Talk:Wireless security/Archive 1

This page is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

So you call them "crackers" instead? That term has its own set of derogatory misconceptions. I would think that the more common term "hacker" would apply itself better to this article as it is correctly calling to the proficency of a user (albiet, abuser) of computer networks. I would reccomend perhaps keeping the use of "crack" in reference to cracking a security algorithm, but not defining the perpitrator as a "cracker". --67.115.118.49 21:24, 12 July 2006 (UTC)

its worth mentioning that where it says that some parts of MITM is automated by Airjack, i'd point out that Airjack automated the entire thing, it came with monkeyjack which put you in the middle with an API for manipulating and monitoring the traffic, and krackerjack which actually broke some weakly authenticated VPNs crypto using the MITM...of course none of that is relevant really today as Airjack hasnt been maintained for years and requiers what is now very outdated hardware to run... (btw, i'm the author of Airjack, thats how I know this) --Michael Lynn 23:54, 20 March 2007 (UTC)

This article needs to be copy-edited such that it no longer has a prescriptive tone. It ought to be informational, but not normative (i.e. 'these are the various security measures that exist to counteract these various threats,' NOT 'you should do this and that and the other thing'). The basic information is solid as far as I can tell--it just needs to be converted from an essay into an encyclopedia articl—thames 19:24, 6 March 2006 (UTC)

I also feel that some of the diction is too casual, and that some of the paragraphs are so vague from the technical point of view as to be almost incomprehensible. To the extent that I can find the time, I will start working on both the stylistic and technical problems. This will be my first significant edit in Wikipedia, so I'd appreciate a lot of hand-holding. Tireisias 18:27, 7 May 2006 (UTC)

What is Wikipedia policy on the he/she business, referring to an individual of unknown and irrelevant sex? Tireisias 18:49, 7 May 2006 (UTC)

The sentence length and complexity is significantly lacking which (I believe) leads to the casual tone. There is also little variation with sentence structure and very few compound or complex sentences.216.196.249.142 15:31, 3 October 2006 (UTC)

I did some editing and took down the "marked for editing" sign which has been up for the past 10 months. I think this article looks like it is 90% there and I don't think it will get that much better from a structural standpoint. However, by all means keep working on it if you wish... Exsturmin8r 07:34, 3 January 2007 (UTC)

Ummm... Some of this was originally plagarised, hence the inappropriate tone. Caffe Latte Attack taken from http://www.airtightnetworks.net/knowledgecenter/wep-caffelatte.html Some of the article should be completely rewritten Aronzak (talk) 06:21, 24 March 2008 (UTC)

Working on a wireless security project.

MAC address filtering is a very bad way of securing a network along with ESSID hiding. Both of these can be exploited easily.

Does anyone still think it a good idea to merge Wireless LAN security into this one? That one is more an elementary introduction, suitable at least in part to owners of ordinary LANs who barely know that the wireless router that shares their broadband Internet connection gave them a LAN. This one seems more deep, like a manual for computer professionals who spend hours every week in projects that protect a LAN with hundreds of computers and corporate secrets worth millions of dollars. Perhaps instead of coming together, the two articles should be made to drift further apart, with this one continuing to serve its tiny constituency, and that one ceding this territory in order to serve better the majority. Jim.henderson 05:08, 15 June 2007 (UTC)

ERm, does anyone actually look at these links? Or are they just removed? That was an article about wireless security, no selling or anything ffs. —Preceding unsigned comment added by General Trelane (talk • contribs) 16:10, August 24, 2007 (UTC)

I've been doing simple wikification and noticed that this section is all about "how to" secure your wireless network. Although written well, Wikipedia is not a "how to" manual...

I'd like to propose we axe the section. The article is lengthy anyhow, with lots of different directions a reader could continue researching. E_dog95' ^{Hi '} 07:24, 26 August 2007 (UTC)

I'm going to remove the section as proposed. E_dog95' ^{Hi '} 06:31, 7 October 2007 (UTC)

Is it possible for me to use a wi-fi enabled laptop and use my neighbours wi-fi broadband connetion to surf the internet and do all i.net related activities free of cost?. The situation being I am living in a condo. and the appartment above mine has a 2mbps broadband connection on a wi-fi router. He has no wi-fi security enabled, thereby his appartment being wi-fi enabled, in that case it sounds logical that I could also patch in with my laptop at his cost. Is it technically true? Paul —Preceding unsigned comment added by Paulthottam (talk • contribs) 04:18, 7 November 2007 (UTC)

Mixed security is a popular alternative for public access points because it has not special software requirements: only a 802.11 wireless access card (currently the lowest common denominator) and a web browser. Basically, it's an access point without encryption or uses WEP encryption with a pre-shared key, but restricts access until users have authenticated themselves on a webpage. Here's a few examples:

Toronto Hydro Telecom's "One Zone" does not use encryption. Instead, users are allowed to browse THT's website until they've purchased a plan and signed in. Other commercial hotspots, such as [Roger's HotSpot] also work this way

The University of Toronto Campus Wireless Network uses WEP encryption with a password available on the internet. (It's not entirely clear why they'd bother with encryption at all if the password is available to the general public.) On the first attempt to access a web page, users are redirected to an authentication page. After successfully authenticating, the user can use any internet service. Users have bandwidth quotas and are required to keep their operating system up to date.

The University of Toronto Computer Science Department has its own wireless network. WEP encryption is used, and the password is available on a website to authenticated users; the password is changed once a year. Users must have an ssh session to a special server open for their network access to work.

(Those are my rough notes for a new section. It's messy so I'm not putty it in the main article. Hopefully someone with more time on their hands can do this. Thx geoff_o (talk) 01:23, 12 December 2007 (UTC))

SSID hiding is just as easily broken as MAC filtering, but if one is in the article, the other should be too. If not for else, to inform people that is almost useless. (so to stop people spreading misinformation all over the internet, how SSID hiding "protects" their network).

--Xerces8 (talk) 14:32, 6 January 2008 (UTC)

I believe this should certainly be mentioned. I think it is fair to say that in (say) a residential street with several visible networks, they are more likely to be targeted before any hidden ones, so it is still a reasonable measure to take. Halsteadk (talk) 00:09, 29 November 2008 (UTC)

Are encrypted packets (WEP, WPA) larger than unencrypted ? IOW, has encrypted traffic less net bandwith ? This is a pretty common question about WLAN security (in forums).

--Xerces8 (talk) 14:32, 6 January 2008 (UTC)

Contents from previous editor (moved to new section)

Ummm... Some of this was originally plagarised, hence the inappropriate tone. Caffe Latte Attack taken from http://www.airtightnetworks.net/knowledgecenter/wep-caffelatte.html Some of the article should be completely rewritten Aronzak (talk) 06:21, 24 March 2008 (UTC)

Thanks for pointing that out. I will look at what is there. I recently converted an external link from airtightnetworks.net. I may just remove the content that's in question and find out who placed it and notify them. Thanks again. E_dog95' ^{Hi '} 07:29, 24 March 2008 (UTC)

Section has been re-written and the original editor notified. Thanks again :) E_dog95' ^{Hi '} 07:57, 24 March 2008 (UTC)

As this article reads now, it should be renamed to "Wireless Security Problems". If we're going to keep the current title then there needs to be less focus on old/deprecated wifi protocols and more focus on modern protocols which are believed to be secure. For example, "WPAv1 is insecure because of ..." should be rewritten as "WPAv2 does ... to fix ... problem in WPAv1". Abhibeckert (talk) 10:49, 12 February 2010 (UTC)

Please, WP:Be Bold -- KelleyCook (talk) 21:00, 12 February 2010 (UTC)

Most of the sections in the "Types of Unauthorized Access" section have been plagiarized from the paper "Wireless Network Security: Vulnerabilities, Threats and Countermeasures" by Min-Kyu Choi, Rosslin John Robles, Chang-kwa Hong and Tai-hoon Kim, published in the International Journal of Multimedia and Ubiquitous Engineering (Vol 3 No 3) in July 2008. The paper can be found at www.sersc.org/journals/IJMUE/vol3_no3_2008/8.pdf Maegereg (talk) 23:09, 7 February 2011 (UTC)

I've just changed the intro section back to how it was before the rewrite by User:Wireless_Friend: the previous version seems to me to be rather better in terms of style and coverage. Comments? 78.146.29.26 (talk) 17:17, 8 October 2011 (UTC)

The issues (mentioned on the archived talk page too), with this article being written as an op-ed piece rather than a useful encyclopedic article, and with some text allegedly plagiarized from a journal article are still very much present. The article remains in dire need of copy-editing, but I don't have enough knowledge of the subject matter to do this myself.

For those who would take up the task, I would suggest the following new article outline:

• SHORT Introduction/Summary (current is too long and includes opinionated remarks).
• WiFi security/encryption mechanisms (Covering WEP, WPA, WPS etc.) Includes a table of available mechanisms with various attributes such as "broken?", "Key length", "Same key for all users", "few vendors", "open source available")
• non-cryptographic WiFi security features (Covering MAC filtering, hidden SSID, WiFi OFF buttons etc.)
• WiFi best current practice settings (covering the tidbits of advice scattered around the old article, if still relevant) (For sources, use such documents as the published security guidelines from CERT, SANS, NIST etc.)
• WiFi common mistakes (blank/default password, accidental association, etc. etc.) (For sources, use reports and journalistic articles on that topic).
• Using generic security tools to supplement WiFi security (Covering the use of VPN, SSH, IPSec etc. to protect access to the local network over WiFi, rather than using those same tools to access far away networks).
• Non-WiFi wireless network security (covering Bluetooth, femtocells, pre-WiFi technologies etc.)
• Non-protocol security measures (covering faraday grids, prevention of unauthorized WiFi devices etc.).

90.184.187.71 (talk) 15:57, 6 January 2012 (UTC)

I agree with this proposal. This article is almost unreadable for a lay person, and the most important info folks will come here for is not prominent (home network security options, tradeoffs, pitfalls). I would also suggest a split to two separate articles about home wifi security and enterprise wifi security. LaTeeDa (talk) 15:44, 23 March 2012 (UTC)

I agree that this article is not for home users. Nevertheless, it is obviously written by an expert and well worth keeping until it is out of date. Also, the points made in the first part of the article are not difficult and easy to understand. For example, the ways in which a laptop can be used to gain access to a network. — Preceding unsigned comment added by 75.80.101.143 (talk) 17:45, 28 March 2012 (UTC)

This line: With the most popular encryption algorithms today, a sniffer will usually be able to compute the network key in a few minutes obviously refers to a major security flaw. I think it needs to reference the specific flaw, so people know if they are affected. Is WPA2-AES with WPS disabled also vulnurable to this flaw? — Preceding unsigned comment added by 89.98.244.103 (talk) 18:31, 15 October 2012 (UTC)

I'm not sufficiently expert to work on this page but it does seem to cover technical aspects that relate to corporate networking fairly widely, but is not very accessible for readers who (a) are interested from a domestic/personal perspective and (b) are looking for an introduction rather than a list of relevant topics. Is this a fair criticism? Are there better articles for that purpose? Martin ^{(Talk, Contribs)} 22:07, 30 October 2012 (UTC)

Why is this called "Wireless security", instead of, e.g., having kept "Wireless LAN security" for the merged article? It mentions something it calls "Non-traditional networks" only in passing, ignores remote gate/car keys and mobile telephony and ZigBee etc., and is almost exclusively about "Wi-Fi security", which seems a more appropriate name. RFST (talk) 05:33, 8 March 2014 (UTC)

This page was identified as including a disambiguation error based on the term "ADS".

In order to resolve this problem I have removed the wikilink from the term as I am unable to determine, from the context, what it is referring to. If you wish to restore the link please ensure that the term and the link are fully resolved so that no further disambiguation occurs. Perry Middlemiss (talk) 06:14, 22 January 2015 (UTC)

"For commercial providers, hotspots, and large organizations" 2003:5B:4729:BF00:C0D3:65A6:6E3:4FC (talk) 11:18, 2 March 2015 (UTC)

Hello fellow Wikipedians,

I have just modified one external link on Wireless security. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Corrected formatting/usage for http://www.wifialliance.org/knowledge_center_overview.php?docid=4486

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}).

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—^{cyberbot II}_{Talk to my owner:Online} 08:30, 1 April 2016 (UTC)

This currently redirects to this article. I think it ought to have its own article overviewing various encryptions and cryptological concepts as they pertain to networks specifically (as a sister article to the already present Disk encryption. What say ye?? Pariah24 ┃ ☏ 15:31, 12 January 2017 (UTC)

Is it correct that

"WPA2 uses an encryption device that encrypts the network with a 256-bit key"?

The linksys wrt1900acs specs state: https://www.linksys.com/us/p/P-WRT1900ACS/

"128 bit AES link encryption"

From  https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

"Each wireless network device encrypts the network traffic using a 256 bit key"

From  https://en.wikipedia.org/wiki/CCMP_(cryptography)

"CCMP is the standard encryption protocol for use with the Wi-Fi Protected Access II (WPA2)"

"CCMP is based on AES processing and uses a 128-bit key and a 128-bit block size"

"CCMP is a block cipher mode using a 128-bit key"

- Best.alias.ever (talk) 8:06, 22 September 2017‎ (UTC)

The wording may not be clear to some, but there is no factual inaccuracy in any of the articles. "Key" sometimes refers to the password (PMK), while at other times refers to the AES encryption key. Please improve the wording if you see the means to do so.

256 bits of entropy is gathered from the plain text password, which is then used to derive various other keys, each with a different size. The most used, the data encryption key for example is 128-bit long.

The passphrase you type in on your device gets scrambled into a 256-bit PMK value. PBKDF2#Key_derivation_process

Then the "PTK is generated by concatenating the following attributes: PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address. The product is then put through a pseudo random function". "The Pairwise Transient Key (64 bytes) is divided into five separate keys:" "3. 16 bytes of Temporal Key (TK) – Used to encrypt/decrypt Unicast data packets" IEEE_802.11i-2004#The_four-way_handshake

bkil (talk) 10:00, 23 September 2017 (UTC)

Sorry, but this article is incoherent. Many sentences make no sense, and the whole thing is difficult to take any useful knowledge from. I don't know how to improve it, but as it stands, it isn't much use Nicholls.graham (talk) 14:18, 29 October 2018 (UTC)

There are no references in the "Smart cards, USB tokens, and software tokens" section, and it contains value judgements like the following:

• is a very strong form of security
• to create a powerful algorithm
• is a very secure way to conduct wireless transmissions
• even make hardware versions that double as an employee picture badge
• the safest security measures are the smart cards
• will provide a good base foundation for security

etc... Maxim Masiutin (talk) 15:04, 5 March 2021 (UTC)

I would suggest that the following definition is more accurate than the former. Also the references (w3schools and pcmag) are not spammy or commercial ones. This note is meant for anyone interested, but specifically for MrOllie who undid my changes. I do not mean this to be adversarial.

My suggestion: Wireless security revolves around the concept of securing the wireless network from malicious attempts and unauthorized access^[1]. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is a notoriously weak security standard^[2]:

Current text after the above was undone: Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks,^{[citation needed]} which include Wi-Fi networks. — Preceding unsigned comment added by Techphile (talk • contribs)

'Revolves around the concept of' is awkward phrasing and 'securing the network from malicious attempts' - malicious attempts to what? The original opening sentence is well written and to the point, and should be retained. - MrOllie (talk) 19:06, 3 June 2021 (UTC)

Agreed. Rephrased wording: Wireless security centers on securing the wireless network from malicious attacks and unauthorized access^[1]. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is a notoriously weak security standard^[2]: Techphile

There are no references in the "Smart cards, USB tokens, and software tokens" section, and it contains value judgements like the following:

• is a very strong form of security
• to create a powerful algorithm
• is a very secure way to conduct wireless transmissions
• even make hardware versions that double as an employee picture badge
• the safest security measures are the smart cards
• will provide a good base foundation for security

etc... Maxim Masiutin (talk) 15:04, 5 March 2021 (UTC)

I would suggest that the following definition is more accurate than the former. Also the references (w3schools and pcmag) are not spammy or commercial ones. This note is meant for anyone interested, but specifically for MrOllie who undid my changes. I do not mean this to be adversarial.

My suggestion: Wireless security revolves around the concept of securing the wireless network from malicious attempts and unauthorized access^[3]. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is a notoriously weak security standard^[4]:

Current text after the above was undone: Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks,^{[citation needed]} which include Wi-Fi networks. — Preceding unsigned comment added by Techphile (talk • contribs)

'Revolves around the concept of' is awkward phrasing and 'securing the network from malicious attempts' - malicious attempts to what? The original opening sentence is well written and to the point, and should be retained. - MrOllie (talk) 19:06, 3 June 2021 (UTC)

Agreed. Rephrased wording: Wireless security centers on securing the wireless network from malicious attacks and unauthorized access^[1]. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is a notoriously weak security standard^[2]: Techphile