CSR Technologies Logo Wireless Security - Totally Secure and Cost Effective
Wireless Insecurity
   Login To Your Account
   Wireless Security Info
   Products and Solutions
   Sign Up For Your Account
Internet Security
Our Technology
Web Hosting
Web Development
Login
About Us

 

This is a full, online-duplication of the story originally printed in the Bowling Green Daily News on Tuesday, August 23, 2005, Money Section, B1. For the actual newspaper in pdf format: Page B1.

High-tech security, take two
Reporter RAED G. BATTAH

It's hard to cover all there is about tech security in one article. In last week's Money centerpiece article, "Open Secrets," some important elements were only briefly discussed.

To add a little more insight and possibly a few more technical terms to your vocabulary, I decided to share a bit more of the computer jargon that could be just enough to keep you either in pace or more aware of what risks you could be taking with your present wireless or network setup.

Most of this information is based upon an interview with CSR Technologies President Richard Pickett . Pickett laid out in the simplest terms possible the types of protection wireless customers may be using.

"Wireless security comes in two basic flavors today, WEP and WPA," he said.

According to Pickett, WEP (wired equivalency protection) was, as its name indicates, supposed be just as secure as using a wired network.

"But it never has been," he said. "WEP keys can be cracked within a few hours by anyone who can pickup the network signal. WPA (WiFi protected access) is more secure than WEP, but can still be broken."

WEP uses a preshared key between clients and access points, he said. Each packet (a small block network traffic) sent between the computers is encrypted with the preshared key and an initialization vector. The IV is supposed to be different for each packet sent. The IV used to encrypt a packet is sent unencrypted along with the packet.

"Eventually the same IV will be used again, and once an attacker has two packets with the same IV, the preshared key can be derived through simple cryptoanalysis within less than a second. It usually only takes a few hours of wireless activity to produce duplicate IV," Pickett said.

WPA is stronger than WEP in that although each wireless session starts with a preshared key, the session changes keys on a regular basis.

"While this stops an attacker from easily deriving the key from analyzing packets, the flaw of WPA lies in the use of the preshared key to start each session," he said.

Basically, with a little more of that cryptoanalysis, the keys are eventually derived. In both cases, Pickett said, once the attacker has the preshared key, the network is open to him.

Here are some stats on the networks Pickett found open while driving around downtown Bowling Green recently:

Networks: 687
Networks without any security at all: 418 (60 percent)
Networks using WEP (the weakest security): 219 (32 percent)
Networks using WPA (mediocre security): 49 (7 percent)
Networks using good security: 1 (0.1 percent)

Richard Pickett at CSR Technologies can be reached at (270) 746-0324, online at http://www.CSRTechnologies.com or e-mail at Richard.Pickett@CSRTechnologies.com.
 
 
© 2005 CSR Technologies, Inc.
Terms of Use | Privacy Policy | Contact Us | Site Map