December 14th, 2002, 11:05 AM
i am trying to setup my wireless network...but i heard that WEP is also not very safe...if i specify the base station to communicate only with specified MAC addr,will it be safer?is there a way that they clone MAC?if can how they do it?
December 14th, 2002, 02:55 PM
Well it realy depends on where you live..
If its faaar out on the country with 10 miles to the next farm, dont worry about the security.. heh.. thoug are you living in the city, then setup both the WEP and MAC Options in your wireless network..
The WEP is quite easy to get throug, but cloning a MAC adresse can be quite a challenge..
Good luck with it =)
December 14th, 2002, 05:24 PM
Yes, I have heard that you can sniff the MAC address so that it can be spoofed, so that would mean that implementing static MACs will not do the trick. If you are interested in learning more about it, you can try the airsnort homepage . That may help to enlighten you. I find the idea of wireless security pretty interesting. I mean, just think, 10 years ago we weren't even thinking about wireless networks, let alone securing them. Lately, I've read about some interesting technologies such as wireless firewall and IDS systems!
Opinions are like
holes - everybody\'s got\'em.
December 14th, 2002, 06:58 PM
Yeah the mac address can be spoofed, in some older model they'd come with a utilty to change them ...
So definetly use the wep but use the maximum size for the key and change it regularly...
Also depanding on which kind of AP's you got you have several setup that could enhance security. I know that with cisco's aeronet product you can prevent the AP to advertize himself which is quite useful.
assembly.... digital dna ?
December 14th, 2002, 10:23 PM
Ok, I'll add the links I posted to the "other" wireless thread on the main page to this one to..
Good for home wireless networking....
Good for a better understanding of the issues....
December 15th, 2002, 08:05 AM
Here are my tips (partly summed up from others, with some additions):
- Change the default SSID to something specific
- Change the default IP address
- If you have a web-based AP interface, change the default password
- Disable SSID Broadcasting (as suggested by nabylbt)
- Enable WEP with max key, without using a passphrase (generate it manually)
- Block all but specific MAC address(es)
- Put a firewall on your internal network (if applicable) (this will protect your internal network in case you are compromised)
- Place firewalls on all wireless stations (to protect each of them from external attacks)
If you want more secure transfers, you may also want to think about using a VPN or some other form of tunneling to ensure secure transfers between all of your workstations, servers, etc.
And something you may want to think about if you have programming experience... write a program or script which will automatically generate a new WEP key after a given period of time. You can set up the script to reset the WEP key on the access point and then send you the new key either via the network (which may be unsafe) or via e-mail. My script e-mails the WEP key to me. I then have a script on my Exchange server which automatically isolates the specific message and automatically reassigns the WEP to my wireless stations. If you want to know how I did it, I have absolutely no idea... One of the women I have working for me can write scripts to do nearly anything and everything within next to no time, and she wrote these scripts for me.