Security of 'Fixed Wireless' Broadband

38141

Given the inherent insecurities of wifi, I've started to wonder about these 'fixed wireless' broadband offerings from the likes of permanet, kerry bb, etc and whether the data you send and receive to/from base station can be intercepted and read by packet sniffers(wireshark), in a similar way to wifi? How do these providers secure their networks and prevent unauthorised access?

How immune to hackers are these networks rated?

Marlow

The internet is per definition unsecure. Anybody with access can tap in somewhere.

As for the fixed wireless scenario, it's different for any provider, depending on technology etc.

IBB, Airwire, Westnet and many others use transmission protocols similar to 802.11a in 5 GHz, 3.5 GHz and some in 2.4 GHz. Sure you can sniff anything that goes over a wireless link, but often there's another layer that you'll have to break through. Some use encryption, some run MPLS over wireless, and ethernet frames inside that. It takes a good amount of knowledge to break that down. Ergo is as secure as your eircom box on the road.

Permanet and Digiweb use Docsys over wireless at 3.5 GHz (Permanet) and 10.5 Ghz (Digiweb). That's the protocol used for cable-tv broadband usually.

In the cases of 3.5 and 10.5 GHz, you'd even need a specialized radio card to even get there.

Anyhow, the Internet is NOT SECURE. If you want security, use VPN. Anybody can tap into your DSL by opening the box on the road, too.

/M

watty

DOCSIS is designed to stop people evesdropping on a common Coax like UPC uses. It's slightly more secure on wireless than UPC, as you need specialist radio gear, but the slightly is essentially irrelevant to the determined hacker**, the security is in the protocol and modem, not the Radios. Digiweb uses DOCSIS 2.0 which is a lot more secure than WPA - PSK- AES WiFi (WPA with poor TKIP password, or worse still WEP are the insecure versions of WiFi).

Using WiFi with WEP is really bad and WiFi with WPA and long random AES PSK is good. TKIP on AES, especially with shorter key is poor.

3G/HSDPA is probabily easier to intercept than the "professional" Fixed Wireless systems, and that isn't easy. Though 3G's CDMA carrier was invented for security, that's broken as it only uses 15 codes per mast sector and all the CDMA codes used by 3G are known. the data uses extra encryption tied to key on SIM as with GSM.


** It's probably not hard to get the Wireless Sets.

mehmeh12

watty wrote: »

TKIP on AES, especially with shorter key is poor.

What is i use a longer more random key? is this more secure?

38141

watty wrote: »

DOCSIS is designed to stop people evesdropping on a common Coax like UPC uses.

You mean coax cable? What is the relevance of that to this topic?

Can docsis standards be applied to fixed wireless?

Moriarty

DOCSIS is used for the Digiweb Metro fixed wireless network. The physical network (ie. coax for UPC, wireless transmission for Digiweb) is irrelevant as long as the RF signal is carried successfully.

Marlow

38141 wrote: »

You mean coax cable? What is the relevance of that to this topic?

Can docsis standards be applied to fixed wireless?

If you read my post above, i specified, that Permanet and Digiweb were using Docsys over Fixed Wireless. That's why it's relevant.

/M

watty

mehmeh12 wrote: »

watty wrote: »

TKIP on AES, especially with shorter key is poor.

What is i use a longer more random key? is this more secure?

A longer random key is Billions of times more secure than a short one. A dictionary word using TKIP and AES can be brute force cracked. Adding digits or replacing l3tt3r5 with digits hardly helps. Use AES PSK with WPA, and don't use WEP at all. WEP is broken no matter what key is used.

Example of a decent PSK for WPA AES
hU6n1pa62NksYAjrpaf862rRKAxPs23jF

Don't use that one! Write the key down and put it also on bottom of Router with a Marker (if it's at home not an Office). Have a password Notebook never kept in laptop bag and use a different user name and strong password for everything and different user name on different web sites.

Always change the default password on the Router as malicious web sites use a cross site exploit to post to a different website, which can be your router. They then will try the common default user names and passwords (automatically) and change the Router DNS.

Then when even you use HTTPS, the web site is the real one, but relayed by fake server pointed to by evil DNS setting. Your paypal login, credit card, ebay, web mail etc details all can be stolen.

All without breaking any WiFi or Fixed Wireless Broadband encryption

mehmeh12

watty wrote: »

Always change the default password on the Router as malicious web sites use a cross site exploit to post to a different website, which can be your router. They then will try the common default user names and passwords (automatically) and change the Router DNS.

Then when even you use HTTPS, the web site is the real one, but relayed by fake server pointed to by evil DNS setting. Your paypal login, credit card, ebay, web mail etc details all can be stolen.

Ive changed my dns settings to Open Dns...will this be effective against my dns settings being changed without my permission?

watty

no.

it's the Default router password that must be changed to a strong one, or else a malicious web site can change any of your router settings including DNS.

Unless your own ISP DNS is compromised or broken, it's the prefered choice over OpenDNS.

38141

watty wrote: »

mehmeh12 wrote: »

A longer random key is Billions of times more secure than a short one. A dictionary word using TKIP and AES can be brute force cracked. Adding digits or replacing l3tt3r5 with digits hardly helps. Use AES PSK with WPA, and don't use WEP at all. WEP is broken no matter what key is used.

Example of a decent PSK for WPA AES
hU6n1pa62NksYAjrpaf862rRKAxPs23jF

Don't use that one! Write the key down and put it also on bottom of Router with a Marker (if it's at home not an Office). Have a password Notebook never kept in laptop bag and use a different user name and strong password for everything and different user name on different web sites.

Always change the default password on the Router as malicious web sites use a cross site exploit to post to a different website, which can be your router. They then will try the common default user names and passwords (automatically) and change the Router DNS.

Then when even you use HTTPS, the web site is the real one, but relayed by fake server pointed to by evil DNS setting. Your paypal login, credit card, ebay, web mail etc details all can be stolen.

All without breaking any WiFi or Fixed Wireless Broadband encryption

Wep and wpa are not applicable to fixed wireless, so what is the relevance of all this to my original post can you tell us?

dahak

38141 wrote: »

Wep and wpa are not applicable to fixed wireless, so what is the relevance of all this to my original post can you tell us?

First of all you should make sure you're talking about the same thing.

http://en.wikipedia.org/wiki/Fixed_wireless
Fixed wireless is the operation of wireless devices or systems used to connect two fixed locations (e.g., buildings) with a radio or other wireless link, such as laser bridge.[1] Usually, fixed wireless is part of a wireless LAN infrastructure. The purpose of a fixed wireless link is to enable data communications between the two sites or buildings. Fixed wireless data (FWD) links are often a cost-effective alternative to leasing fiber or installing cables between the buildings.

Fixed wireless is point to point (P2P) or more accurately in most cases point to multipoint (PTMP). The technology to do this can be in licensed or unlicensed spectrum.

I suggest you read Marlow's first post again, some of the wireless operaters are using the ISM band , think long range 802.11a (5GHz) or 802.11b/g (2.4GHz). In these cases WEP and WPA could be relevant depending on the exact infrastructure that the wireless provider has in place.

Marlow wrote: »

As for the fixed wireless scenario, it's different for any provider, depending on technology etc.

IBB, Airwire, Westnet and many others use transmission protocols similar to 802.11a in 5 GHz, 3.5 GHz and some in 2.4 GHz. Sure you can sniff anything that goes over a wireless link, but often there's another layer that you'll have to break through. Some use encryption, some run MPLS over wireless, and ethernet frames inside that. It takes a good amount of knowledge to break that down. Ergo is as secure as your eircom box on the road.

Permanet and Digiweb use Docsys over wireless at 3.5 GHz (Permanet) and 10.5 Ghz (Digiweb). That's the protocol used for cable-tv broadband usually.

In the cases of 3.5 and 10.5 GHz, you'd even need a specialized radio card to even get there.

Anyhow, the Internet is NOT SECURE. If you want security, use VPN. Anybody can tap into your DSL by opening the box on the road, too.

38141

What is this http://www.digiweb.ie/home/homewave/? Is that wimax, the same technology as the providers mentioned above are using?

There is some info here on wimax security http://www.freewimaxinfo.com/security-in-wimax.html. Software such as aircrack has become mainstream and publicly available because of the popularity of wifi around the world. From what I can tell, if wimax becomes commonly deployed I'm sure it wouldn't take long for 'security testing' software such as aircrack to become freely available.

Re: marlow, I'd say that wired is far more secure and would choose that over wireless any day if available. If you break into an exchange box without authorisation your in jail, that's why they're always in public view. Whereas wireless not so easy to nail a hacker, or prosecute in court either. You're not likely to know that you've been hacked with wireless. I'm not even sure about the laws in ireland re: cracking/hacking of wireless networks?

The good thing about kerry bb is that there are 3 layers of security I'm told, and that the passwords are entered at setup and never again. So if you're not always having to enter your passwords to surf, it might make it a little more secure. It just depends as watna was saying about secure passwords and how cryptic they are. Does anyone know if packet sniffers such as wireshark, and the password cracker aircrack can be deployed on wimax networks?

watty

You don't need to break into an exchange. Just park a white van at a manhole or cabinet. Easy to copy fax & voice traffic this way too. You could even add a suitable HW and a radio Link (tucked in back or in pipe), close up all and monitor all voice, fax, analogue dialup and DSL broadband traffic from 100m away (encrypted of course so someone can't evesdrop what you are up to!).

aircrack is used on WiFi. WiMax is two families of technology, Mobile and Fixed. Various software can be added to the Air Interface.

Digiweb Homewave could be a Catch All for All the systems that DigiWeb has that are Not Metro Wireless. Similarly IBB/Imagine Breeze may not all be the same HW, but is all the IBB fixed solutions that are not Ripwave.

It's a criminal offence in Ireland to access a Pay Service without paying. It's a criminal offence to Access someone else's system by defeating the Encryption/Password.

It's probably "Theft of service" to use a WiFi point (or other HW) in unauthorised fashion to access the Internet.

Wireshark, aircrack etc would need suitable fixed or mobile wimax HW and extra SW to make any sense of WiMax. "Straight off the Download" onto a Mobile WiMax card on a Laptop, I don't think currently will do anything.

If you are doing something that needs that level of anti-paranoia security you have a secured Data Centre on secure Fibre. You only use a VPN to that from where-ever you are.

I do use VPN if away from home/office. Hotspots are not secure. The Hotspot owner could be doing Man-In-Middle attacks on HTTPS. Other people could sniff email logins etc. It also lets me use my own ISP SMTP to send email no matter where I am, avoiding WebMail. When I log on, my Public IP is the IP at home and all traffic from Laptop to home is encrypted. My home Internet uses DOCSIS 2.0 security, and a point to Point link. (you need to be between my home and Mast to intercept, even if you could crack DOCSIS2.0, which I have not heard of).

I mentioned WEP vs WPA+TKIP vs WPA+AES earlier as someone asked.

You are not likely to know if Wireless Traffic is intercepted, only if someone is using your connection (traffic count at ISP wrong). Wired DSL is no more secure than Coax Cable or Professional Fixed Wireless Solutions. You can "listen" to cable anywhere between your Modem and Exchange. If it is on an Overhead wire to a pole near the house then you can "intercept" without a physical connection as it is "weak" Radio signals.

38141

You don't need to break into an exchange. Just park a white van at a manhole or cabinet. Easy to copy fax & voice traffic this way too. You could even add a suitable HW and a radio Link (tucked in back or in pipe), close up all and monitor all voice, fax, analogue dialup and DSL broadband traffic from 100m away (encrypted of course so someone can't evesdrop what you are up to!).

But sure you're goin to have to open the door of the box to access the switch + wiring inside?

Digiweb Homewave could be a Catch All for All the systems that DigiWeb has that are Not Metro Wireless. Similarly IBB/Imagine Breeze may not all be the same HW, but is all the IBB fixed solutions that are not Ripwave.

Tis tryin to cut through all this marketing hype I am, and find which is the best option given my circumstances. To me, the providers are trying to trap the consumer into a contract before the consumer knows what level of service they have. Digiweb told me that I have an amber line and it's dodgy whether I'll have a decent service, but still I'm liable for 50euro install + 3 months sub = 185euro

It's a criminal offence in Ireland to access a Pay Service without paying. It's a criminal offence to Access someone else's system by defeating the Encryption/Password.

I didn't hear of any prosecution for this yet, anyone know?

If you are doing something that needs that level of anti-paranoia security you have a secured Data Centre on secure Fibre. You only use a VPN to that from where-ever you are.

Presumably that means running fibre optic cable under public road from nearest xchange? When am I going to ever win the lottery?!

I do use VPN if away from home/office. Hotspots are not secure. The Hotspot owner could be doing Man-In-Middle attacks on HTTPS. Other people could sniff email logins etc. It also lets me use my own ISP SMTP to send email no matter where I am, avoiding WebMail. When I log on, my Public IP is the IP at home and all traffic from Laptop to home is encrypted. My home Internet uses DOCSIS 2.0 security, and a point to Point link. (you need to be between my home and Mast to intercept, even if you could crack DOCSIS2.0, which I have not heard of).

You'd need some type of server at home for that, would you? Or maybe a pc running as server?

I asked one of the providers (ky bb) if they use docsis2, and she said no, but wouldn't elaborate any further. But she did tell me that they use 3 layers of security, whatever those would be.

watty

38141 wrote: »

But sure you're goin to have to open the door of the box to access the switch + wiring inside?



Tis tryin to cut through all this marketing hype I am

The Digweb offer sounds like DSL (phone line) rather than Metro or Homewave.


Have you examined the doors? Some are like the Gas/ESB meter door Others may use a standard key. No more security than a 1971 Ford Escort.


Cut through marketing hype I wish you well on that.


Some Home routers can be configured as a VPN server, or if you run OpenWRT as the Router SW, you can add OpenVPN. Otherwise you just need an always on PC/Laptop/Netbook (OS X, Linux or Windows + free VPN SW).

Most companies don't let the real Engineers talk to ordinary Customers. CS/Sales people wouldn't know if they were Letting Eve listen to Bob and Alice. I don't believe Kerry BB use DOCSIS. But there are other good schemes.

38141

Ya digiweb were selling DSL, but I'm miles out in the countryside away from the nearest exchange, with just a standard phone line to house.

Would using the VPN significantly slow down your down/up speeds? I presume it would, because you are re-routing via home server.

Which routers would be capable of functioning as a server? Presumably those common linksys wrt54g or whatever they're called are not?

I've noticed the fixed wireless offerings from IBB and digiweb are noticeably more expensive than local provider I mentioned above, would this be down to lower marketing costs? Could I expect better quality of service from local providers as opposed to national providers such as eircon, digiweb because maybe they would care more or nearer?

watty

My upload is 1Mbps. The Upload speed at the VPN server is what limits your remote VPN client download speed.

There are many reasons for variation in costs. QOS can vary even with the same ISP at different Locations.

Some small local providers have better Customer Service and some worse than National ISPs.

Your experience will be your experience.

38141

So basically this form is no more/less secure than wired, according to the responses that I've received. My own hunch is that as this form of bb becomes more popular, the security will also become weaker, similar to wifi, as the Open source software community get their teeth into it.

But that's just my own guess. It's not debated or considered enough in general either by consumers, IMO.

lucernarian

Popularity will not make something more or less secure in and of itself. What's been demonstrated in the security details here is that it would take much, much more than a script kiddie to beat them. Popularity only weakens security when there's previously unnoticed loopholes to exploit, which can then be used by anyone determined enough. E.g. Internet explorer, windows 95 and since etc.

Digiweb homewave uses a WipLL system by Airspan (but developed by marconi I think). Since late 05 *roughly* they've been using just that for new connections. Feck all 2.4 GHz equipment in use. WipLL has quite a different physical layer to 802.11/16 stuff. The security used for the system seems to be done with the PPPoE part or something IP related like that. So the security used is only known by Digiweb.

Digiweb are passing on the amber result that eircom gave them. The good news is that I have never heard of an amber order going to completion which didn't manage the full 1024/128. The bad news is that nothing more than that seems possible. Also, you're not under contract if they can't provide you with the speed expected, and you have a cooling-off period anyway under EU law I believe. Check the more consumer-affairs themed websites out there (the forum on boards for example).

My own opinion is that the hassle of specialised equipment and time required to hack a FWA connection means that if someone wanted info from me or this house, it would be easier to break in or ask neighbours etc. Otherwise it then becomes a simple "climbing a mountain because it's there" issue. I don't have anything to fear from someone like that who has nothing better to do.

38141

If you are on an 'amber' line for ADSL (as rated by eircom), would it make any difference to your speeds and downtime (ie without a connection, or very low speeds) and quality of service in general which ISP you were with?

Here are the results from the various websites for linechecker -
eircom - May be suitable; subject to confirmation
magnet - inconclusive
smart - ok, no probs, doesn't mention anything and goes direct to offer me whatever
imagine - amber

Mobile bb (usb modem via mobile mast) I don't want because of the issues everybody has with this.

Marlow

Even though you started this thread, PLEASE start a new one, when you start a new topic.

Do not post into an older threat, if it has nothing to do with the topic you started originally with.

/M