This topic has been archived, and won't accept reply postings.
Just got a wireless USB stick which can pick up wireless hotspots. I've just set it up and hey presto I'm online using my next door neighbours Wireless LAN! I used to work with him in IT! You'd think an IT bod would know how to secure their wireless lan from cheeky gits like me.
Maybe he knows what he's doing and he's spying on what you're doing!
In reply to Am Fear Liath Mor: so if i wanted to go wireless how would i secure mine?!
In reply to Am Fear Liath Mor: is peer guardian a fire wall? or spybot search and destroy?
In reply to Pauline:
Not Really
> (In reply to Am Fear Liath Mor) is peer guardian a fire wall? or spybot search and destroy?
Not Really
In reply to Pauline: I'm not familiar with peer guardian, so not sure. Theres loads of various bits of software out there. Norton Symantec do a good firewall set up.
In reply to Am Fear Liath Mor: isn't wireless lan a bit of a nightmare to set up as I was pondering getting a laptop for that purpose?
In reply to yer maw:
Not at all. Get a decent wireless router (Linksys or Netgear) are your laughing. They're pretty straightforward to set up. If you've got an older house with thick walls you might struggle to get a good connection in other rooms, but you can get signal boosters for that.
Not at all. Get a decent wireless router (Linksys or Netgear) are your laughing. They're pretty straightforward to set up. If you've got an older house with thick walls you might struggle to get a good connection in other rooms, but you can get signal boosters for that.
In reply to Pauline:
The software that came with our BT router gives you options to:
a) hide your network, but leave it open, or
b) password protect it
I'm sure we found info about how to correctly secure it by Googling
We gave our neighbour our password, and he gives us a crate of beer every so often in return.
The software that came with our BT router gives you options to:
a) hide your network, but leave it open, or
b) password protect it
I'm sure we found info about how to correctly secure it by Googling
We gave our neighbour our password, and he gives us a crate of beer every so often in return.
In reply to Am Fear Liath Mor:aye there's a lot of brick walls in ours but not as thick as older homes. I've heard the biggest thing to get over is your firewall settings where I currenlt use Zone Alarm, but the laptop I'm getting has Norton installed so some sorting out there I think.
Someone else suggested not doing anything like on-line banking on the wireless which seems like a sensible idea.
Someone else suggested not doing anything like on-line banking on the wireless which seems like a sensible idea.
In reply to Pauline:
Look for one with a minimum of WEP, but WPA is better protection, and as soon as you switch it on, you need to configure it and change the default passwords.
Also change the default name for the access point, and - preferably - turn off broadcasting of the name.
Also, if you look around for a wireless router/modem, look for one that has a in-built hardware firewall too, and - if you can - see if you can get hold of a downloadable manual from the net first, and read the bits about configuring the firewall and WEP/WPA bits...
> so if i wanted to go wireless how would i secure mine?!
Look for one with a minimum of WEP, but WPA is better protection, and as soon as you switch it on, you need to configure it and change the default passwords.
Also change the default name for the access point, and - preferably - turn off broadcasting of the name.
Also, if you look around for a wireless router/modem, look for one that has a in-built hardware firewall too, and - if you can - see if you can get hold of a downloadable manual from the net first, and read the bits about configuring the firewall and WEP/WPA bits...
In reply to Dominion:
Is this about MAC addresses and stuff?
I am just looking into 'going wireless' so finding this very interesting... (In a geeky sorta way!)
Is this about MAC addresses and stuff?
I am just looking into 'going wireless' so finding this very interesting... (In a geeky sorta way!)
In reply to TN: kinda... I am sure my wireless access point has MAC address filtering(?) where you can set a list of MAC addresses that are allowed to use your access point, it also has WAP encription.... so even if a snooper found my wifi network they wouldnt be able to gain access, depending on your setup a software firewall like norton internet security will only protect your pc not your wireless network, or at least thats how I understand it.
For reference my setup is - cable modem connected to the wireless access point and my PC has a 802.11G pci card. There are numerous ways of setting up your own wifi network....
JK
For reference my setup is - cable modem connected to the wireless access point and my PC has a 802.11G pci card. There are numerous ways of setting up your own wifi network....
JK
In reply to TN:
WEP and WPA are now below 7 minutes to crack now so don't really provide a great deal of protection unless you set the cycle rate really low on WPA. It is also worth bearing in mind that cracking these keys can be done with opensource tools at no expense to the attacker and requiring very little experience.
Using encryption combined with obscuring your network (not broadcasting the SSID etc). provides you with a degree of protection which more likely than not will deter the casual neighbour from using you network.
The best bet is also to restrict the access to known machines by MAC address. This is pretty simple to do and provides some protection although not to a concerted attempt to hijack your network as MAC address spoofing is possible but all the time you are adding an increasing level of complexity requiring an attacker to have a greater level of knowledge to exploit the weaknesses in your system.
There are methods of securing the data transmitted accross the airwaves but none which spring to mind as being economically viable for the home user but if anybody is interested in knowing them drop me an email and I can provide some information.
Wafty
WEP and WPA are now below 7 minutes to crack now so don't really provide a great deal of protection unless you set the cycle rate really low on WPA. It is also worth bearing in mind that cracking these keys can be done with opensource tools at no expense to the attacker and requiring very little experience.
Using encryption combined with obscuring your network (not broadcasting the SSID etc). provides you with a degree of protection which more likely than not will deter the casual neighbour from using you network.
The best bet is also to restrict the access to known machines by MAC address. This is pretty simple to do and provides some protection although not to a concerted attempt to hijack your network as MAC address spoofing is possible but all the time you are adding an increasing level of complexity requiring an attacker to have a greater level of knowledge to exploit the weaknesses in your system.
There are methods of securing the data transmitted accross the airwaves but none which spring to mind as being economically viable for the home user but if anybody is interested in knowing them drop me an email and I can provide some information.
Wafty
In reply to Wafty: It is also worth bearing in mind that if you use a linksys (cisco) wireless access point you also need to change the SNMP community strings from their default setting otherwise the full configuration information is easily available and updateable to someone with a little knowledge. Depending on the model number this also includes your WEP key so you cna actually be locked out of your own access point.
In reply to Am Fear Liath Mor:
WEP isnt secure. If you catch about 3GB worth of packets (easy if your downloading music) you can crack the key easily. You could do that to your neighbour if he turns on wep. WPA is more secure but i dont think its totally secure. The second best way to secure a wlan is to run a vpn server behind the access point, vpn to that and have the server forward onto your router. The most secure is obviously a wire. If your really paranoid have a look at www.ipcop.org but it takes a bit of work to get it setup.
p
WEP isnt secure. If you catch about 3GB worth of packets (easy if your downloading music) you can crack the key easily. You could do that to your neighbour if he turns on wep. WPA is more secure but i dont think its totally secure. The second best way to secure a wlan is to run a vpn server behind the access point, vpn to that and have the server forward onto your router. The most secure is obviously a wire. If your really paranoid have a look at www.ipcop.org but it takes a bit of work to get it setup.
p
In reply to Wafty: Not knowing very much about all this wireless malarky, but thinking of getting into it, it it possible to turn off your router when it's not in use, thereby protecting your PC from hacking whilst not in use, and restricting access to your wireless network to periods when you're using it anyway?
Does turning the router off mess up the settings, or can you just flip it on and off at will?
Does turning the router off mess up the settings, or can you just flip it on and off at will?
In reply to Am Fear Liath Mor:
someone got prosecuted for this recently.
So be careful with the dodgy downloads.
> Just got a wireless USB stick which can pick up wireless hotspots. I've just set it up and hey presto I'm online using my next door neighbours Wireless LAN! I used to work with him in IT! You'd think an IT bod would know how to secure their wireless lan from cheeky gits like me.
someone got prosecuted for this recently.
So be careful with the dodgy downloads.
In reply to Am Fear Liath Mor:
been into the wireless thing for a couple of years. Moved into my new house a couple of months ago, turned on laptop hey presto about 3 unsecured networks, free internet until last week, all mysteriously went secure...??? hmmm. Had to bite the bullet and turn mine on and get signed up for broadband.
Uni has free wireless on most of its sites, and as i preech to you here, sitting in a recption of a uni building on oxford road i can tell you that this wireless malarky is bloody brilliant, especially if your on the move/cant be bothered paying for you own internet.
been into the wireless thing for a couple of years. Moved into my new house a couple of months ago, turned on laptop hey presto about 3 unsecured networks, free internet until last week, all mysteriously went secure...??? hmmm. Had to bite the bullet and turn mine on and get signed up for broadband.
Uni has free wireless on most of its sites, and as i preech to you here, sitting in a recption of a uni building on oxford road i can tell you that this wireless malarky is bloody brilliant, especially if your on the move/cant be bothered paying for you own internet.
In reply to Aimless King: you can turn them on and of at will, the settings are saved to read only memory so are preserved even when the routter is off.
In reply to dissonance: wasn't there a similar case, in america, where the guy argued that since all wireless devices came with instructions on how to secure them that anyone broadcasting an unsecured signal was in fact deliberatly offering the service to anyone within range?
can't remember whether the arguement was accepted or not but it made me smile when I read it!
can't remember whether the arguement was accepted or not but it made me smile when I read it!
In reply to Wafty:
Where did you get that 7 minutes from? WEP certainly would be, providing there's enough traffic on the network. I thought that WPA was only crackable in practice given a relatively weak passphrase.
>
> WEP and WPA are now below 7 minutes to crack now so don't really provide a great deal of protection unless you set the cycle rate really low on WPA.
> WEP and WPA are now below 7 minutes to crack now so don't really provide a great deal of protection unless you set the cycle rate really low on WPA.
Where did you get that 7 minutes from? WEP certainly would be, providing there's enough traffic on the network. I thought that WPA was only crackable in practice given a relatively weak passphrase.
In reply to t0mb0:
Our lab at work where we do this kind of work for HMG. I think the exact time is about 7 1/2 minutes with a strong password. I must qualify that the tools to do this with WPA are not currently available as freeware but if we can do it then so can other people and it really won't be long before there is something downloadable on t'interweb.
Our lab at work where we do this kind of work for HMG. I think the exact time is about 7 1/2 minutes with a strong password. I must qualify that the tools to do this with WPA are not currently available as freeware but if we can do it then so can other people and it really won't be long before there is something downloadable on t'interweb.
In reply to Wafty:
There is also a case for leaving your wireless network completely open but I don't have time to go into it right now, I'll try to post something when I get home. There was a talk by one of the worlds leading exponents of wireless security at the Black Hat Conference in Vegas this year about exactly this arguement and I'll try to find the transcription on-line and post a link. To be honest it was quite compelling.
There is also a case for leaving your wireless network completely open but I don't have time to go into it right now, I'll try to post something when I get home. There was a talk by one of the worlds leading exponents of wireless security at the Black Hat Conference in Vegas this year about exactly this arguement and I'll try to find the transcription on-line and post a link. To be honest it was quite compelling.
In reply to Wafty: I wuld be really intrested to read that, please don't forget!
In reply to Hotbad Peteel:
I would actually argue that the most secure is fibre... You can't inductively couple to light.
I would actually argue that the most secure is fibre... You can't inductively couple to light.
In reply to Wafty:
That's certainly interesting. So it's not a dictionary based attack? In that case, does it depend on some serious computing power to brute force something or is there actually a weakness the WPA process?
> (In reply to t0mb0)
>
> Our lab at work where we do this kind of work for HMG. I think the exact time is about 7 1/2 minutes with a strong password. I must qualify that the tools to do this with WPA are not currently available as freeware but if we can do it then so can other people and it really won't be long before there is something downloadable on t'interweb.
>
> Our lab at work where we do this kind of work for HMG. I think the exact time is about 7 1/2 minutes with a strong password. I must qualify that the tools to do this with WPA are not currently available as freeware but if we can do it then so can other people and it really won't be long before there is something downloadable on t'interweb.
That's certainly interesting. So it's not a dictionary based attack? In that case, does it depend on some serious computing power to brute force something or is there actually a weakness the WPA process?
In reply to t0mb0:
I think its the WPA one (this is from memory) which has a major design flaw in the way messages are sent. I have the algorithm somewhere for it.
> That's certainly interesting. So it's not a dictionary based attack? In that case, does it depend on some serious computing power to brute force something or is there actually a weakness the WPA process?
I think its the WPA one (this is from memory) which has a major design flaw in the way messages are sent. I have the algorithm somewhere for it.
In reply to dissonance:
the best way to secure at the moment is probably openvpn. Its really easy to install and it uses the openssl libraries to encrypt which is pretty solid. You can also get it to go through a proxy server if you happen to have a restrictive proxy server at work
p
the best way to secure at the moment is probably openvpn. Its really easy to install and it uses the openssl libraries to encrypt which is pretty solid. You can also get it to go through a proxy server if you happen to have a restrictive proxy server at work
p
In reply to t0mb0:
We have people here who do this sort of thing for a living (legitimate and paid for by the client under 'attack'). Last conversation I had with them was along the lines of 'don't do on-line wireless banking and don't worry about your neighbour, it's that van just down the road you should worry about'.
We have people here who do this sort of thing for a living (legitimate and paid for by the client under 'attack'). Last conversation I had with them was along the lines of 'don't do on-line wireless banking and don't worry about your neighbour, it's that van just down the road you should worry about'.
In reply to nniff: What should you do if you want to use internet banking? Can you connect a second computer (like an old laptop, say) to a wireless router via an ethernet cable as and when you want to create a wired internet connection to use for banking, or do they just not use online banking? Would you need to do much set up each time you connected your
Moving to a house in the (relative) sticks soon, so am interested in all this stuff.
Moving to a house in the (relative) sticks soon, so am interested in all this stuff.
In reply to Aimless King:
Most wireless routes have a switch / hub on them too, so yeah, you could 'plug in' if you wanted to be really safe.
However, bare in mind that the bank login page will be encrypted by SSL anyway, so it's not going to matter if someone can read your network packets.
Most wireless routes have a switch / hub on them too, so yeah, you could 'plug in' if you wanted to be really safe.
However, bare in mind that the bank login page will be encrypted by SSL anyway, so it's not going to matter if someone can read your network packets.
In reply to TN:
Allowing only known MAC addresses to go via the router is a good start, but doesn't cover the (remote?) possibilities the geeks are talking about.
It's a paranoia vs sensible precautions decision.
> (In reply to Dominion)
>
> Is this about MAC addresses and stuff?
>
> Is this about MAC addresses and stuff?
Allowing only known MAC addresses to go via the router is a good start, but doesn't cover the (remote?) possibilities the geeks are talking about.
It's a paranoia vs sensible precautions decision.
This topic has been archived, and won't accept reply postings.
Loading Notifications...