vb:literal>

Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: wireless internet security

  1. #11
    Join Date
    Sep 2005
    Location
    Bangor, ME
    Posts
    3,968

    Default

    Quote Originally Posted by WhereRWe? View Post
    Sheesh! You mean I'm NOT the only one who does this? LOL!

    it's people like you that keep the rest of us honest folk stuck with cables running across our apartments...
    Once the game is over, the king and the pawn go back in the same box.

  2. #12

    Default

    Okay, quick rundown of your options, in increasing order of, unsurprisingly enough, both security and ease of use:

    1) MAC filtering - It will keep out the casual wardrivers, as soooo many others leave their access points wide open. In practice, an attacker just needs to watch for a valid session, then wait for it to go away and set his own MAC to an allowed one.

    2) IP filtering - It will keep out the casual wardrivers, as soooo many others leave their access points wide open. In practice, an attacker just needs to watch for a valid session, then wait for it to go away and set his own IP address to an allowed one.

    3) No SSID broadcast - It will keep out the casual wardrivers, as soooo many others leave their access points wide open. In practice, this only works as long as no traffic goes out over the wireless link. A single packet will betray its presence (and you can't really use it without causing traffic).
    Some machines will also have difficulty connecting to SSIDless APs, which won't really stop attackers, just annoy legitimate users.

    4) WEP - It will keep out the casual wardrivers, as so many others leave their access points wide open. In practice, the newest technique can crack 128 bit WEP keys in under 40k packets (three to five minutes of active use).

    5) Minimize transmit power - It will keep out the casual wardrivers, as so many others leave their access points wide open and talking at full power. If you have the AP in the same room as the computer, this can work reasonably well (though you may have intermittent signal dropouts, VERY annoying). If you have even a single wall or floor between the PC and the AP, you'll need a strong enough signal that you can all but guarantee that somewhere outside the building will also have a sufficient signal.

    6) WPA-PSK/TKIP - Reasonably secure, but more complicated to set up than simple WEP, and still prone to dictionary attacks.

    7) WPA-EAP - Requires a Radius server, and in general involves far more infrastructure than the typical home user wants to deal with.


    Anyone notice a pattern here?

    Basically, "secure wireless" doesn't exist, and most of the measures you can take will only serve to make you a less attractive target for someone casually looking for an open AP.

    In practice, I recommend only three steps - Rename your AP (I recently ran into a situation at a friend's house where he could see between one and two dozen APs, most of which had the default names and no security - No one had any idea which APs they actually used!); Change its password (not the WEP key, it has a separate password to let you change settings on it); And enable 40/64 bit WEP with a nontrivial but easy to remember key. That will keep out 99% of people, while nothing short of going to WPA will keep out the other 1%.
    Ego non quaero te in nomine Patris, sed in nomine Signali.

  3. #13
    Join Date
    Jul 2004
    Location
    Auburn
    Posts
    2,134

    Default

    You can also turn off your the wireless when you are not using it.

    Don't forget to keep your OS, firewall and virus protection up to date.

  4. #14
    Join Date
    Jun 2004
    Location
    Auburn, Maine
    Posts
    635

    Default

    I'm pretty sure I'm going to need this info a few months after you all figure this out. Please keep notes for when I catch up with you.
    If you want to try cross country skiing, start with a small country

  5. #15
    d’76 Guest

    Default

    I had no trouble with the wep security but then I couldnt get the laptop to identify the wireless. So i went back to unsecured till I have more time to figure it out.

  6. #16
    Join Date
    Jun 2004
    Location
    Bangor, ME
    Posts
    6,343

    Default

    Quote Originally Posted by dave1976 View Post
    I had no trouble with the wep security but then I couldnt get the laptop to identify the wireless. So i went back to unsecured till I have more time to figure it out.
    On a couple machines, I had to turn the SSID broadcast on long enough to to get a connection with wep, and then I could turn the broadcast off and it's work fine afterward.
    DNFTT! DNFTT! DNFTT!

    "The funniest thing about this particular signature is that by the time you realize it doesn't say anything it's to late to stop reading it..."

  7. #17
    Join Date
    Jan 2007
    Location
    Bangor, Maine
    Posts
    47

    Default Nothing is 100% but...

    While it is true that it's darn near impossible to make a wireless network 100% secure it is possible to do a few things that will come as close as most of us home users need to be.

    I would agree with some of what ribnag and others have said. I'd add #3 on the list as I didn't see it mentioned before. Some of what has been mentioned I think is a waste of time... more trouble than it's worth. A good friend of mine has spent the last 13 years working in the navy with electronics and computers. Here's his advice and what I currently use to secure my network and limit access to the internet:

    1. Rename the login and password of your router! Most people never take the time to do this... even though most manuals tell you to. This is a must do basic security move! There are lists of default logins and passwords for routers all over the internet. Why wouldn't you take the time to change yours? If someone knows, or can guess, the login and password for your router they can change any setting they want.

    2. Change the SSID of your wireless network and disable SSID Broadcast! The name of your wireless network SHOULD NOT be the default set by the manufacturer. This falls into the same category as #1. While you're in there changing settings disable SSID broadcast. While it's still not impossible to find the SSID when it's not broadcast most hackers would never spend the time considering you probably don't have anything worth that much time and effort AND there are so many unsecured networks around.

    3. Disable remote administration (a.k.a. remote management)! This is usually found under Security or Administration in the router settings. USUALLY this is disabled by default. If this is enabled anyone with access to your wireless can screw with the settings of your router. You don't want that! You want to have to connect to your router by ethernet cable to make changes. Don't assume this is disabled... check!

    4. Enable MAC Adress Filtering (a.k.a. Access Control List)! Each wireless device has a unique MAC address. For most devices it's listed on a tag or sticker. For computers/laptops you've just got to look it up via software on the computer. This is easy to do and there are intructions all over the internet... google "find mac address". When you want to allow someone to use your wireless you give them your SSID AND put their MAC address into your router. When you want to remove them you delete it. It's that easy! Even if they stil know your SSID, without their MAC address in your router they're out! No passwords or keys to change like WEP or WPA. While it is possible to steal or clone a MAC address most hackers aren't going to bother. They're just going to go find one of the bazillion unsecured networks around.

    A lot of people use WEP encryptoin but here's the deal... it's really weak. WPA was created because WEP is so poor. WPA is MUCH stronger security... WPA Enterprise is a whole nother animal and really only for the commercial environment. WPA isn't too hard to set up IF you have the right equipment. But, all your wirless components, including your computer, have to support it or it won't work. Even some of the cheaper stuff brand new on the shelf today doesn't support it. That's why a lot of people have trouble trying to get it to work.

    Just today I was reading that some college kids in Germany can now crack any system using WEP in around 90 seconds consistently. Luckily these are the good guys trying to show that it's not worth using. While we don't live near them it shows how weak WEP is. Why bother with keys and passwords for something that doesn't offer good security.

    If you do the things listed above you can sleep reasonably well that you're in good shape. While not 100% fool proof it's really as close as most of us need to be.
    How come we choose from just two people to run for president and 50 for Miss America?

  8. #18
    Join Date
    Jun 2004
    Location
    Gainesville, Georgia
    Posts
    3,893

    Default

    Hey Dave I received this article about wireless network security today that I think you will find helpful.

    http://www.pcworld.com/article/id,13...l?tk=nl_poxhow
    Just smile it won't crack your face

    The statistics on sanity are that one out of every four persons is
    suffering from some sort of mental illness. Think of your three best
    friends -- if they're okay, then it's you.

  9. #19
    d’76 Guest

    Default

    Thanks Haffy,

    I added it to my favs. When I have a few minutes I will do what they say.

  10. #20

    Default

    We have Verizon and had a horrible time with it. We set up a firewall, something that asks for a wep password when I use either of the laptops, and bought pc cillin to let us know when others are trying to access. I too live in a fairly close neighborhood.

    All these things helped but I will second where there is a will there is a way.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •