I had heard recently that WPA has now been broken as well as WEP now. So that leaves WPA2 (which may or may not be broken), AES, and the various VPN types (IPSEC, PPTP). What I'm wondering is, what is still secure? Is PPTP secure? What is so broken about WEP vs say, IPSEC?

There's no real "sticky note" about it, and all this has got me wondering whether a PPTP VPN is secure at all anymore, or should I be using IPSEC and certificates for clients demanding security?

What about some kind of key changing based on scripts - using a generating algorithm, or storing a file of a thousand different keys on each end that are rotated hourly? Or using a key changing algorithm? Sending a new replacement key at a random interval across the link from the other end via IPSEC and utilize a non-transmitted secondary rotating key for the IPSEC itself? That might thwart a live hacker but not necessarily one who logs the traffic first, and then breaks it one layer at a time... If the data is sensitive enough (and not time dependent), and the hacker is determined, one could crack the first layer (WEP), and then the second layer (IPSEC) to find the next key, and then it's over.

我知道有梵tually no way to stop the determined data-stealing hacker without time constraints, but changing the key every 15 seconds isn't practical performance wise either - but if it took 3+ hours to break 15 seconds worth of data, it wouldn't be time practical for most hackers to keep trying - the first 24 hours spent to get less than 5 minutes worth of potentially useless data would make it fairly pointless, other than just a thrill. It would stop the hacker who wants to gain access, however, because they would never have more than 15 seconds of usable access. But how practical is that?

If possable try using Nstream for low level screwing with their head along with WPA2 or even WEP/WPA with dynamic keys, then use EOIP/LT2P to confuse them a little, and to be safe use PPtP or PPPoE with encryption to tunnel them everywhere.

That means the hacker has to break the WEP/WPA(2) and figure out the mess from nstream, once thats done he has a bunch of GRE packets to decode, if he still wants to try he then has to break the PP* encryption on top of that - THEN he has the data he was after

Well, I give up

If possable try using Nstream for low level screwing with their head along with WPA2 or even WEP/WPA with dynamic keys, then use EOIP/LT2P to confuse them a little, and to be safe use PPtP or PPPoE with encryption to tunnel them everywhere.

That means the hacker has to break the WEP/WPA(2) and figure out the mess from nstream, once thats done he has a bunch of GRE packets to decode, if he still wants to try he then has to break the PP* encryption on top of that - THEN he has the data he was after

The fact that WEP is broken so it takes less then 5 packes to brake into the network. Nstream i haven't but my brain into yet but it cant be to hard. GRE have no encryption so this is no issue. That leaves PP* .. PPTP is a weak encryption VPN so this will brake quite fast.. so simply put.. if someone _really_ wanted to brake into this network.. it would be a job that would take less then say.. um.. 20min to 1h depending on hardware.

But.. if you have WPA/WPA2, Nstream, IPSEC this would render make this time alot longer. Altho WPA is broken now it takes longer to brake in. Nstream is still a unknown territory for me so time is unknown. IPSEC is very hard to brake. This would likely extend the time to the length that its just not worth it.

最安全的方法tho仍然是一个no-wifi解决方法n. Prefered fiber which will render any attemt to highjack the data quite impossible.

Well.. that my two cent of this..

while the above is true, if a guy is willing to spend an hour breaking into a few packets he will be willing to spend more time breaking others, You cant keep the experts out but what i outlined will keep the n00b's out

As my first network security teacher told me, the bad guys are always 1 step ahead of them, if you leave your network wide open your less likly to get hacked for data than if you loaded it up with security, WHY? its a challenge in out smarting you

Yep, that is true. Just outlining the issues with security... no matter what you do in regards of crypting and so on you can never be completly secure.
Just look at a small company like NASA or FBI.. even those get hacked from time to time - and they _should_ have a quite good security thinking eh.

are you sure they get hacket unintentionally? maybe they wanted it to be?