SANS Internet Storm Center; Cooperative Network Security Community – Internet Security – isc


 

SANS Internet Storm Center; Cooperative Network Security Community – Internet Security – isc

If you have a wireless router and wireless card in your computers, you really need to read this post (and any related posts for it).  An unsecured wireless connection is begging for trouble.  Even in a small town.  You’re opening your computer or network up to prying eyes, and you’re opening your Internet connection up to people with less-than honorable intentions (read: illegal downloading of music for one).  Which means you’re opening yourself up to lawsuits and other legal action.

Now WEP, is better than unsecured, but not by much.  It’s been cracked a long time ago. So it’s not much safer.  If you have other choices, you really should be using them.

WPA is next.  It’s more secure than WEP.  But, as this article points out, it’s been cracked partially.  There’s the usual dictionary word attacks (which has been around for a while and is why you aren’t using regular words for your keys, right?)  Now they’re reporting that the TKIP keys can be cracked.  While this doesn’t mean that your data is in trouble, it’s the first step to that problem.

WPA2 is the safest option.  If your router supports this, use it.  If not, then you should make sure the next investment is one that does.  But in the mean time, set up WPA, and if you don’t have that option, you should really invest in a new router NOW.  WPA2 hasn’t been cracked (as far as anyone has claimed).  So it’s the safest method.

If your router has WPA only and has options for the type of encryption, don’t use TKIP.  Use AES instead, as that’s the same type of encryption in WPA2.  And make your passphrase something long.  Include punctuation and mixed case.  Here’s an example of a good passphrase:  “My Very Elderly Mother Just Stomped Upon Newbies”  (For anyone not used to that, it’s a variation of the phonetics to remember the names of the Planets in the Solar System). 

The post that I’m referring to has been out for a day or so, but I decided to write about it this afternoon.  Even late, it’s important to note, and extremely important to do.

Have a wonderful day:)

Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *