New Way to ID Invisible Intruders on Wireless LANs 122
Bergkamp10 writes "Australia's University of Technology in Queensland has created a groundbreaking new system that can detect invisible intruders on wireless LANs. Wireless networks have been almost impossible to thoroughly secure as they possess no clearly defined boundaries, instead they are defined by the quality and strength of the receiving antenna. QUT Information Security Institute researcher Dr Jason Smith has invented a new system to detect eavesdropping on unencrypted networks or active hijackings of computer sessions when a legitimate user who is logged onto the network leaves the connection. Smith has created a series of monitoring techniques that when used together can detect both attackers and configuration mistakes in network devices."
Re:LAN security (Score:0, Informative)
Australia's University of Technology ? (Score:4, Informative)
Zonk or Bergkamp10, please do us all a favour and don't change the name of institutions.
Re:Virtually impossible? (Score:2, Informative)
If you augment this with weekly password changes and the strongest possible password, they aren't getting in unless they control a lot of systems. Yea they could still break your wireless network eventually, but there are other wireless networks that are far easier to get into so they'd move on.
Beyond that you secure the hosts on your network as well.
Security isn't about making your network unbreakable, which is impossible. It's about making your network not worth someone's time to break into. You do this with layered security and being polite.
Network crackers go for the low hanging fruit every time, unless it's a targeted attack, which most home users don't ever need to worry about unless they piss off the wrong person. They'll get your neighbor that didn't change the default password and doesn't password his hosts. There's a buffet out there of easy to break networks, so chances are, if you take reasonable precautions, and don't go around flaming people, you are fine.
Personally I don't run a wireless network. I pulled Cat5-e to every room in the house while I was rehabbing and don't need it. I did this before WEP matured because I didn't trust wireless at the time, wired networks Just Work(tm) and are much faster. Of course it's easy to do this when your walls are open 8)
-AC
Re:Wireless 101 (Score:2, Informative)
MAC filtering is useless because anyone with Kismet can see the active MAC addresses on the network.
SSID hiding is useless because anyone with Kismet can see the active SSIDs around them.
Someone mentioned it earlier, but have a look at this:
http://blogs.zdnet.com/Ou/index.php?p=43 [zdnet.com]
Re:Virtually impossible? (Score:2, Informative)
You are assuming that WPA needs a human-configured passphrase here. Your calculations are all nice, but they refer to WPA-PSK (pre-shared key). If you use WPA with IEEE 802.1x (sometimes called WPA-"Enterprise"), a PMK (Pairwise Master Key) is generated by a AAA server *anew for every session*. I.e. as soon as someone logs off and on again, your calculations got to start from scratch. I'm assuming people don't stay connected 37 days continuously on a WiFi connection, so your botnet attack is rendered useless. To be on the safe side, you can set your APs to negotiate new keys at your personal paranoia level time interval even when connections persist.
Even with WPA-PSK, your reasoning is only correct if you really want the PMK of WPA-PSK. Your botnet could be faster if you just want the current session key: it is 128 Bits in length (both with TKIP encryption and AES), so you only need to try 2^128 numbers to get in. The amount of randomness for the PMK is irrelevant if you just want to get into a session quick-and-dirty. Another reason for WPA users to rekey every so often.
WPA-Enterprise is used worldwide in educational institutions in a free (as in spirit and in beer) manner right now, including worldwide roaming: check http://www.eduroam.org./ [www.eduroam.org]. Even in Queensland numerous universities are participating and thus have something at their disposal that is way less suscepible than static session keys. http://www.aarnet.edu.au./Content.aspx?p=133/ [aarnet.edu.au] suggests that University of Queensland is in, so I guess they are just doing the research to show people how unsecure WLAN networking is if you *don't* use IEEE 802.1x
Reading TFA. (Score:3, Informative)
Well, the first thing you need to do is actually start reading the article you're using for support. From the fine article you quoted:
Up to the time you can show how a wifi connection will make a physical CD magically show up in a room, then any argument about plausible deniability based off this case is full of it. You can't claim someone else was using your wireless connection to download child porn when you have a big stack of CDs with child pornography on them. Nobody is stupid enough to believe that. The only way this could have been a test case would be if they hadn't found any evidence beside the network traffic.
What this shows is that illegal traffic coming to/from your address constitutes probable cause, which is a different kettle of fish.
Re:Virtually impossible? (Score:3, Informative)