September 28th, 2003, 08:10 PM
Internal LAN questions...
Hello , pretty soon In my house i was considering setting up a WLAN.. But there are some security issues i am concerned about with the wireless router.. The internal policies use NAT i know that and i have done some research on this subject.. But how possible would it be for someone to drive by and get a signal off of my router and have internet access ? Maybe i have this confused with a WAP.. Please excuse me if i have confused the two because I am just entering the wireless realm.. And another question , would i have to setup a dhcp server on one host to assign internal ip's to my network ? Someone clear my head about the things i would have to do for a successful WLAN...
"Serenity is not the absence of conflict, but the ability to cope with it."
September 28th, 2003, 08:17 PM
Wap and Wlan are two different things, allow though it is very possible to drive by and get access!
I suppose a good start would be to use encryption and disallow un-encrypted connections.
If you have few computers a STATIC ip address can easily be assigned and you can bypass the use of DHCP. This should also allow you to setup ip level firewalling so you can drop ip address you havn't assigned.
I hope you find this of some use
September 28th, 2003, 08:33 PM
To secure your wireless..........turn OFF broadcast SSID.
(if you are NOT broadcasting.........they can't find you)
Change the SSID to something other than the factory default.
Enable 64 bit encryption and assign a difficult password
We have multiple sites with Wireless.........None of them have any problems with war drivers.
September 29th, 2003, 03:40 AM
If you disable Broadcasting the SSID, it's still sent in the frames of other wireless devices on the network. An attacker could use a packet-sniffer and capture those frames, thus reading your SSID that wasn't broadcasted.
Instead of 64-bit, if you have the equipment to handle 128-bit then use that, if not then 64-bit will do.
Everything everyone else suggested will help you as well.
Take a look at this article for some more suggestions.
hope i helped.
September 29th, 2003, 04:01 AM
Just set about securing my wireless network yesterday after finding out that the OSS drivers for the D-Link 520+ cards (for *nix) did not offer any WEP in Ad-Hoc mode - our initial setup.
So I splashed out on a D-Link 900+ Access Point for the remote end ... very easy to set up (browser interface) and now the network has 128bit WEP and also offers MAC filtering as another level of security.
Not perfect but far, far better than what it was.
You can also look into IPSec but unfortunately over the distance of our link, the overheads on this would punish the connection a little too much.
September 29th, 2003, 04:43 AM
what about allowing only certain MAC addr to connect to the AP.
I read the article tekno linked to and there is no mention of the MAC addr restricting. I did that for someone wireless network together with some of the other things in the article. Will this restricting of the mAC addr help.
September 29th, 2003, 05:36 AM
From the article ....
MAC address spoofing is possible I believe .. but it just adds another string to the security bow over and above WEP as I see it .... at the end of the day if someone is determined enough to get in they will (given their level of expertise) ... as my network is only a home wireless LAN I feel my setup will keep out the casual war-driver from stealing the bandwidth .....
You can configure the firewall to enable access from legitimate users based on MAC addresses, which makes it difficult (but not impossible) for a hacker to mimic. In fact, you can also incorporate MAC address filtering using most enterprise-grade wireless LAN access points.
Its a bit like home security .... leave a door unlocked and the opportunist crook will walk in .... confronted with a locked door and an alarm, there is a good chance the opportunist will move onto an easier target.
September 29th, 2003, 08:34 AM
There are a few authentication /securing your wireless environment.
One of the them is called MAC filtering, where only the MAC address that is specified on your WLAN access point will be allowed to connect to your WLAN.
Below are a few extras.
2) Do not broadcast SSID
3) USe WEP encryption
4) Use AAA server
However to be really, honest, all this security features can be bypassed by an security guru. WLAN technology is at is infancy stage, therefore, security is also quite weak. For instance even if you use MAC restriction, is someone can sniff your packets, there can assign a softmac address to their machine and access your WLAN
September 29th, 2003, 02:47 PM
Originally posted here by ericc
........ However to be really, honest, all this security features can be bypassed by an security guru. WLAN technology is at is infancy stage, therefore, security is also quite weak. For instance even if you use MAC restriction, is someone can sniff your packets, there can assign a softmac address to their machine and access your WLAN
and like Phat_Penguin said....if they want to get in, they will, but at least if you secure your WLAN properly, those casual war-drivers will move on to an easier target.
September 29th, 2003, 02:55 PM
RE: war Drivers
People actually drive around trying to eat into your wireless networks for bandwith around peoples houses and such? Or is it just coperations?