close

Privacy guaranteed - Your email is not shared with anyone.

Welcome to Glock Talk

Why should YOU join our Glock forum?

  • Converse with other Glock Enthusiasts
  • Learn about the latest hunting products
  • Becoming a member is FREE and EASY

If you consider yourself a beginner or an avid shooter, the Glock Talk community is your place to discuss self defense, concealed carry, reloading, target shooting, and all things Glock.

Tell me about wireless security please?

Discussion in 'Tech Talk' started by hapuna, Jun 4, 2004.

  1. hapuna

    hapuna Trusted Member

    734
    0
    Apr 22, 2002
    Washington
    OK I have not been able to actually see the programs on TV but I have seen a lot of the teasers for the shows discussing the risk of working in a wireless environment. One of the teasers had someone sitting in an internet cafe saying that they could see everything that was being done on another persons computer.
    What should I be doing to sensible secure my stuff??? I also have a wireless router at home. Is there something I should be doing here also to make sure that the casual hacker can't get in?
    All ideas greatly appreciated.:)
     
  2. whizz

    whizz

    38
    0
    Feb 11, 2002
    sweden

  3. physicsdevil

    physicsdevil

    44
    0
    Jan 25, 2000
    California
    Here are the basics:

    - Change your default WAP login/password and make your password sufficiently complex.
    - Change your SSID periodically.
    - Disable SSID broadcast.
    - Use some semblance of encryption (WEP/EAP).
    - Limit the number of DHCP addresses that your WAP assigns, or better yet, disable DHCP entirely.
    - Limit the size of your internal network to just what you need.
    - Limit connectivity by MAC address.

    Obviously, I can't give you specifics without knowing what kind of WAP you have.

    Hope this helps...
     
  4. HerrGlock

    HerrGlock Scouts Out CLM

    23,791
    182
    Dec 28, 2000
    What physicsdevil said plus change your WEP key about every month or every other month. It takes about a month to get enough packets to break the encryption from a normal household.

    Look for the highest WEP possible, 128 Bit +. There will be another encryption technique but it'll be a while before it's as well used as WEP.

    DanH
     
  5. gudel

    gudel

    486
    0
    Jun 1, 2001
    some wireless clients would not connect if the access point's ssid is turned off. there's no point turning dhcp off since i can just connect to your router anyway if i stick in static ip.

    in addition to what physicsdevil already said, if you do turn off dhcp and your router has client filtering, block tcp/udp port from 1 to 65535 of the ip range that you don't use.

    even if the guy can associate with your wireless router, he wouldn't be able to do much. if he does use the ip that already in use, that'll pretty much give you the warning on screen :)

    i have four APs, great signal through out the house :) i see this all the time in my router log, people try to logon to my router, and people try to join. they all got denied.

    but if i see some guy hanging out across the street looking suspicous, specially with a laptop or some antenna in it, they just might meet Mr. 12GA ;f

    you can also use 255.255.255.248 subnet, that should make only 6 usable IP addresses.
     
  6. BikerGoddess

    BikerGoddess Got hairspray?

    1,327
    0
    Mar 8, 2002
    Dallas, TX
    Hmm, but what if you're at one of those hotspot thingies?

    Laura
     
  7. hapuna

    hapuna Trusted Member

    734
    0
    Apr 22, 2002
    Washington
    Yes it looks like a lot of good advice for my home wireless network which is great(and none of which I am using). I will get on that.
    But back to Laura's question re the hotspot type scenario?
    Thanks for all the advice so far.
     
  8. gudel

    gudel

    486
    0
    Jun 1, 2001
    what about it?
     
  9. HerrGlock

    HerrGlock Scouts Out CLM

    23,791
    182
    Dec 28, 2000
    If you're talking about Starbucks or some other place with wireless as a feature, don't do anything personal, don't type in your password to anything, don't put any financial information at ALL.

    Treat it as if you are in the middle of grand central station and writing on a large chalk board. What would you write up there? Not much.

    DanH
     
  10. HerrGlock

    HerrGlock Scouts Out CLM

    23,791
    182
    Dec 28, 2000
    Yes. But not with wireless.

    DanH
     
  11. grantglock

    grantglock /dev/null

    219
    0
    Feb 20, 2004
    Iowa
    I intentionally leave my access point wide open to anyone who wants to use it. That said I do know how to encrypt my important things if i need to.
     
  12. HerrGlock

    HerrGlock Scouts Out CLM

    23,791
    182
    Dec 28, 2000
    and I intentionally leave an access point wide open for anyone who wants to use it...

    Of course, it doesn't go anywhere but an enclosed network and a packet sniffer...

    ;j

    DanH
     
  13. physicsdevil

    physicsdevil

    44
    0
    Jan 25, 2000
    California
    I'd say that's the point if you're trying to protect your internal network. :) Actually, even though the SSID can still be seen if you're sniffing, this is a commonly accepted method to eliminate low-hanging-fruit by making it more difficult to connect to your network for those who are unfamiliar with it.

    Except for the fact that a potential attacker wouldn't likely know your internal network range. This is especially true if you limit the size of your network (unfortunately most WAPs default to a /24). Besides, I don't want anyone within range or my WAP to be able to pull an IP address. At the very least, they can take up IPs that would otherwise go to legitimate clients. It's also a lot easier to limit the activity of legitimate clients if they're assigned static IPs.

    This is a possibility, but it's easier to resize your network and enable MAC filtering.

    Assuming that he only *needs* 6 IP addresses. :)
     
  14. BikerGoddess

    BikerGoddess Got hairspray?

    1,327
    0
    Mar 8, 2002
    Dallas, TX
    I've not used one, but I'm assuming that they don't let you set up the AP for them... ;Q Any security tips for those situations?

    Laura
     
  15. HerrGlock

    HerrGlock Scouts Out CLM

    23,791
    182
    Dec 28, 2000
    Yeah. Only go to https websites and/or set yourself up a proxy at home that uses https and use it exclusively.

    DanH
     
  16. gudel

    gudel

    486
    0
    Jun 1, 2001


    you seem to argue everything i say.
    try this, if you're actually setting up other people's computer, and their wlan can't connect because you turn off the ssid, you can't say, "oh, my wifi card's kungfu is better than yours, which is why you can't connect; therefore i want you to buy the $80 card". it's just doesn't work like that.
    i invite you to come on down my house and try to break in the wlan.
     
  17. gudel

    gudel

    486
    0
    Jun 1, 2001
    i have a commie worker from poland, he believes internet access should be free and everything should be shared and free (just as about anything else, free books, free software) but he hates guns (just like a lefty/commie he is! ;f). he set up a rogue AP at work, which i quickly took down.
     
  18. physicsdevil

    physicsdevil

    44
    0
    Jan 25, 2000
    California
    Please don't take my replies as being adversarial. I'm simply trying to offer up help based on my knowledge and experiences.

    As a matter of fact, in my experience, I have *never* had trouble connecting to a WAP with SSID broadcast disabled. I don't broadcast on my home AP, and none of my laptops have any problem connecting via Windows (perhaps due to WinXPs excellent wireless management) or Linux. I'm just using a plain ol' Linksys 802.11b WAP/router and generic Orinoco gold WiFi cards. At work, we're using an even more generic WAP that one of the other security guys brought from home...everyone there seems to be able to connect with no problem.

    It seems that our experiences are just different, as you appear to work more on the PC side of things, and I work more on the server/network side.