Announcement

Collapse
No announcement yet.

What is the best way?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • stringslayer
    replied
    Only the 2nd Post?

    Originally posted by evad123
    Some more background re 'securing 'a WLAN
    That is one of the best forum answers I have ever read. Hard to believe you are new to Defcon! Nice work

    Leave a comment:


  • evad123
    replied
    Securing a connection

    Some more background re 'securing 'a WLAN

    As pointed out by the previous posts, there is a wealth of info our their pointing to mechanisms for securing a network connection. Wireless or otherwise.

    The problem effectively comes down to three issues

    1) Authentication - How do does the network know who is connecting to it, or vice versa.

    2) Encryption - How can you obscure the information being transferred across a medium where others have visibility of the data transmitted over that medium.

    3) Resilience - How tolerant is the network connection to denial of service from attackers.

    There are many solutions to these problems all with pro's and con's relating to cost, flexibility, and effectiveness, thus the extent you need to go to in protecting your data and the continuation of the connections depends upon what you are trying to protect and what effects denial of the connection will have .

    Firstly resilience WLAN specifically the 802.11 family is a politeness based protocol, if a client or AP detects the physical medium (in this case Radio) is in use it will not transmit, this means by its very nature regardless of any security mechanisms you employ somebody can take your system off the air via transmitting a continuous signal (i.e. not necessarily a WLAN one) on the same channel as your system. The upshot of this is you should never use WLAN for critical systems (i.e. planes start fall out of the sky if the link stops).

    Encryption, there are many ways to encrypt data, WiFI has touted AES based upon the Rijndael cipher as the current best practice for native standards based encryption over WiFI, However added security may be provided by use of a software based VPN in addition to the native WiFI link encryption. When securing higher security info there are also hardware standards based solutions (not specifically for WiFI) that could be used in a point to point scenario for instance (Thales Datacryptor which is FIPS and CAPS compliant tho this type of solution probably a bit overboard for most applications)

    Authentication, You can have the best Encryption in the world, but its all for nothing unless you can identify the users to the system and vice versa.
    It would be quite possible to use AES encryption but use an authentication method that consisted of the question "Are you a hacker Yes/No?", thus the encryption is ok but anybody would be able to get onto your network and use a varied selection of standard attacks (ARP poisoning etc etc etc) to route data destined for other wireless users to themselves without ever having to break the encryption of the wireless link.
    The level of Authentication you need again depends on the level of sensitivity of the network you are trying to protect. Certainly use of password based or shared static key authentication is fairly easy to break and susceptible to social engineering attacks. You could opt for a Radius PKI approach using digital certificates, or better a mixture of knowledge and physical authentication (i.e. Like needing your bank card and pin number to get money from a cash machine you need something and some knowledge to authenticate yourself) like systems provided by RSA etc.


    So basicaly the answer is, it depends.

    Leave a comment:


  • noid
    replied
    http://csrc.nist.gov/pcig/cig.html

    NIST Security Checklists. Have Fun.

    Leave a comment:


  • Freedom Matrix
    replied
    I read that part, on computer security and I read that other stuff, but I'm talking about in general here. What is the best way to go?

    Leave a comment:


  • lil_freak
    replied
    Have you tried the nice little handy dandy search tab to help aid you in your answer?

    Leave a comment:


  • Freedom Matrix
    started a topic What is the best way?

    What is the best way?

    What is the best way to to secure a wireless connection from being intercepted? Is it better just to use a different connection?
Working...
X