Ed Stoffel

Isn’t the concept of wireless security an oxymoron? A recent congressional report says so. InfoWorld’s Ephraim Schwartz says:

The fact is when it comes to security if you’re using a wireless device for voice or data you might as well be standing in any international airport and speaking to a colleague over a megaphone. Oh, and you might want to slow down from time to time to let the crowd around you take notes.

The report recommends the creation of a domestic department to maintaining “sufficient manufacturing capabilities” at home to supply components and software that is not dependent on a global supply chain.

Some secure equipment is currently available, but it can be expensive. The Sectéra Edge can use commercial cellular bandwidth and is certified on AT&T, T-Mobile, and Sprint cellular networks, with Verizon due in January. The device goes for $3,150 with a one-year warranty.

The trades are all talking about a new WPA hack, but is it really a big deal? The media would have you believe so, but Steve Gibson explains exactly what has happened, and what to do to protect your wireless network, on the latest episode of Security Now.

At this point, hackers have discovered that TKIP and QOS together enable them to be a nusance to your wireless network, but it isn’t a complete hack… yet. It is something that could become a point of vulnerability, so it’s a good idea to move toward shutting down the possibility.

Basicly, turn off the TKIP protocol and use AES (CCMP protocol) and don’t use QOS (Quality of Service, a.k.a. WMM) on wireless (VoIP traffic should be connected to your wired router ports, or to put before your router). The combination of TKIP and QOS create the vulnerability, since QOS channels allow more attempts at the crack. Another way to defeat the vulnerability is to reduce the key lifetime to 11 minutes, instead of the default 60 minutes, since it takes a minimum of 12 minutes to perform the hack.

Many routers don’t have QOS, and a lot of routers and wireless devices don’t have AES. But if your equipment is new and WPA2 certified, you probably can switch to AES, and turn off TKIP protocol to be safe.