Tuesday 14 October 2008

The death of WiFi and simple WPA/WPA2?

We have been very leery of wireless for our clients that have specific data security requirements.

We have advised from day 1 that wireless is not recommended for these kinds of client environments:
  • Law Offices.
  • Accounting Offices.
  • Health related services.

With the ability to crack WEP security in seconds, it was only a matter of time before WPA and WPA2 would be cracked, or at least compromised in some way.

When we received questions about wireless as far as our no wireless policy, we point out that wireless was nowhere to be found at our banks here in Canada, government offices, or other sensitive locations.

Well, to some degree it looks as though we may be vindicated:

Utilizing 20 consumer grade systems with a pair of GeForce GTX280s in each system the software the researchers were using brings the WPA/WPA2 cracking from a magnitude of years down to days.

The cracking process is focused on static ASCII type keys at this point. That type of setup is pretty much the bulk of the SMB market since many have not or cannot implement some sort of Enterprise grade RADIUS setup.

Have a look through the above article's comments. Some of them are very informative on both securing wireless as well as other methods available to crack wireless.

For now, we will continue to err on the side of caution in certain sensitive data situations.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

No comments: