WiFi - Recommendations?

Discussion in 'privacy technology' started by x942, Feb 9, 2012.

Thread Status:
Not open for further replies.
  1. x942

    x942 Guest

    Long story short I will be buying a new house here and plan to rent out a basement suite to help cover the mortgage. If you read my posts before you probably know I like to keep things as secure as possible like most people on Wilders.

    I will be using WiFi with WPA2-CCMP with a very strong password as usual, now should I:

    A) Using DD-WRT setup WLAN Partitioning to keep all devices separated so they can't "talk" to each other.

    B) Set up a Virtual AP for the tenant (so it's completely separate).

    C) Do both A + C

    D) Pay to have another modem installed in the basement (it's cable internet so I have to get another jack wired in downstairs.

    E) Something else?

    A & B are the cheapest but would they be secure enough? If I did D I would have to leave internet up to the tenant and not supply it at all for them.

    Any thoughts?
     
  2. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Without getting too technical your safest bet both technically and legally would be a separate modem. I say that because the individual renting would have an account in his own name, his ip, his own online identity. I assume the worst in people until they prove otherwise so I automatically think the person you rented the basement out to will look into child porn, pirate software & movies, and attempt to sniff the network. Or even reset the router when you are not there and expose your network… (All these possibilities listed have happened to me during my youth, rooming with 2 to 3 people)

    So yes, you would mention the internet is separate and they would have to purchase a plan themselves. Lock your own router out of sight from them.
     
  3. x942

    x942 Guest

    Thanks! That's what I was thinking. :thumb:
     
  4. addi6584

    addi6584 Registered Member

    Joined:
    Jan 3, 2012
    Posts:
    58
    Location:
    United States
    srry to burst your bubble but wifi w/ any encryption scheme is insecure as all hell.

    best best is wpa2 w/ a 63 character password (good luck remembering that) this key can still be cracked, but it will take a hell of a long time to do it. even stuff like "2012NYGiantssuperbowlchamps" can be cracked fairly easily. 63 characters for max security

    do NOT use wps on your AP, this is the "enter the code to connect w/o password" thing which is enabled by default by virtually everyone. and even if you are using WPS2, that WPS key can be cracked in about 4 hrs tops giving you full control of the AP

    just run ethernet down there and throw them on a different subnet, or have them buy their own cable service

    wifi sucks.
     
  5. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A

    If set up incorrectly yes, though if you do it right wifi encrpytion is plenty secure.
     
  6. x942

    x942 Guest

    Not sure where you are getting your information from but it's very inaccurate. WiFi is plenty secure if you are using WPA or WPA2. All you need to use is a password that is ~14 chars. or longer and change the SSID. This makes all attacks impractical as you would actually have to run through either a dictionary attack (slow) or generate your own tables with that SSID to attack it (still slow).

    The only true attack is WPS which is easily disabled.

    I also happen to run my network in an enterprise configuration (as such every user has a different password and encryption key) and WPS cannot run in said configuration.

    P.S. I'm one of the few people you have disabled WPS since it came out (from not trusting it).
     
  7. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Everyone forgot; --> USE THE MAC feature to lock the router down further so there can only be connection attempts by those on the 'Access List'. ;)
     
  8. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Forgot your sarcasm font:)
     
  9. addi6584

    addi6584 Registered Member

    Joined:
    Jan 3, 2012
    Posts:
    58
    Location:
    United States
    ROFL id have to disagree by a mile. changing the SSID doesn't have sht to do with anything. if im trying to break into an AP i could care less what you name the thing bc im connecting via mac address which your AP broadcasts publicly. and the ssid is totally irrelevant to everything

    goog search noob http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

    flat out false http://www.aircrack-ng.org/ even script kiddies can do it
     
    Last edited: Feb 27, 2012
  10. addi6584

    addi6584 Registered Member

    Joined:
    Jan 3, 2012
    Posts:
    58
    Location:
    United States
    yes that's the best you can do, still ways around this by recording client macs through various means and then just spoof it to crack everything

    63bit keys are really the only way to go as brute force will take forever.

    use hardwired connections, wifi sucks.
     
  11. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A

    What x942 said is accurate. I believe you may have some general misunderstandings of how wireless encryption works. Encryption algorithms aside most routers will use the SSID as a salt to compliment the hashed PSK. Changing the SSID to a unique name means it would be impractical to do rainbow tables against it.

    I've yet to see a practical attack on WPA2 that doesn't involve a brute force attempt at a captured handshake. (individual router feature/exploits aside)

    WPA2 with strong passphrase changed every 3-4weeks is plenty secure. If the user goes one step further and implements full 802.11x authentication methods then there is no current resource efficient way someone is getting into the network.

    From an encryption standpoint wireless is very secure. The faults come from human error such as weak passphrases/falling victim to an evil twin.
    Being realistic most wireless intrusions on home users are done by adversaries looking for quick internet access or launching points to perform illegal activities. Unless they are your neighbor, or you have the only wifi within a 100 mile radius, most attackers will 9.9/10 times not waste time trying to capture and crack your WPA/2 handshake if you utilize the encryption properly. They will usually run the handshake through a list of captured password databases and dictionary word lists. Some may even run the handshake against a cluster wordlist online. If you use strong passphrases these will turn up nothing and they will move on.

    For targeted attacks, if using a PSK, a simple strong passphrase and expiration date of said phrase will mitigate the attack. Using authentication means will mitigate the evil twin/Deauth attacks.

    [edit] Fixed some typos
     
    Last edited: Feb 27, 2012
  12. x942

    x942 Guest

    Since EncryptedBytes was kind enough to already point out the flaws in this post (thanks by the way) I am just simply going to say that you obviously have no idea what your talking about.

    SSIDs are very important when it comes to WPA/WPA2 (as mentioned in the post above).

    Maybe YOU should do some research:
    https://en.wikipedia.org/wiki/WPA2#Security

    From: Small Net Builder

    There are only five known ways of attacking WPA/WPA2:
    1) Bruteforce/dictionary attack
    2) Rainbow Tables (only for known/common SSIDs)
    3)WPS BruteForce (Not a WPA vulnerbility
    4) TKIP vulnerability if QOS is enabled.
    5) Evil AP

    Attacks 3 and 5 are side channel attacks and don't exploit any vulnerably in WPA itself.
    Attack 4 is a vulnerability against TKIP and ONLY works if QOS is enabled. Disabling QOS or using CCMP (AES) defeats this attack.

    Before you call people out, try doing some research first.
     
Loading...
Thread Status:
Not open for further replies.