securing wireless help - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: securing wireless help

  1. #11
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    Originally posted here by Synful
    I'm going to go ahead and use my Vicodin, Alcohol, and weird antibiotic excuse....

    Not to mention my lack of sleep.


    Anyone got a place I can crash tonight?
    Search craigslist. I'm sure you'll find a place.

    warning: sanity of people housing you may be off the charts
    ...This Space For Rent.

    -[WebCarnage]

  2. #12
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    Regardless of whether MAC Address filter is bypassable, I would still suggest you do it for your local home LANs. Yes, someone with some skill and time WILL be able to get in, but it will still prevent casual people from jumping on your wireless network.

    No, you shouldn't expect it to keep out the intelligent hacker, but it will keep out the casual one. Its probably only enough to keep the honest, honest, but theres nothing wrong with that. You probably only have 1-5 machines that connect to your WAP and thus the administrative overhead is VERY minimal.

  3. #13
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    3. If you a really worried about it, unplug it when you are not using it
    I agree with that. Anything switched on that you are not using represents a total waste of money and another potential fire hazard.

    This will not make it more secure, it merely cause extra hassle for the user.
    No, it will make it more secure insofar as it will make it less desirable. The bad guys are just as lazy as the good guys, and if you want to be lazy, then forget about security?

    The theory is the same as having a lock on your car. Sure if someone really wants to they can steal it, but the chances are that they will go and find a more convenient target. If your WiFi is not permanently available, and even better, is only available at irregular and unpredictable times it is no way near as attractive as one that is permanently on.

    If you are worried about personal data don't store it on your computer, and look at external storage. Also look at on screen keyboards for sensitive stuff.

    Bad guys are percentage players.................if they don't know that there is something worth having and they don't find something pretty quickly they soon move on.

    The message is "don't make it easy for them"
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #14
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Ok, I'll simplify it for you.
    You can broadcast your SSID to planet Mars, leave MAC filtering off, let your DHCP assign 3000 IP's, put your router on your front porch with an antenna that transmits to Mongolia and as long as you have two components setup properly, you can still be relatively safe.

    1) It's called WPA-PSK encryption - most routers have it and I suggest you use it.
    2) a 20+ character (mix of symbols, upper/lowercase, numbers) passphrase.
    Why do I say this? Because during the initial 4-Way Handshake, a sniffer can gather everything it needs to connect to your network except your passphrase.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  5. #15
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    767
    Ok, I'll simplify it for you.
    You can broadcast your SSID to planet Mars, leave MAC filtering off, let your DHCP assign 3000 IP's, put your router on your front porch with an antenna that transmits to Mongolia and as long as you have two components setup properly, you can still be relatively safe.

    Safe for the time being. However, what you recommended below is excellent indeed.

    1) It's called WPA-PSK encryption - most routers have it and I suggest you use it.

    2) a 20+ character (mix of symbols, upper/lowercase, numbers) passphrase.
    Why do I say this? Because during the initial 4-Way Handshake, a sniffer can gather everything it needs to connect to your network except your passphrase.
    What about if you got a packet sniffer capable of packet reassembly? You would near more than just WPA with PSK encryption. To secure it.

  6. #16
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Computernerd22,
    I like WPA-PSK for now because it's become very common in most routers. I've started seeing alot more WPA2-PSK, and WPA2-AES popping up in firmware upgrades in routers. If available, I would recommend using WPA2-AES because supposedly, the AES wrapper is better than the TKIP wrapper. (by "wrapper", I mean encryption method)
    The other methods (enabling MAC filtering, limiting your DHCP range, etc.) are not so much security, more a "If you don't want to get shot, then don't dress up like a deer" mentality.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  7. #17
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    767
    I would recommend using WPA2-AES because supposedly, the AES wrapper is better than the TKIP wrapper
    I would recommend WPA2-AES as well. Also, TKIP (Temporal Key Integrity Protocol) is used to strengthen the weak keys used by WEP.

    TKIP Message integrity Code (MIC) - to pervent forged packets

    new IV sequencing dispcline - to pervent replay attacks

    Per-packets key mixing function - to add complexity to the correlation between IVs and the per-packets keys with which they are used.

    Also, in December 2001 the US federal government selected AES to replace DES as the standard encryption used by deferal agents.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides