Wi-Fi security: how do you defend against this?

Michael Lowry 41magnum at liberty.eprci.com
Fri Jan 25 15:44:34 EST 2013 

You could always setup WPA2-EAP using TLS and do two way authentication.  Not for the feint of heart though as configuration is complicated. . .

I understand Windows will always try to connect to an SSID it knows (ie linksys, or HP-Setup).  Easy enough to set the BSSID (ie AP MAC address) under Network Manager to make sure you are always connecting to the same AP.

Michael

On Fri, 25 Jan 2013 15:32:44 -0500
Joshua Judson Rosen <rozzin at geekspace.com> wrote:

> I ran across this interesting Wi-Fi toy/assault-weapon online a while ago:
> 
>     <http://wifipineapple.com/>
> 
>     Most wireless devices including laptops, tablets and smartphones
>     have network software that automatically connects to access points
>     they remember. This convenient feature is what gets you online
>     without effort when you turn on your computer at home, the office,
>     coffee shops or airports you frequent. Simply put, when your
>     computer turns on, the wireless radio sends out probe
>     requests. These requests say "Is such-and-such wireless network
>     around?" The WiFi Pineapple Mark IV, powered by Jasager -- German
>     for "The Yes Man" -- replies to these requests to say "Sure, I'm
>     such-and-such wireless access point - let's get you online!"
> 
> 
> Sort-of... scary, isn't it? Especially given how little information
> is given in the modern Wi-Fi connection-management GUIs about the
> identity of the *access points*, how would you go against protecting
> yourself against something thing like this?
> 
> Everyone makes such a big deal out of `Wi-Fi security' in terms of
> *making users authenticate to the APs*, but it seems we've totally
> ignored the problem of *making APs identify/authenticate to the users*.
> When I've my colleagues, "How do you know that that AP is actually
> *your* (safe) AP, and not just someone else posing as your AP?",
> and the initial response is always "Because my password works,
> I guess...".
> 
> I'm really interested in this, now; and it looks like these guys
> are still running `holiday special' (basic unit, plus some nice
> accessories like a battery-back and carrying-case, for not much
> more than the normal price of just the basic unit), so I just
> ordered one. If it's all it's cracked up to be, it should make
> an interesting `sparring partner'.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20130125/317c8f55/attachment.bin

More information about the gnhlug-discuss mailing list