securing wireless help
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: securing wireless help

  1. #1
    Junior Member
    Join Date
    Sep 2006
    Posts
    3

    need a lil help

    ive been operating on a wifi connection fer about a year or more, and ive been noticingit seems to be a lil more simpler fer"attackers" to get in... mite i get a few suggestions on how to make my system a lil more secute, how to lock it down with out lockin it up totaly?

  2. #2
    Member
    Join Date
    Jun 2003
    Posts
    57
    snax,

    Basic things to help secure WAP are:

    Turn off your SSID broadcast - This will help, but only a little bit, it does not keep someone from getting your SSID only keeps your WAP from advertising it.

    Turn on encryption - Turn on the highest level of encryption your WAP and NIC can negotiate. Wep is surely available, though not the best choice WPA is better. If you can, configure your WAP so that it is accessable only via VPN.

    Turn on Mac filtering - Your Wap should alow you to specify those MAC addresses that are allowed to connect.

    For more advise you should post the type, model, etc.. of your WAP and Nic that you are using so folks get an idea of what hardware to consider in their responses. If the folks here know what devices you ae dealing with they will be able to be more specific in their responses and you will be happier in the end.
    \"If you take a starving dog in off the street and make him prosperous he will not bite you, this is the principle difference between a dog and a man\" - Mark Twain

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    As well as the points mentioned above:

    1. Move your AP in to the centre of your house if you can (away from any windows etc)
    2. If it has two antenna's disable one, providing if the signal is still strong enough for you
    3. If you a really worried about it, unplug it when you are not using it
    4. Regualry check your logs
    5. Set it to only issue out 1 or 2 IP addresses (or as many IP addresses as you have wireless clients) usually they will issue out 254 IP addresses.....if you only have two computers, you only need 2 IP addresses.....
    6. You could even turn of DHCP altogether and assign yourself a static IP, so the attacker will not know your subnet and will have to guess at an IP before he can associate with it
    7. If the AP allows it change the subnet to a non default one, i.e 192.168.32.0/24 etc
    8. There are programs you can run from your laptop that will alert you when ever someone connects to your AP, but I can't think of one of the top of my help but I am sure someone here will know of one, or search around for one.
    9. Disable remote administration (so people on the internet can not connect to the admin page of it
    10. Disable wireless administration, so you have to physically be wired in to the AP to get to the admin page
    11. If the AP allows it you can disable communication between wireless clients associated with that AP.

    Each one one their own will not do much to secure it but the more of them you implement, the more secure you make it.

    IMHO I would say the best single security measure you can take it to limit the ammount of IP addresses available, if you only have 1 wireless client, you only need 1 IP address, so set it to only ever issue out the 1 IP. If your connection suddenly starts dropping you are probably subject to some sort of deauth attack and know someone is trying to access your AP.

    //It goes without saying use WPA/WPA2 and not WEP.
    Last edited by Nokia; February 5th, 2007 at 11:15 PM.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  4. #4
    @řΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    Originally posted here by Nokia
    As well as the points mentioned above:

    1. Move your AP in to the centre of your house if you can (away from any windows etc)
    I believe that some routers have the ability to adjust signal strength. Might be worth looking into.
    2. If it has two antenna's disable one, providing if the signal is still strong enough for you
    3. If you a really worried about it, unplug it when you are not using it
    This will not make it more secure, it merely cause extra hassle for the user.
    4. Regualry check your logs
    5. Set it to only issue out 1 or 2 IP addresses (or as many IP addresses as you have wireless clients) usually they will issue out 254 IP addresses.....if you only have two computers, you only need 2 IP addresses.....
    MAC Filtering. Only allow certain clients to connect.
    6. You could even turn of DHCP altogether and assign yourself a static IP, so the attacker will not know your subnet and will have to guess at an IP before he can associate with it
    This accomplishes nothing as any packet sniffer will give you the subnet/IPs
    7. If the AP allows it change the subnet to a non default one, i.e 192.168.32.0/24 etc
    Again, security through obscurity. You should know better.
    8. There are programs you can run from your laptop that will alert you when ever someone connects to your AP, but I can't think of one of the top of my help but I am sure someone here will know of one, or search around for one.
    9. Disable remote administration (so people on the internet can not connect to the admin page of it
    Also disable wireless administration, I am not sure if you were referring to this as well. Ideally, only an SSL connection from a wired host should be able to administer the router.
    10. Disable wireless administration, so you have to physically be wired in to the AP to get to the admin page
    Nevermind...
    11. If the AP allows it you can disable communication between wireless clients associated with that AP.
    This may be severely counter-productive.
    Each one one their own will not do much to secure it but the more of them you implement, the more secure you make it.

    IMHO I would say the best single security measure you can take it to limit the ammount of IP addresses available, if you only have 1 wireless client, you only need 1 IP address, so set it to only ever issue out the 1 IP. If your connection suddenly starts dropping you are probably subject to some sort of deauth attack and know someone is trying to access your AP.

    An IDS on the wireless portion is good.

    [/B]
    You should also assume from the beginning that your wireless is compromised. Use local security policies accordingly.
    Real security doesn't come with an installer.

  5. #5
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Originally posted by Synful
    MAC Filtering. Only allow certain clients to connect.
    http://blogs.zdnet.com/Ou/index.php?p=43
    Wireless LAN security hall of shame

    MAC filtering: This is like handing a security guard a pad of paper with a list of names. Then when someone comes up to the door and wants entry, the security guard looks at the personís name tag and compares it to his list of names and determines whether to open the door or not. Do you see a problem here? All someone needs to do is watch an authorized person go in and forge a name tag with that personís name. The comparison to a wireless LAN here is that the name tag is the MAC address. The MAC address is just a 12 digit long HEX number that can be viewed in clear text with a sniffer. A sniffer to a hacker is like a hammer to a carpenter except the sniffer is free. Once the MAC address is seen in the clear, it takes about 10 seconds to cut-paste a legitimate MAC address in to the wireless Ethernet adapter settings and the whole scheme is defeated. MAC filtering is absolutely worthless since it is one of the easiest schemes to attack. The shocking thing is that so many large organizations still waste the time to implement these things. The bottom line is, MAC filtering takes the most effort to manage with zero ROI (return on investment) in terms of security gain.

  6. #6
    @řΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    Touchť.

    I don't know why I keep suggesting that.
    Real security doesn't come with an installer.

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    Originally posted here by Synful
    Touchť.

    I don't know why I keep suggesting that.
    This thread deals with all of that MAC Address nonsense.
    ...This Space For Rent.

    -[WebCarnage]

  8. #8
    @řΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    Originally posted here by [WebCarnage]
    This thread deals with all of that MAC Address nonsense.
    I'm familiar with the thread, and the technical aspects of it.


    For some reason, there are a few things that are just permanantly stuck in my head as being good ideas. Even when experience and logic says otherwise. That may explain why my life has gone the way it has... Meh.
    Real security doesn't come with an installer.

  9. #9
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    I don't know why I keep suggesting that.
    Because Mr Doppy/Synja you evidently don't understand wireless security very well.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  10. #10
    @řΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    I'm going to go ahead and use my Vicodin, Alcohol, and weird antibiotic excuse....

    Not to mention my lack of sleep.


    Anyone got a place I can crash tonight?
    Real security doesn't come with an installer.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides