Since my article on WPA security and Elcomsoft’s cracking software, I’ve received a
few e-mails asking me to explain wireless security in greater detail. While I can
easily do that, I have a feeling that what most people want is not more details, but
for it to be presented in an understandable manner. So, without further ado, here’s
The Tech Mango’s WiFi Security Analogies that will make you groan!

Having a wireless network is sort of like having a house. In the default “Open”
mode, your house has a 100-meter tall sign saying “party over here!” Anybody can
walk in and start talking… And hear other people’s conversations. Not a good thing
if you frequently discuss sensitive information. There are many ways to keep this
information hidden.

Disabling SSID broadcast. This is perhaps the simplest method and first step towards
a little security. This takes down that 100 meter sign, but everyone driving by can
still see that there’s a house at 123 Main Street. This is because your router or
access point broadcasts what’s known as a beacon… And that includes it’s physical
address. It provides little real security, as any time someone comes to your house,
they ask “Is this Rob’s Party?” Loud enough for all to hear. Not very secretive at
all.

Mac Address filtering. Another method of security is having a guest list for the
party. And while this may seem secure at first, all tech-savvy hackers know this is
little more than a temporary inconvenience. The “bouncer” (router or access point)
relies on stickers saying “Hi, My Name is…”. Hackers can quickly take a magic
marker to these stickers to change their name to someone on the guest list.

While these two methods are generally sufficient to deter those looking for free
internet, it’s little more than a bump in the road for more knowledgeable or
dedicated hackers.

WEP Security. The best way to describe this is a house party where every guest has
to use a secret knock every time they speak. After listening to a few thousand
conversations (which is rather quick on computers), a hacker generally has the knock
figured out and can communicate with everyone else.

WPA security. This security is definitely more thorough… We’ll cover the WPA
Pre-shared key. This is like having a key to the party… And once you’re in the
vestibule taking off your coat, the bouncer demands to have the secret handshake.
Inside, you speak in a language based on the handshakes you’ve done. But this is
where the recognizable analogy ends, as the intricacies of WPA are such that the
main security is the 4-way handshake. And while this can be observed, it will still
take the hacker a while to figure out what the handshake is and how to do it,
practicing in front of a mirror until her gets it. With sufficient password length,
he will never get the handshake down unless it’s a poor choice of password
(specifically, dictionary words).

WPA Enterprise. This the the top level of security you can have. Not only are you
asked for a key and secret handshake, the bouncer asks for your drivers license and
runs it against the DMV database to make sure you really are who you say you are…
And that you’re allowed in. These “credentials” can be revoked at any time… Like
say when you fire an employee. Hence, WPA enterprise is useful in large business, or
enterprise, application. See how the name fits? There are currently no known methods
of hacking this type of network from the outside. You can duplicate someone’s
credentials if you get a hold of them (or specifically, their laptop), but once the
breach is discovered, the fix is as simple as cancelling your credit cards.

VPN. Many security experts theorize that the future of wireless security will go
towards DATA security and de-emphasize LINK security. If the data going over your
network is sufficiently encrypted, it won’t matter what form of security you use.
It’d be like having a guest walking into your open house party, only to discover
that everyone else is speaking in a made-up language that only they know. This is
what a VPN does. It sends the data to another computer in an encrypted manner…
like having your own virtual private network. In fact, this is what it stands for!

There are other ways to make your wireless network more secure…AP Client
Isolation, etc. But for the sake of sparing you my never ending torrent of bad
analogies, I won’t hit upon those here.

The long and short of it is, a WPA Pre-shared Key (especially AES-based WPA2) with a
sufficiently complex and long key is UNHACKABLE with current technology, and will be
for quite the foreseeable future. It’s a never-ending game of cat and mouse with
hackers and security professional, but for now… The cat’s got the edge. Upcoming
technologies, such as 5 Ghz wireless, will keep the trend going. As of right now,
there are no known hacking tools or devices that support the 5-Ghz wireless band.