Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Q over security?

  • 09-05-2004 5:59pm
    #1
    Closed Accounts Posts: 1,136 ✭✭✭


    Hi,

    I have a wlan and using a linksys router, i have 2pc's and my modem connected via ethernet, and another PC hooked up by Wifi. The only security i'm using at the moment is a MAC filter to allow only pc's want to be on the wifi.
    question is:

    is that good enough to stop most people leeching my wifi? i' m not pushed over the WEP because my data is never that secret.


Comments

  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    For a personal setup, I'd say it's more than enough. If you're more concerned about bandwidth leeching than information security, then only supplying IPs to known MAC addresses should keep you locked against all but the most determined people.

    This information is a little vague and possibly wrong. I had a rough night :p


  • Moderators, Sports Moderators Posts: 8,679 Mod ✭✭✭✭Rew


    MAC address filtering is easy to defeat:

    -Sniff valid MAC address
    -Change card MAC to match

    You would notice problems thopugh as 2 identical MAC's cannt co-exist.

    You would be well advised to turn on WEP (128bit if its supported) and hide the ESSID of your network, that will keep out all but the most determined people.


  • Registered Users, Registered Users 2 Posts: 1,268 ✭✭✭hostyle


    To be honest WEP cracking is just as easy as MAC cloning to anyone with the know-how. Neither is secure. Using either or both is more secure but still not secure. I only use MAC filtering but I live close to the middle of nowhere.


  • Closed Accounts Posts: 1,136 ✭✭✭Superman


    Originally posted by hostyle
    I only use MAC filtering but I live close to the middle of nowhere.

    Well if its good enough for you i'll stuck with it!


  • Moderators, Sports Moderators Posts: 8,679 Mod ✭✭✭✭Rew


    Originally posted by hostyle
    To be honest WEP cracking is just as easy as MAC cloning to anyone with the know-how. Neither is secure. Using either or both is more secure but still not secure. I only use MAC filtering but I live close to the middle of nowhere.

    Its a petty common idea that WEP cracking is easy but:

    Airsnort and the likes dont work for every brand of AP

    It can take a long time to collect enough data to crack a 128bit key on a home lan as there isnt a huge amount of traffic

    Breaking a MAC restriction takes seconds breaking WEP would take hours or days and much more technical know how. You really should use it as well as the MAC restrictions and hidden ESSID.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,393 ✭✭✭Jaden


    With MAC filtering on, 128bit WEP enabled, and your SSID broadcast off, you're as safe as you need to be.

    I could use Airsnort or Kismet to find the hidden access point. I could spoof the MAC address, then I could sniff the gig or so of data needed to break a 128 bit WEP key.

    Frankly, even after doing all that, and going unnoticed, all I would have is Internet access and a chance to maybe get some data off any LAN PCs. PGP encryption would sort that out.

    Frankly, it wouldn't be worth the effort. Anyone who would be able to do all that, prolly wouldn't be bothered.

    There are too many unsecured wireless access points floating about, why kill yourself?

    Your Goldfish Porn collection is safe, relax.

    As for the poster who think becasue he's in a remote area, no-one will find him - Newsflash, security through obscurity is a BIG mistake.


  • Registered Users, Registered Users 2 Posts: 1,268 ✭✭✭hostyle


    Originally posted by Jaden
    As for the poster who think becasue he's in a remote area, no-one will find him - Newsflash, security through obscurity is a BIG mistake.

    Yes you are correct, but this is a home LAN. I don't have important / confidential data floating around. I check the logs regularly and have my own logging going on aswell. Its too much hassle going around to every PC / laptop here and next door updating WEP keys and other crap. But you are correct.


  • Registered Users, Registered Users 2 Posts: 23,212 ✭✭✭✭Tom Dunne


    Originally posted by Rew
    MAC address filtering is easy to defeat:

    -Sniff valid MAC address
    -Change card MAC to match

    How is this possible? I thought MAC address were burned into ROM somewhere on the NIC?


  • Moderators, Sports Moderators Posts: 8,679 Mod ✭✭✭✭Rew


    Firmware is still software and some cards will let you change the burned MAC for another one...

    Wired NIC's have been like that for years.


  • Moderators, Sports Moderators Posts: 8,679 Mod ✭✭✭✭Rew


    Originally posted by hostyle
    Yes you are correct, but this is a home LAN. I don't have important / confidential data floating around. I check the logs regularly and have my own logging going on aswell. Its too much hassle going around to every PC / laptop here and next door updating WEP keys and other crap. But you are correct.

    Google for RADIUS and 802.1x ;)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,268 ✭✭✭hostyle


    Found freeRADIUS - very nice. Will look into this more. Has anyone successfully implemented this on a mostly W2k / XP network?

    Also found information about the posible future of WLAn security: 802.11i


  • Moderators, Sports Moderators Posts: 8,679 Mod ✭✭✭✭Rew


    802.11i should be available by the end of the year have a look here:

    http://www.theregister.co.uk/2004/05/06/wi-fi_update/

    802.1x isnt actually secure but it gernarlly raises the bar abouve WEP cracking...


  • Registered Users, Registered Users 2 Posts: 1,268 ✭✭✭hostyle


    Hopefully 802.11i just requires firmware upgraded on 802.11g equipment. *crosses fingers*


  • Closed Accounts Posts: 1,248 ✭✭✭Duffman


    Originally posted by Superman
    Hi,
    is that good enough to stop most people leeching my wifi? i' m not pushed over the WEP because my data is never that secret.


    You should use some kind of encryption anyway. Remember that a packet sniffer can collect any passwords you use for websites, POP3 email, ftp etc... They appear in plain txt unless you're using SSL..


  • Closed Accounts Posts: 8,264 ✭✭✭RicardoSmith


    Newbie question here.

    Encryption - PGP is any of this freeware?

    Hw do you turn MAC filtering on, enable 128bit WEP , and tuen off your SSID broadcast?

    What logs can I turn on and check?


  • Closed Accounts Posts: 1,136 ✭✭✭Superman


    thats a lot of q's i suggest you check your wireless manual or website of the maker.


  • Registered Users, Registered Users 2 Posts: 1,067 ✭✭✭tomk


    Originally posted by RicardoSmith
    Encryption - PGP is any of this freeware?

    GPG is a free open-source replacement for PGP.


Advertisement