Security level of wireless network

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am writing some kind of work about security and I would like to ask
you what do you think.

Consider that you went wardriving and in a random point in town you
start searching for available / visible wireless networks. Of course in
passive way you can get plenty of information, such as:

- SSID of network
- avarage number of packets
- signal strength
- number of all networks

I would like to grade security level of this point in town.
It can be graded in three level scale, or in 0-100 points scale, or in
any other does not matter.

What do you think can be the algorithm to grade the security level of
this research point..?

Got any ideas or suggestions, what parameters more should be included...?

Thanks for help


Re: Security level of wireless network

Marek Elsner wrote:

Quoted text here. Click to load it

Oh, you can simply add up points:

SSID hidden:     0
MAC filter:      0
WEP:             0
WPA:            10
WPA+secure key: 90

It the total for one is zero, then the total score for a collection is

Re: Security level of wireless network

Sebastian Gottschalk wrote:
Quoted text here. Click to load it

Going to have to disagree with you on that one.

Using your scheme....

WPA+secure key + MAC Filter = 0. Why?

Additionally, how would the OP tell the diference between WPA and
WPA+secure key without actually cracking (or attempting to crack) the
WPA key?

How does WPA without a secure key attract a weighting of 10?

Other than that, I'd have to agree with you on the numbers!


Re: Security level of wireless network

Bogwitch wrote:

Quoted text here. Click to load it

Sorry for causing a misunderstanding. You're adding up the points for each
system. In your case, it would be 10 (using WPA) + 90 (WPA and using a
secure key) + 0 (useless MAC Filter) = 100.

Then, as he said, for a collecting of systems, the entire score is the
minimum of the scores of each system. Thus, if ten systems are secure (100)
and one is insecure (0), the collection is insecure (0) because on of the
systems can be trivially abused.

Quoted text here. Click to load it

Not at all. That's why he has to try for finding out.

Quoted text here. Click to load it

Security of a key depends on the model. SHA-256("Luke, I am your father!")
is trivially insecure, yet you won't be able to crack it via a word list.
However, if you know that it's hashed with a well-known hash function and
it's a well-known phrase, you can start search and probablby crack it with
way less than 2^64 steps.

Quoted text here. Click to load it

Well, one may state that WEP-128 can be secure if you never use the network
and rate-limit replies sent by the router. Of course this is purely

Site Timeline