October 25th, 2004, 04:55 AM
The start of a tutorial...
I was inspired to write a tutorial/Article about wireless security after some wardriving the other night. So as I was brainstorming what needs to be done and what I should include I have come to these main points, from here I will go on and explain each one, and why it is important to follow these guidelines. This is what I have so far, please add on anything you feel should be included, you are more then welcome to include your reasoning and also reasons why I should remove things you disagree with.
Should be done
1. Change your SSID from the default
2. DO NOT broadcast SSID
3. use 64 bit WEP keys
4. Use MAC filtering if possible
5. Limit the number of DHCP assigned IP address
6. Turn off default shares on the computer, set permissions for files that need to be shared.
1. Limit broadcast range
2. Use rotating WEPS
3. use a form of data encryption durring transfers
4. Rotate assigned IP addresses
5. If it is for a large area (such as a school or business) use an authentication of somesort inorder to connect to the network (i.e. network log on)
In addition to these wireless security precaussions that must be taken you mut also remember to:
-keep your operating system updated and fully patched.
-Be sure to update your antivirus program
-Use Strong passwords (a good password should be atleast then 8 charaters long, contain both uppper, and lower case letters, numbers, and special charaters)
-Change your password every few months or so
-DO NOT use standard passwords (ie the same password for everythng)
-BE careful what you download
- Use a program such as Ad-aware, or spybot search & destroy to help control adware/spyware
-Use a firewall, there are many free software firewalls available.
well let me know what you think...
October 25th, 2004, 05:25 AM
WEP is becoming obsolete and being replaced by WPA...
October 25th, 2004, 05:27 AM
I would also like to point out as I have in other posts, change your IP address to a class A or B address but leave the Subnet mask at Class C. Assigning an IP like 10.51.0.1 with a subnet mask of 255.255.255.0 will throw off some non-experienced people when they attempt to scan your IP's. this is more of a low level security trick. Other than that this is a very well written tut. I noticed you went with the 64 bit encyption why not higher? Is this because of the transfer speeds?
XTC46 you from Honolulu Hawaii, I just left hawaii. I went to Remington College.
October 25th, 2004, 01:09 PM
You probably have observed that finding a topic that has not been presented is usually pretty tough. I have started a multitude of tutorials and deleted them because the subject matter had already been adequately addressed in another similar tut. If you do use a subject that is very familiar already, make sure you touch on things that have not been presented before or that have undergone a significant change.
Connection refused, try again later.
October 26th, 2004, 03:49 AM
I was not writing it to post on AO. I know the subject is well covered here and in many other places (it is where I learned most of the stuff i know) The tutorial is for clients/an article Im going to try get published in a local paper. I was just asking for a review and some feed back, which I did get. The tutorials written can fall out of date failry quickley, I mean most of them say WEP is the way to go, but as negative pointed out, it is becoming obselete. So it is good to review and update my facts with others.
October 26th, 2004, 03:55 AM
Kismet will still pick up cloaked SSIDs, as long as it catches an association request. NetStubler will not see you WAP however so I guess it helps a little, but I thought there was a reason to leave it on because there was something about the SSID broadcasting that made connecting more efficient. Anyone know a link?
October 26th, 2004, 05:03 AM
Not "official links" (just a bunch of discussions in some forums). Some requires you to have a free account, so here's a summary:
1. It's likely that if you disable the SSID broadcast, you'll see your link go down and up repeatedly. Some people reported this happened on Win 98SE, Win 2000, Win XP using DLink's, a TrendNet (generic), and a Linksys wireless devices. A suggested workaround is to continuously ping to a gateway IP. But stop the ping and within a second or two it would start seeing the network as not there.
2. If you disable SSID broadcasting, Windows XP will not be able to automatically detect your access point, and you will need to manually configure the settings for it. You might want to wait until after you can successfully connect to your access point before disabling SSID broadcasting.
3. Turning off SSID only makes your network invisible to honest people. Like say, your neighbors that are searching for a clear channel to setup their wireless network. Without a broadcast SSID from your network, your neighbor has a 1 in 3 chance of choosing a channel that conflicts with your channel choice, since there are only 3 truly non-overlapping channel choices (see below). You may not care if it causes trouble for your neighbor, but his network on a conflicting channel, will bother your network.
The IEEE 802.11 standard defines a total of 14 frequency channels.
The US uses channels 1 - 11
Most of Europe uses channels 1 – 13.
France uses 10 – 13. Spain uses 10 – 11.
Japan uses 1 - 14.
The channel represents the centre frequency that the transceiver within the access point uses (for example 2.412 GHz for channel 1 and 2.417 GHz for channel 2).
There is 5 MHz separation between the centre frequencies. The signal falls within 11 MHz of each side of the centre frequency. This means that an 802.11b/g signal overlaps with several adjacent channel frequencies. This leaves only three channels that can be used without causing interference between access points. These are channels 1, 6, and 11 in the US. The 802.11b standard identifies the non-overlapping set as 1, 7, 13 in Europe.
4. Disabling SSID provides no real security, but it does provide a modicum of obscurity -- rather like not letting newspapers pile up in the driveway as an advertisement (to thieves).
If your SSID is disabled, some of the most popular "war-driving" tools, such as NetStumbler, will not detect your AP. But war-drivers are harmless anyway, more akin to bird-watchers than crackers. There are many more utilities that will detect your SSID by active probing anyway, and any serious cracker will have such tools.
The IEEE 802.11 standard does not envision non-broadcasting of SSIDs. In fact, it requires that SSIDs be made available at leaset through active probing. If your SSID was not available in this way, your own wireless client wouldn't work. Does it do any harm to disable SSID? Not serious, but it can play havoc in an environment where clients are roaming among multiple APs.
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
October 26th, 2004, 05:35 AM
Yea I have read the stuff about not broadcasting SSID. I have rethought the issue and will remove that part of it. Im writing this for new users (mostly) and trying to find a network without an SSID broadcasting will be a pain if they have no clue what they are doing. Thanks for all the links jdenny.
October 27th, 2004, 12:34 AM
My apologies, I didn’t see that before I posted.
I was not writing it to post on AO.
At the house I use a linksys and I have to enable the SSID if I add a new adapter. When it locates the AP, I disable SSID. It finds it every time thereafter regardless if a family member turns off their computer and/or adapter and then restarts later. That might be important to include otherwise folks might get real frustrated if the user can't find the network.
and trying to find a network without an SSID broadcasting will be a pain.
Connection refused, try again later.