Encrypting Wireless Data

[stergiosnik]

Hello All.

I have a wireless access point for providing Internet Access to a specific group of users.

I gave to those users the SSID and the password for connecting their laptop to the wireless access point.

Unfortunately, a user installed a sniffer on his laptop and succeeded in stealing the windows usernames and passwords of those users that were accessing the Outlook Web Access web mail system. The OWA service was not secured via a certificate.

I would like to ask how to prevent this problem from occuring in the future. Should I encrypt the OWA service using certificates? Is there any way to encrypt the wireless data that are transmitted on the air?

Thank you in advance.

Stergios

 

[ADB100]

What do you mean by 'gave the users the password'? Is this an unencrypted SSID (i.e. no WEP or WPA/WPA2)? and login is via a WEB page? If thats the case then sniffing is very easy. You should implement at least WPA and encrypt it with TKIP or AES, idealy implement WPA2/AES. You also have the option of Pre-Shared-Keys or centralised (WPA/WPA2-Enterprise) using RADIUS authentication. RADIUS is more secure but is harder to implement as it requires a separate RADIUS server that the AP sends authentication requests.

WEP is easily hacked, WPA is much harder to hack and WPA2 is even harder..

http://tech.blorge.com/Structure: /2007/02/06/i-hacked-my-wireless-network/

HTH

Andy