Persuasion for security
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Persuasion for security

  1. #1
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Posts
    238

    Persuasion for security

    Hi guys,

    The place I am moving to, now has a wireless access point in there, and I am guessing that they may not be up on their security at all.

    I want to implement some element of security that is not too hard for them to grasp. This I have no problems in doing, there are more than enough tutorials and the like on here to learn all that, and I am getting pretty savy here.

    What my question is, is how would you go about persuading someone to secure their network? I have had resistance to security before, in fact I get a lot of it, the average joe thinks it is too much hassel to do untill they have been affected by it. I am at this moment learning how to use ethereal and when I go to pick up the keys next week, I was thinking of taking my laptop along, and just showing them what could be gleaned, just by hooking up to their network and doing some analysis.

    Here lies the problem, this seems like a logical way forward, and certainly for a professional company could be invaluable. But for a social and particularly house share environment, could this possibly cause distrust in the house, knowing that someone has the ability to be watching their every move on the network.

    What would you guys do in this situation? Basically, I want a fairly secure link, I don't want our bandwidth nicked, and I want to know that I can still bank online, which I would not feel safe about if it was just an open network.

    I would secure the network by naming it, and not broadcasting it. I think this is akin to chaining a bicycle to a lamppost in that it is secure from the average joe bloggs who might walk past. Yet it leaves it simple enough for friends to log in with their laptops if they want, without me having to be there.

    Your thoughts on this would be interesting. It seems more of a social engineering question actuall, of which I am becoming interested.


    Jonny the Social Butterfrond
    Sarcasm is a way of life

  2. #2
    Banned
    Join Date
    Jun 2005
    Posts
    445
    MAC filtering is a fairly simple concept to grasp.

    Don't show them that you can sniff the network, don't let them know what you can do until they trust you.

    You have to make sure the danger remains on the "outside"


    Trust me on this. I'm sitting in the library at the local college right now, being watched like a hawk. They don't trust me. It's kinda funny actually since I've had teachers come to me when they needed access to certain resources on the network they could not otherwise get.


    EDIT: Heh... accidentally clicked post...

    First of all, you have to automatically consider the line and the other machines in the house "compromised." Even if they're not, security mandates that you think of them this way and act accordingly. Your first priority has to be the security of your machine(s). Both local and domain, if that applies.

    Your only priority for the router is to protect "your" bandwith. They can take whatever advice they want to. Just CYA.

  3. #3
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I swear by iPig in unsecured wireless environments. It's pretty quick to setup, tunnels you out to an iOpus server. You lose some network speed on the client machine, but it should't affect the rest of the network.

    It's tough to approach folks about security. IT is so incomprehensible to most. People are so relieved to have something high-tech work that they become very reluctant to add another layer on the thing.

    At some point their network will have problems. That might be your opportunity to show them what you know. Until then, make yourself useful.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #4
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Posts
    238
    After battling with iPig now for about 2 hours, I officially declare it a pile of ****. You register with YOUR email, and give YOUR password, and then you activate it using THEIR activation email, get a message saying "Your account is now activated you mug" for it to block any attempt to get anywhere near the internet with a friendly message saying that your account does not exist.

    They need to do a little bit of work yet


    Furiound
    Sarcasm is a way of life

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I officially declare it a pile of ****.


    Welcome to the world of poorly written software\manuals\help files\websites

    Talk about hoops for activation...try Symantec. I currently have the CEOs home machine on my bench....due to major problems with his Norton 2002 AV...

    Contact us....4-5 day response. WTF.............I go for the phone...the canadian number is out of service...
    I use the US...and bully my way around to resolve the issue....

    Anyhoo....... I truly enjoy your posts..............you jonny are a very funny frond

    ...have some greenies

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Posts
    238
    Wow check out my ego, it's shining like a goodun.

    I feel energised (said in a heavily camp american accent for that comedy moment)



    j*********************ny swear words Fuc*
    Sarcasm is a way of life

  7. #7
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Posts
    238
    Ok I got this to work, obviously needed a day to sort out my registration. As for how encrypted and safe it is, I can't comment on that, and have to rely on the fact that it most probably is, I mean the servers that unencrypt are far away from the other end of my wireless, and I can't see the point of doing something like this specifically and not making it top notch encryption.

    So having said that, it is easy to use, and seems eventually user friendly, but it is slow slow slow. Now the sites that the average punter would want encryption for, i.e. the bank and such forth, are slow sites as it is, it would not surprise me if you ended up with a few time out situations.

    Nice idea though, and with a top notch fast computer with fast internet connection I bet it is good. I have adsl 1Mb line for just me, and after writing all this, the page has finally finished loading.



    Yyyyyyooooooouuuuuuurrrrrrrrsssssss
    Jjjjjjjjjjjooooooooonnnnnnnnnnnnnnnnyyyyyyyyyyy
    Sarcasm is a way of life

  8. #8
    I would secure the network by naming it, and not broadcasting it. I think this is akin to chaining a bicycle to a lamppost in that it is secure from the average joe bloggs who might walk past
    Chaining it to a lamppost is no good if you forget the padlock. Seriously, you need WPA. From the client end with XP SP2 it's simple -- open the wireless networks thing in the tray, double-click the network you want, then type in the password. Once you've done that once, reconnection is seamless.

    Disabling broadcasting doesn't hide you from anyone who's driving around looking for networks, but it does make you easier to hijack (your clients will prefer an AP which is broadcasting the SSID). MAC filtering is pretty useless from a security perspective too.

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Yeah, Jonny, she's slow. But that's the price we pay for more security. 256-bit AES ain't bad. And it beats surfing in the clear on unsecured wireless.

    It's best to use it selectively. I don't run it all the time when I'm on an unsecured network, but it's a nice option to have.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #10
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    @tt!tud3

    MAC filtering is pretty useless from a security perspective too.
    Why is mac filtering useless in the standard home or student hostel enviroment?
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •