SSID. You should also use a pass-phrase as long as possible 63 characters and include numbers, upper-lower case and punctuation such as @, #, & and *. Does this guarantee that your network can't be hacked? Of course not, just that it increases the difficulty. If you make it difficult enough the hacker will turn to a system that is easier to crack.

   Now we need to consider Wi-Fi hotspots. When you take your laptop to any location where you find free access to a Wi-Fi system, have you thought about the security of this network? In many urban areas local governments are trying to establish city wide hotspots. If you don't have to log in to one of these networks with an encrypted password, then the network doesn't have an adequate level of security. Everything you transmit is "in the open". Although it is transmitted in hex packets, these are very easily converted into plain language. Also, can you be certain that the location you have logged onto is the location it says it is? One of the newer techniques is that referred to as the "evil twin". Rogue hot-spots try to resemble legitimate locations to get users to log on. This is the latest version of the e-mail phishing scam. Once logged on, the illegitimate site can then record passwords, web sites and any other information transmitted by the user. The rogue spot can even pass the user on to the legitimate site and still have the ability to record passwords, bank account information, credit card numbers and anything else it wishes to capture.

   Just to give you one example of the extent of these rogue hot-spots. I found a quotation from the security officer of a university campus: "We see hundreds of rogue stations and access points around our campus, and trying to determine which one poses a security risk is like finding a needle in a haystack." The point is, if you use your laptop at any of the thousands of hot-spots that provide free access, you have no way of knowing when your information is being stolen.

   So what's a user to do? Certainly the availability of free Internet access is much too tempting to avoid it altogether. One recommendation is to use VPN (virtual private network) software or encryption software whenever you are accessing the Internet via a hot-spot. Interestingly both the paid and free versions of the ZoneAlarm firewall can now notify the user when connecting to a rogue hot-spot. However, in my mind the first two choices provide more security. In essence the VPN provides you with a private connection from your computer through the hotspot router to the Internet. With encryption and the security protocols, the VPN makes a very secure connection.

   There is a low-cost VPN available from JiWire.com called Hotspot Helper. Hotspot Helper's VPN uses IPSec (a security protocol) and encrypts data using a 128-bit AES key, but unlike many VPNs, it doesn't require you to enter login credentials or arcane network parameters for access. The whole connection process is automatic and takes anywhere from 10 to 30 seconds. Once it's enabled, all inbound and outbound traffic on your system travels through an encrypted tunnel, which prevents other wireless clients from eavesdropping on your transmissions or accessing your system via the wireless link. (Hotspot Helper's tray icon displays a lock icon when the VPN is enabled.). Now, I must admit I have not used Hotspot Helper. I have just evaluated reviews, commentaries and the company web site. Hotspot Helper is available for a free 10 day trial. After that it is $24.95 per year. I don't think you can get this level of security at any lower price. Also, since there is a free trial, you can check it out for yourself.

   There is another VPN available that is free. It doesn't offer quite the same range of security as Hotspot Helper. You can find it at: www.anchorfree.com/downloads/hotspot-shield/

   There is one other way to get secure access to the Internet when you are on the road. That is by using a PC modem card that connects to either the Verizon, Sprint or AT&T wireless network. These cards, sometime referred to by Sierra's registered name as "aircards", provide an encrypted connection to the provider's data network and the Internet. In a short explanation, they use the government AES encryption algorithm. These cards do have drawbacks. You can't get a broadband signal everywhere and they are not cost-free. The monthly costs range from $50 - $80 depending on the provider and other terms.

   However you use your wireless connection, be sure that you are surfing safely. Always keep security uppermost when dealing with wireless connections.

   *Dr. Lewis is a former university and medical school professor of physiology. He has been working with personal computers for over thirty years, developing software and assembling systems. He can be reached at bwsail at yahoo.com.

   Copyright 2008. This article is from the March 2008 issue of the Sarasota PC Monitor, the official monthly publication of the Sarasota Personal Computer Users Group, Inc., P.O. Box 15889, Sarasota, FL 34277-1889. Permission to reprint is granted only to other non-profit computer user groups, provided proper credit is given to the author and our publication.
  Number 300 - May 2008