Friday, June 17, 2005

Wireless Discoveries

I bought myself a Linksys WRT54G Router-AP last night and wired it up, giving a good kick to my network and finally getting behind a dedicated device rather than a Windows workstation pretending to be one. I decided to give it a spin, and found a few nice things in it.

The first thing I noticed was that my Internet connection was visibly more responsive, something I had not anticipated. Being as it may, a dedicated Linux i686 device apparently does better than a Windows XP workstation acting as an Internet Connection Sharing NAT. And yes the device is Linux; I nmapped it and checked out its fingerprint for some odd port, which responded with an HTTP/1.1 reply on a server built for i686-pc-gnu-linux.

Next I decided to dive into the machine itself. The first place I went was into the security settings to enable the Stateful Packet Inspection Firewall. This firewall does actually very little; it simply prevents break-ins using connection spoofing. Still, it's a good layer of security; the router ignores anything coming in from the outside that's not part of an established connection.

I decided to play with Wireless security and was pleasantly surprised to find that WPA supports AES encryption! Not only that, but Windows XP can connect to an AES encrypted WPA network! This means that WPA with AES encryption is readily available and usable in all environments, including home environments. Of course it also works with Linux according to some Googling; but I have yet to get wireless working in Linux with this damned Broadcom 54g.

So with AES encryption, my wireless connection is now presumably incrackable. For standard 128, 192, and 256 bit models, AES is considered secure for government data up to SECRET at its lowest denomination, and up to TOP SECRET anywhere above there. I'm still waiting for 802.11i, the enhanced security specification for 802.11 networks, to reach the market full force. For now the Linksys router box literature doesn't mention WPA at all, much less WPA/AES; I was all set to do some firmware flashing.

One issue with WPA/AES is that nobody in the consumer market understands it. Geek Squad for example still employs 128-bit WEP and state that it's more secure than 64-bit WEP; of course AirSnort and AirCrack can break either in the same amout of time with a chosen ciphertext attack on the RC4 stream cipher algorithm. I'm sure most "friends next door" just flip on "encryption" and enter a key. WPA/TKIP allows for a password, so they might hit that; but it's still potentially crackable if the group renewal time isn't reduced, and reducing that too far causes major issues. Still, it's better than just WEP.