Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

securing a wireless network

  • 27-08-2003 6:31pm
    #1
    Closed Accounts Posts: 17,163 ✭✭✭✭


    might be in the wrong place. But i'm about to pruchase (week or two) a wirelss adsl modem and router to set up a nice little wireless network. Now i don't know much about cracking/hacking, but i do know with the right hardware and software its pretty easy to get into a wireless network. What i want to know is how do i encrypt/ secure my wireless network. No point in have a state of the art firewall on the router, if the local pleb can hack into my broadband connection. This is very important as theres a cap on my adsl service (utv).


Comments

  • Registered Users, Registered Users 2 Posts: 4,027 ✭✭✭flywheel


    for my home one I changed the default AP name, username and password; closed the network so it didn't broadcast the name (SSID), switched on WEP and configured a MAC address access control list

    also located that the signal is degraded outside the front but that it covers the garden out the back (for those last few days of summer!)

    VBNets have a tutorial / faq on their site coving security issues:
    http://www.vbnets.com/tutorials/security.html

    hth,
    BrianG


  • Registered Users, Registered Users 2 Posts: 3,308 ✭✭✭quozl


    It's only worth putting an amount of effort into securing something proportional to the chances and costs of it being broken into imo.

    Odds are pretty slim anyone will break into your network if you turn on wep and mac filtering. Not because it's particularily hard, but because most people dont know how, couldnt be bothered logging enough traffic to crack the wep keys, and are very lazy.

    They'll go elsewhere.

    If you really want to make things more secure you can set up an ipsec(really secure, pain in the hole) or pptp (less secure, less hassle to setup) vpn, and require people to log into that to get onto the internet. I just don't think it's worth the hassle though.

    Greg


  • Closed Accounts Posts: 17,163 ✭✭✭✭Boston


    well lets put it this way, if someone gained access to my computer, through a hole in the wireless network, they could cost me allot of money, therefore i'll make every effort to stop them. thank you for the link DubWireless i wil lcheck it out.


  • Registered Users, Registered Users 2 Posts: 3,739 ✭✭✭BigEejit


    I'll add that you should set the highest level of wep your gear can handle ... of course this may not be an option if you are getting bad signals around the house .... (wep might reduce throughput drastically) ... I have 152bit going and am not suffering any lowering of throughput anywhere in the house ...

    I was of the impression that a MAC access control list was fairly secure ... just have to stop telling people the mac addresses of your gear :p ... and as was pointed out by DubWireless dont broadcast your SSID and change everything from default ....

    Of course one of the other things to do is get different gear than most other people :D (I have 802.11a gear, not a lot of that floating around :p)


  • Closed Accounts Posts: 17,163 ✭✭✭✭Boston


    keep in mind this is the fire tiem i've used anythign wireless besides a door bell. i don't know what wep is or ssid. I'm sure though i'll figure it out once the equipment arrives. i'll be using 802.11g


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,308 ✭✭✭quozl


    Originally posted by BigEejit
    I was of the impression that a MAC access control list was fairly secure ... just have to stop telling people the mac addresses of your gear :p

    It's easier to bypass than wep as you need less traffic. Run kismet or any other decent wireless sniffer. Analyse the logs with ethereal or any other decent network traffic analyzer and pick out the macs. Then use one of those mac's when you dont see it associated with the ap's.

    But I still stand by my opinion that if you stick on wep and mac filtering it's unlikely that anyone will bother to break in (despite it still being damn easy)

    Greg


  • Closed Accounts Posts: 17,163 ✭✭✭✭Boston


    Originally posted by quozl
    It's easier to bypass than wep as you need less traffic. Run kismet or any other decent wireless sniffer. Analyse the logs with ethereal or any other decent network traffic analyzer and pick out the macs. Then use one of those mac's when you dont see it associated with the ap's.

    But I still stand by my opinion that if you stick on wep and mac filtering it's unlikely that anyone will bother to break in (despite it still being damn easy)

    Greg

    i look at it this way, if i could do it to a neighbour, i probably would.


  • Closed Accounts Posts: 17,163 ✭✭✭✭Boston


    whats the story with bluetooth, from what i can see its slower and more expensive, but response times are faster. why do people use it.


  • Registered Users, Registered Users 2 Posts: 4,027 ✭✭✭flywheel


    you could also look into using an Access Point where you can customise the Antenna Transmit Power and look into the physical location of the Access Point - that will determine where the coverage extends i.e. the area where someone can 'hear' your access point

    a stroll around doing a home site survey to see where coverage is available will show where your signal extends and you may be able to adjust the antenna settings / location to limit to an acceptable range

    for my situation at home, someone would have to break into the back garden or the house itself and have the time / effort to crack the AP - sure it could happen but i'm going to live with that level defence

    i also use a Bluetooth Access point whose range is much more limited than WiFi - but that may be more of an issue depending on the area you want to cover

    BrianG


  • Registered Users, Registered Users 2 Posts: 4,027 ✭✭✭flywheel


    Originally posted by Boston
    whats the story with bluetooth, from what i can see its slower and more expensive, but response times are faster. why do people use it.

    bluetooth access point:

    - doesn't drain my pda's battery like wifi

    - the belkin one i use allows me to share the usb printer with all the windows computers in the house


  • Advertisement
  • Closed Accounts Posts: 17,163 ✭✭✭✭Boston


    hmm if i bought a usb printer, and a usb wifi network adaptor, could i share it will all pc's in that fashion? just i find the printer a bit of a pain


  • Registered Users, Registered Users 2 Posts: 4,027 ✭✭✭flywheel


    Originally posted by Boston
    hmm if i bought a usb printer, and a usb wifi network adaptor, could i share it will all pc's in that fashion? just i find the printer a bit of a pain

    afraid not - the printer wouldn't know what to do with it and the adapter wouldn't have the tech in to to act as a server

    there are WiFi access points with USB ports to share printers... and alternatively this is the most compact option I've seen from D-Link DP-311P for parallel/centronix port printers

    BrianG


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,563 Mod ✭✭✭✭Capt'n Midnight


    ie. they only work when conected to something intelligent.

    If the printer has a NIC or you have a jetdirect box you could use a Ethernet Converter to print wirelessly.


    Security:
    WiFi is just as secure as connecting to the internet :)
    though eavesdroping on the traffic is a little easier - unlike the intenet eavesdroppers have to be physically close.

    If your machine is important to you
    I take it
    -You do have a firewall
    -You have patched windows / IE again THIS WEEK (another 3 big patches)
    - you have blocked all shares and turned off all unneeded services and set access on all relevant folders....

    'cos if you haven't already done the above there is no point in locking the back door when the windows are open....


  • Registered Users, Registered Users 2 Posts: 3,308 ✭✭✭quozl


    Originally posted by DubWireless

    for my situation at home, someone would have to break into the back garden or the house itself and have the time / effort to crack the AP - sure it could happen but i'm going to live with that level defence

    Or they could just use a moderate gain directional antenna, like the 16db yagi I have on the table beside me :) And get a better signal to your network from across the road than you do in the same room.

    AP placement is a good idea, but just like wep and mac filtering it's only a mild deterrant.

    Something like ipsec is a serious deterrent.

    Greg


  • Registered Users, Registered Users 2 Posts: 153 ✭✭crowbar


    Originally posted by quozl
    Or they could just use a moderate gain directional antenna, like the 16db yagi I have on the table beside me
    that sounds amazing! so a good directional antenna boost both the received and the transmitted signals, even when talking to the crappy omni antenna on the ap? are you not still dependent on the power level that the ap is transmitting at?


  • Registered Users, Registered Users 2 Posts: 4,027 ✭✭✭flywheel


    Originally posted by quozl
    AP placement is a good idea, but just like wep and mac filtering it's only a mild deterrant

    i realise anyone determined enough to break in to use my internet connection would be able to - or they could travel a little further around the corner and find a wide open one ;)

    i'm happy with the steps i've taken - which pretty much follows along the point you made originally about the effort(/time/cost) involved being proportional to the chances / cost of being broken into

    if the internet connection was that important to secure i'd lay cable
    Originally posted by quozl

    Something like ipsec is a serious deterrent.

    that and other possibilities are also listed in the tutorial above

    BrianG


  • Moderators, Sports Moderators Posts: 8,679 Mod ✭✭✭✭Rew


    Originally posted by crowbar
    that sounds amazing! so a good directional antenna boost both the received and the transmitted signals, even when talking to the crappy omni antenna on the ap? are you not still dependent on the power level that the ap is transmitting at?

    Iv used directional antennas to get a signal from an AP where prevviously i couldn't.

    With a mag mount antenna u could get signal from the road outside my bedroom but with a standard card no anteena u couldn't get anything evenin my bed room (AP in the Hall and the walls are reinforced with steel)


Advertisement