0
freeflir29

Wireless Internet security

By freeflir29, in The Bonfire

Recommended Posts

leroydb    0

leroydb
oh come on.... leave it open so you can be a hippy and share the connection. just be sure to have a firewall and virus protection and dont download stupid S*&^
Leroy


..I knew I was an unwanted baby when I saw my bath toys were a toaster and a radio...

Share this post

Link to post
Share on other sites

mnealtx    0

mnealtx
Quote

So.........I know next to SHIT about WiFi security. What should I do to make my connection as secure as possible? I'll soon be operating in a known hostile environment. :S



Don't broadcast the SSID and make sure and certain WEP is enabled...if you do MAC filtering where only certain MACs are allowed to connect, even better!!
Mike
I love you, Shannon and Jim.
POPS 9708 , SCR 14706

Share this post

Link to post
Share on other sites

BIGUN    1,317

BIGUN
Detailed PM sent...

NOTE: If you have a firewall on your laptop AND on your wireless router, the two _may_ conflict. Some wireless routers instruct the end-user to disable XP Firewall, however, I haven't had any issues with Norton's Firewall (Internet Security) on my XP along with the wireless router's firewall.
Nobody has time to listen; because they're desperately chasing the need of being heard.

Share this post

Link to post
Share on other sites

nvanduyn    0

nvanduyn
not broadcasting SSID will not do anything for security, and will actually make some network devices not work properly.

First of all, of course change the admin password, you would be suprised how many people leave it the defaults.

Use WEP, or if your router supports it WPA, WPA being perfered as WEP has and can be easily cracked.

Mac filtering works well aswell.


------
-Nick

Share this post

Link to post
Share on other sites

mnealtx    0

mnealtx
Not broadcasting the SSID means that sniffers won't be able to easily identify his WLAN, as his SSID won't show up on the list of available networks. How is that "not doing anything for security"?
Mike
I love you, Shannon and Jim.
POPS 9708 , SCR 14706

Share this post

Link to post
Share on other sites

jraf    0

jraf
You're the man - it's the first step any self repsectful infosec person does. SSID tells everyone elese that there is a network in range. If you don't broadcast it the only way to find it is with a spectrum analyzer. I figure there are not many of the good old Wil'tek Hand Helds in the said hostile environment ;)
jraf

Me Jungleman! Me have large Babalui.
Muff #3275

Share this post

Link to post
Share on other sites

Maxx    1

Maxx
Some keywords for you to google..

WPA, OpenSSL and OpenVPN

Forget WEP, it's crap...
Mac filtering is also senseless, because you can change your mac-id to any id you like..

Beware: Even with the all the technology available today you can't make your network 100% safe

HTH,
Max

Share this post

Link to post
Share on other sites

ChasingBlueSky    0

ChasingBlueSky
Most Wireless security protocols can be hacked by someone that knows what they are doing. On top of that, WiFi is very easy to track down and find a rough area where the access point is. Don't do anything over a wireless connection you don't want anyone to see (credit cards, etc).

The majority of the security needs to be done by the access point administrator. They should turn off the SSID broadcast (however, a free program called NetStumbler will find it), turn on MAC filtering (this only allows network cards with a specific hardwired ID access to the network..but there are programs that spoof MACs), and turn on 128bit encryption (or higher) know as WEP, WPA or whatever the military is using. This will require a passkey setting on both the client and the access point that will generate a rotating password that encrypts data sent from the NIC to the AP (the amount of time before rotation of the password is set on the AP and when it happens it usually causes a short drop in network connectivity). However, a good bit of research on the net can show a qualified individual how to get around WEP and WPA.

FYI - there are instructions on the net on how to create a directional antenna for WiFi that helps boost your signal while wardriving (looking for free/open AP). The side effect of that is you can easily locate down to a small area where the AP is broadcasting from.

I've never used anything like OpenVPN or IPSEC with wireless, so I am not sure if they make it any more secure or even usable to search the internet while using them.

If you want to be secure, use a wired connection or stay off line in an area where you don't want to be found.
_________________________________________
you can burn the land and boil the sea, but you can't take the sky from me....
I WILL fly again.....

Share this post

Link to post
Share on other sites

ChasingBlueSky    0

ChasingBlueSky
Quote

You're the man - it's the first step any self repsectful infosec person does. SSID tells everyone elese that there is a network in range. If you don't broadcast it the only way to find it is with a spectrum analyzer. I figure there are not many of the good old Wil'tek Hand Helds in the said hostile environment ;)



There are free programs on the net that allow my laptop to find any/all locked networks in an area. What SSID, MAC filtering and encryption does it keep the average user from using your network while wardriving. That's it. They could sit there, sniff your transmissions and find a way in, but why? That takes time and there is always an other open network on the next block (no joke).

Anyone that wants to do damage or use WiFi to their advantage will have no problems getting past any of the above mentioned 'security' methods. This is why WiFi is still not a viable mission critical protocol.
_________________________________________
you can burn the land and boil the sea, but you can't take the sky from me....
I WILL fly again.....

Share this post

Link to post
Share on other sites

freeflir29    0

freeflir29
Quote

FYI - there are instructions on the net on how to create a directional antenna for WiFi that helps boost your signal while wardriving (looking for free/open AP). The side effect of that is you can easily locate down to a small area where the AP is broadcasting from.




They already know where we are and what equipment we are using. I'm just looking for info on how to make it slightly harder for them. They have already intercepted emails. I'm not so worried about them using my credit cards or accessing any personal info. They can steal that through other means I'm sure. This more along the lines of Opsec for my job. I'll just have to be my own censor. :D

Share this post

Link to post
Share on other sites

skydiver30960    0

skydiver30960
BUMP!

Being the good little PW I am, I'll try bumping this one before starting a new thread. Here's the situation:

Me and the girl have 'puters running Norton, ZoneAlarm, and are HARDwired into a Netgear router with wireless capability. The guy downstairs who shares our house moved in a couple weeks ago and is accessing the same router with the wireless connection, and has (heretofore) resisted my suggestions to set up ANY kind of encryption, right now the connection is just wide open.

My (admittedly sophomoric) question: Is there any way somebody can "swim upstream" by using the wireless connection to access the router, and from there wreak havoc on my hardwired computers? Or is my neighbor's ass the only one he's hanging in the wind?

Lemme know if I'm being too vague and you need more info...

Elvisio "performing thread defibrulation" Rodriguez

Share this post

Link to post
Share on other sites

nate_1979    9

nate_1979
Are you sharing files / printers over the network? If you are you are probably leaving holes in your system... If you have file / print sharing turned off, you should be ok.

FGF #???
I miss the sky...
There are 10 types of people in the world... those who understand binary and those who don't.

Share this post

Link to post
Share on other sites

kelpdiver    2

kelpdiver
as most are configured, yeah, anyone with a wireless connection has the same access to your wired computers as you do. This is unacceptable - who 'owns' this connection? Why does the new guy get to decide?

I'm pretty sure there are some custom firmwares for the linksys products that allow you to segment the wireless off for open access.

Easiest solution for you is probably to add another router in the equation so your stuff is separate.

Share this post

Link to post
Share on other sites

AlexCrowley    0

AlexCrowley
I concur. Mac filtering is your best bet to lock people out. encrypting the traffic? Hmm depends what you're doing I guess. Most websites provide browser to server security already. Unless you're paranoid about people snooping your posts on dz.com or watching your IM sessions there's not much to gain by encrypting all session traffic.

The internet is a known hostile environment, it really doesnt get any worse or better than that.

As CBS said, the security standards for wireless are pretty crap and dont provide any true security from anyone who roughly knows what to do.

Wireless security talk reminds of the time this arrogant lead developer (one of those 'I have an MIT degree so I know everything' guys) challenged me to hack his network after overhearing me talk with another dev about cracking WEP. His super secret security tip? "You'll never hack my router because you will never find it. It is hidden in my closet". After I picked myself up off the floor I admitted that he was far too clever for me and submitted to his fearsome intellect.

TV's got them images, TV's got them all, nothing's shocking.

Share this post

Link to post
Share on other sites

pBASEtobe    0

pBASEtobe
Quote

and has (heretofore) resisted my suggestions to set up ANY kind of encryption, right now the connection is just wide open.



It's up to you (or whoever has administrator access to the router) to turn on WEP. If you have it turned on then there's no way he (or anyone else) can use it unprotected. Unless they hack into it.

If you have WEP turned on then he has to use the WEP key to log on.

Share this post

Link to post
Share on other sites

ChasingBlueSky    0

ChasingBlueSky
Quote

Quote

They should turn off the SSID broadcast (however, a free program called NetStumbler will find it)



If you don't broadcast you SSID, NetStumbler won't find it. I've tried it.



Wrong.
_________________________________________
you can burn the land and boil the sea, but you can't take the sky from me....
I WILL fly again.....

Share this post

Link to post
Share on other sites

pBASEtobe    0

pBASEtobe
Quote

WEP has and can be easily cracked.



I don't totally agree with that one. It can be cracked sure, just sniff their packets and EVENTUALLY you'll crack their WEP key. But, do you have any idea how long that'd take to do if your talking about sniffing one person, one computer? You have to collect 5-10 million encrypted packets to crack their key. Just for fun I set up a laptop and sniffed my neighbors WEP protected signal. It took me 12 hours to get 5,000 (encrypted) packets. That means it'd take 500 days to get 5 million packets at that rate. And that was when they were using the computer. What about when it's turned off or they're gone for the weekend? No one would wait that long to get it.

Share this post

Link to post
Share on other sites

AlexCrowley    0

AlexCrowley
Ah, a recent convert to the eye opening experience of "Microsoft call this shit security!?!?!"

If you're into crypto, or interested in crypto stuff let me know, I can suggest a few books/sites to check into.

I just spent the last couple of years working for Ron Rivest, that guy is amazing when he gets going. For example, we were trying to make a certain subset of transactions extremely lightweight and all of a sudden he's scribbling furiously on the whiteboard doing MD5 and SHA transforms longhand to work out if they would be suitable.

TV's got them images, TV's got them all, nothing's shocking.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing