Internal LAN questions...
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Internal LAN questions...

  1. #1
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352

    Internal LAN questions...

    Hello , pretty soon In my house i was considering setting up a WLAN.. But there are some security issues i am concerned about with the wireless router.. The internal policies use NAT i know that and i have done some research on this subject.. But how possible would it be for someone to drive by and get a signal off of my router and have internet access ? Maybe i have this confused with a WAP.. Please excuse me if i have confused the two because I am just entering the wireless realm.. And another question , would i have to setup a dhcp server on one host to assign internal ip's to my network ? Someone clear my head about the things i would have to do for a successful WLAN...
    "Serenity is not the absence of conflict, but the ability to cope with it."

  2. #2
    Member
    Join Date
    Aug 2002
    Posts
    57
    Wap and Wlan are two different things, allow though it is very possible to drive by and get access!

    I suppose a good start would be to use encryption and disallow un-encrypted connections.

    If you have few computers a STATIC ip address can easily be assigned and you can bypass the use of DHCP. This should also allow you to setup ip level firewalling so you can drop ip address you havn't assigned.

    I hope you find this of some use

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    267
    To secure your wireless..........turn OFF broadcast SSID.
    (if you are NOT broadcasting.........they can't find you)

    Change the SSID to something other than the factory default.
    Enable 64 bit encryption and assign a difficult password

    We have multiple sites with Wireless.........None of them have any problems with war drivers.

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    156
    If you disable Broadcasting the SSID, it's still sent in the frames of other wireless devices on the network. An attacker could use a packet-sniffer and capture those frames, thus reading your SSID that wasn't broadcasted.

    Instead of 64-bit, if you have the equipment to handle 128-bit then use that, if not then 64-bit will do.

    Everything everyone else suggested will help you as well.

    Take a look at this article for some more suggestions.

    Securing WLANs

    hope i helped.

    laters.

  5. #5
    Senior Member
    Join Date
    May 2002
    Posts
    450
    Just set about securing my wireless network yesterday after finding out that the OSS drivers for the D-Link 520+ cards (for *nix) did not offer any WEP in Ad-Hoc mode - our initial setup.

    So I splashed out on a D-Link 900+ Access Point for the remote end ... very easy to set up (browser interface) and now the network has 128bit WEP and also offers MAC filtering as another level of security.

    Not perfect but far, far better than what it was.

    You can also look into IPSec but unfortunately over the distance of our link, the overheads on this would punish the connection a little too much.

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    217
    what about allowing only certain MAC addr to connect to the AP.

    I read the article tekno linked to and there is no mention of the MAC addr restricting. I did that for someone wireless network together with some of the other things in the article. Will this restricting of the mAC addr help.

  7. #7
    Senior Member
    Join Date
    May 2002
    Posts
    450
    From the article ....

    You can configure the firewall to enable access from legitimate users based on MAC addresses, which makes it difficult (but not impossible) for a hacker to mimic. In fact, you can also incorporate MAC address filtering using most enterprise-grade wireless LAN access points.
    MAC address spoofing is possible I believe .. but it just adds another string to the security bow over and above WEP as I see it .... at the end of the day if someone is determined enough to get in they will (given their level of expertise) ... as my network is only a home wireless LAN I feel my setup will keep out the casual war-driver from stealing the bandwidth .....

    Its a bit like home security .... leave a door unlocked and the opportunist crook will walk in .... confronted with a locked door and an alarm, there is a good chance the opportunist will move onto an easier target.

  8. #8
    Junior Member
    Join Date
    Sep 2003
    Posts
    6
    There are a few authentication /securing your wireless environment.

    One of the them is called MAC filtering, where only the MAC address that is specified on your WLAN access point will be allowed to connect to your WLAN.
    Below are a few extras.
    2) Do not broadcast SSID
    3) USe WEP encryption
    4) Use AAA server

    However to be really, honest, all this security features can be bypassed by an security guru. WLAN technology is at is infancy stage, therefore, security is also quite weak. For instance even if you use MAC restriction, is someone can sniff your packets, there can assign a softmac address to their machine and access your WLAN

  9. #9
    Senior Member
    Join Date
    Sep 2003
    Posts
    156
    Originally posted here by ericc
    ........ However to be really, honest, all this security features can be bypassed by an security guru. WLAN technology is at is infancy stage, therefore, security is also quite weak. For instance even if you use MAC restriction, is someone can sniff your packets, there can assign a softmac address to their machine and access your WLAN
    very true.

    and like Phat_Penguin said....if they want to get in, they will, but at least if you secure your WLAN properly, those casual war-drivers will move on to an easier target.

  10. #10

    RE: war Drivers

    People actually drive around trying to eat into your wireless networks for bandwith around peoples houses and such? Or is it just coperations?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •