People will come up to me and ask, “Is my Wi-Fi password strong enough?” or “Is my wireless network secured?”. This is often a difficult question to answer because no matter how secure a network is, there are always vulnerabilities. Wireless networks can be exploited several ways. Some common causes include: weak passwords, insufficient encryption, and believe it or not, huge data transfers. If a wireless network has a weak password, then access could be achieved within minutes. Passwords should never be predictable. Weak security mechanisms, such as using outdated encryption, can also leave your wireless network exposed. If you are going to secure your home wireless network, at least use WPA2 (Wi-Fi Protected Access v2). WPA2 uses AES encryption, and when compared to TKIP, can stand a chance against a more powerful attack (see this link to read a little more about AES vs. TKIP encryption). WEP is also highly susceptible to replay attacks and should be avoided at all costs.
Just the other day, I got familiar with aircrack-ng. aircrack-ng allows you to lock onto a specific BSSID and capture traffic that comes in contact with your network adapter. If your network adapter can support airodump-ng, then you can sniff packets from an AP and potentially crack a Wi-Fi password. In order to execute attacks like that, massive data transfers must be occurring when the hacker sniffs the wireless network. If there’s not a lot of data being transmitted, then the attack will take longer to execute. Packet injection via aireplay-ng can come in handy for generating noise. An attack that could take days to execute can happen within minutes if a hacker’s network card supports packet injection.
If you really want to be secure (to the point of inconvenient), here are some security mechanisms you can implement:
- Using a strong encryption mechanism
- Enable hidden SSID
- Configure a MAC address filter
- Implement an IDS endpoint
- Use WPA2 Enterprise (802.11x) in order to add authentication/accounting via an intermediary (e.g. Microsoft NPS/RADIUS)
(Originally posted on April 27th, 2014. Updated on September 13th, 2020)