WiFi

(Wireless Fidelity)
WiFi Overview
This is a technology mostly associated with Wireless
Networks and their technologies

There are many wireless ready/capable devices now,

some common devices:

• Cell phone
• PDA
• Laptop
• Pc
• Etc…
Connecting to WiFi

Connecting to WiFi

• Access Point (infrastructure mode) – usually an area

of connection is referred to as a hotspot. So if your
local coffee shop has an access point than you can
say that they are a hotspot.

• A Peer (ad-hoc mode) – usually means connecting

to another wireless device within range of your device.
Technical Aspects Overview

Let’s examine this technology from a typical setting

(Infrastructure Mode)…

Assuming we have a router or other device that has the

capability of acting as a WiFi access point
• this device would usually broadcast it’s SSID
(service set identifier) over the coverage area of the
hotspot

• Clients in range could then either connect or not…

Equipment For WiFi

Typically WiFi requires 3 main pieces to be in place:

• A WAN connection

• Either a router or access point to transmit data to

and from wireless clients.

• An interface for the client to connect

WiFi Standards

4 common standards exist:

• 802.11a 5 GHz band

• 802.11b 2.40 GHz band

• 802.11g 2.40 GHz band

• 802.11n 2.4 or 5 GHz band

WiFi Standards Cont.

802.11a :
• Typical Data Rate 25Mbit/s

• Max Data Rate 54Mbit/s

• Range Indoor Approx. 75 Feet

• Range Outdoor Approx. 225 Feet

WiFi Standards Cont.

802.11b :
• Typical Data Rate 6Mbit/s

• Max Data Rate 11Mbit/s

• Range Indoor Approx. 100 Feet

• Range Outdoor Approx. 300 Feet

WiFi Standards Cont.

802.11g :
• Typical Data Rate 25Mbit/s

• Max Data Rate 54Mbit/s

• Range Indoor Approx. 75 Feet

• Range Outdoor Approx. 225 Feet

WiFi Standards Cont.

802.11n :
• Typical Data Rate 200Mbit/s

• Max Data Rate 540Mbit/s

• Range Indoor Approx. 150 Feet

• Range Outdoor Approx. 375 Feet

Open Wireless Access Points

Is your WiFi “Open”?:

This is a topic that everyone who has uses WiFi has

to deal with there are two main points of view:

• You set up your home network and leave it open

• you go to an Internet cafe, an airport, a hotel, and

use their wireless.
Open Wireless Access Points

How/Why does this happen?

Often times people purchase wireless network

hardware and:
•They plug it in and it works!

•They think, oh, well, you know, I'll worry about all that
encryption stuff later.
Open Wireless Access Points

On the flipside:

• Some people might want their access point to be

open, they like to share their resources...
Open Wireless Access Points

The dangers of open WiFi

A wireless system is like an Internet hub:

• Anybody who is within range and has access to the

radio signals is able to see all of the traffic going to
and from.

• It's an open access point that is not encrypted, it's in

the clear.

• And there's more…

Open Wireless Access Points

The dangers of open WiFi

• In terms of what the person on an open WiFi
network is doing:

• For example email, unless special actions and

measures are taken, email is transmitted as pure
raw text in the clear

Also …
Open Wireless Access Points

The dangers of open WiFi Continued…

• What about the legal implications?

• If your neighbors are using your access point,

anything illegal is backtracked to your IP address, that
is, the IP of the open access point.
Open Wireless Access Points

So the point is…

It might be great to think about sharing bandwidth but…

• unless you run a VPN or secure tunnel to a remote

proxy its difficult to protect your data on open WiFi

• Think of it in terms of everyone in the coffee shop

clustered around behind you, looking at your screen.
While they're not actually looking at your screen
physically… they might be electronically...
Open Wireless Access Points

One Solution…
• Turn on encryption to scramble your data!

• Two common options for encryption:

• WEP
• WPA
Solutions to “open” WiFi

One possibility:
Mac Address Filtering

• Give my access point a list of allowed clients by their

Mac Address…

• There is a problem though!

• The MAC address is the front of every packet sent,

Anyone with packet sniffing software instantly sees
all the authorized MAC addresses for the wireless
network. They capture even one packet, they've got
the MAC address that they can spoof.
Solutions to “open” WiFi

Scenario of Mac Address Filtering:

Mac Address Filtering

• I'm sitting outside of Big Bank, Incorporated.

• Big Bank Inc. says only these Mac Address can connect.
• I just capture one packet of somebody talking to their
router using Ethereal .
• I spoof their Mac Address.
• Almost every program allows you to spoof MAC
addresses. That's trivial.
• Welcome to Big Bank Inc… How can I help you!
Solutions to “open” WiFi

All is not lost though!

Mac Address Filtering would protect your access point from
a neighbor:

• casually connecting or
• mistakenly connecting
Solutions to “open” WiFi

Another possibility:
SSID Hiding

• You hide the name of your router so that people don't

see it.
• It hides it only from those who aren't using packet
sniffers, hackers see it just fine.
Solutions to “open” WiFi

One last possibility:

Data Encryption

• WEP is one type of encryption

• WEP (Wired Equivalent Privacy)

• Foundation of WEP encryption is an RC4 cipher, is

extremely strong. But it was used in a very bad way.

• Thus WEP is broken!!!

Solutions to “open” WiFi

WEP Encryption Continued…

• Most systems that support encryption will support
WEP…

• People still might use it because of the lack of

hardware support for other encryptions

• WEP is better than an open access point

• You could change your key often and be relatively

secure but who wants to do this?
Solutions to “open” WiFi

Data Encryption

• WPA / WPA2 is the other type of encryption

• WPA (Wi-Fi Protected Access)

• WPA uses TKIP protocol along with RC4 encryption

which changes the key often enough to make it secure

•WPA2 uses AES encryption it doesn't use the RC4

encryption
Solutions to “open” WiFi

WPA Encryption Continued…

• WPA with RC4 which is the weakest of the two forms if
done correctly is virtually uncrackable as long as no one
gets your key

• WPA2 is a more industrial strength form of WPA

encryption it uses AES encryption

• AES is much more hardware and processor intensive

and so relatively newer hardware will only be able to run
WPA2
Solutions to “open” WiFi

WPA Encryption Keys…

• With WPA we either have:

• A static, pre-shared key or

• Keys which are being assigned by a centralized

server to receive a key users authenticate
themselves with their own password and credentials.
Solutions to “open” WiFi

WPA Encryption Keys…

• WPA in the home environment:

• It is mostly the case that you’ll be using a single

pre-shared key, which is completely safe as long as
the passphrase that generates the key is safe up to
63 characters long!
Solutions to “open” WiFi

WPA Encryption Keys…

Example of a bad passphrase:

2everybody0canhavea0ccesstomywifi7

Example of a good passphrase:

oU[z[@=5UV)L5K- PXg^Sl(X>bD}%M3k
gjLTX(S6]YVd+7;Q^pN?TM)m.)'{x#s%
Solutions to “open” WiFi

WPA Encryption Continued…

• How to deal with older hardware:

• Older hardware, which is not as strong, will tend to

be using the RC4 encryption

• RC4 has been made safe by changing its keys all

the time using TKIP, the Temporal Key Integrity
Protocol.

• TKIP makes RC4 safe where it wasn't safe before

in WEP legacy-style encryption.
Solutions to “open” WiFi

So in Summary …
• Newer hardware that is stronger might be capable of
using a different cryptography technology called AES.

• The lowest common denominator will be WPA with a

pre-shared key using TKIP technology encryption,
which drives RC4.