Posted on 10/18/2004 4:38:28 PM PDT by gitmo
If everyone with a wireless access point would take ten minutes to secure their system doing what you did, and configuring a firewall to shut off unneeded ports and services, there would be absolutely nothing to worry about.
I'm sure that will stop the blackhats. Why did'nt I think of that.
This is what we've done at home. While I was setting up the network, I noticed that I could see someone else's network. There's an office building about 2 blocks away. If not for the neighborhood trees, I could probably see the building from my house. My guess is that the network was in one of those offices. But looked at another way, this means that I could probably break into their network from our kitchen.
Placement of your APs with respect to your firewall is only effective if you can prevent another unauthorized AP from relaying to yours. APs have no way of authenticating each other, so the only way to block this type of attempt to gain access is to require authentication on a server through either passwords or certificates.
Bottom line is wireless networks can be made as secure as hard wired ones, but currently require more hardware, software, and system administrative resources than the typical home user has available.
yes.
There's so much hype about insecurities of IEEE 802.11 or wireless LAN or WiFi. Yes WEP, basic WLAN security is crackable. But how many who will try to crack yours? Only people using Linux or BSD (Unix). I've been using WiFi since Lucent Technologies made it available to consumers.
My advise: simply change your wirelesss router defaults like change administrator's password, turn off SSID broadcast and use MAC address authentication. You may turn on WEP but if signal is marginal you'll get annoying disconnection and auto reconnected from time to time.
So I turned off WEP but SSID broadcast is off, MAC address filtering is on. The only people who can uncloak your SSID hackers using Linux or BSD OS. By the way, I watch out unknown vehicles park within 300 feet near my house.
Iffen ya dan't lick haw Is spels wayt a litle, Ill spel it defirent next tyme.
You cam block popups by editing your hosts file. See http://practice.chatserve.com/hosts.html for more.
bttt
How true. Federal regulation has always stopped the dedicated criminal from committing crimes. (Not)
(They can't let you tinker with the radio or all hell would break loose).
You mean like those CB'ers using illegal 2000 watt linear amplifiers or those illegal pirate radio stations? Just to mention a couple of well known instances.
(I'm not trying to make fun of you or be sarcastic toward you. Just trying to make a point. Laws have never stopped criminal activity.)
On a home router, your access point and your firewall are often the same device.
LOL! If it weren't for laws, there wouldn't BE any criminal activity.
Point taken.
But this is a single chip radio, and the interface is
protected with security measures as well as not documented.
Those two facts have kept the best hacker minds in the world (the Linux community) from using wireless nics (unless manufacturer releases drivers) for several years after availability in Windows. In fact the most successful method of using wireless in Linux is to put a wrapper around the windows drivers and use the windows drivers in linux.
So its not exactly like the CB world. Its more like you purchased a CB welded into a solid block of steel. Hard to tinker with.
Yes, its possible but programming on that level is well beyond the scrupt kiddies that hack your home wireless. In fact virtually all defeated by the simplest means, which leaves you worrying about 1000 hackers world wide capable of blowing thru your wireless security. As long as they live within 300 meters. ;-)
I think that non-broadcast of the SSID plus 128 bit encryption, plus MAC address filtering all at once is enough to keep hackers from wasting their time on your wireless net.
Hate to tell you...
MAC addresses can be set manually on certain types of NIC cards (for obvious reasons I won't say which ones) and I discovered this quite accidently when I bought a few NICs for some boxes at the office and they all had the same MAC address. RTFM. Sure enough, they came with instructions on how to select and set a MAC address.
Regardless, it's just an OSI protocol that is terribly easy to spoof. Spoofing a WLAN card is really easy since it's done with an emulator and does not have to be hardcoded. You can even 'scan' a network for vulnerable MAC addresses the same way you can scan for open IP addresses on a network.
MAC address security along with 128bit WEP keys and a nice, tight, algorithmic hash security method are your best bet for keeping a network secure.
Even then, it's all for naught if you share security info with the wrong people - or even the right people who happen to be stupid.
The smartest security people do not allow WLAN despite the 'convenience'.
And, I don't do this often, but I'm going to plug my company here in the forum, because my company just so happens to install secured wireless networks for residential and commercial properties (Link to my company site). Myself and a network guru buddy of mine have designed encryption that is very secured and perfect for these markets.
But, I tell all of my clients, this is like an alarm on your home. If someone really wants in, it is possible. However, most wardrivers with malicious intent (including many terrorists --they believe that this is one of the main ways terrorists are cloaking their activity in cyberspace),are looking for easy targets. And, because 70 to 80% of all wireless networks are unsecured, it is a target-rich environment.
And, while I'm admittedly biased, it really is a good idea to have your wireless network locked down. I tell all of my clients, "You wouldn't leave the front door of your house unlocked and open to the public, would you? There's no reason to do it with your wireless network."
GW and Twins Pawpaw....you said,
"Another reason to hardwire..."
I agree and disagree. My company also designs wired networks too, but wireless is a market trend for many reasons.
First, it is conveinient. You aren't, literally, tied down to one location in a home. So, you set up a laptop at a small kitchen nook. With a wireless print server, you can put your printer anywhere in your house without having to jam it into a deskspace.
Second, you don't have to wire your home. If your home was built in the last 5 years, then it is may be wired with CAT5 cabling (or better). But, unfortunately, most houses are much older than 5 years old. Having a wireless solution can eliminate the need for these types of rennovations. And, let's be perfectly honest, if you are into the DIY thing, who wants to crawl around an itchy old attic dropping cable. Not many.
Third, a secured wireless solution is great for small businesses. Small business that rent storefront or operate out of executive office-type places move frequently. The business is likely to have high-speed access, but if they have more than 2 or 3 workers/computers, then having wires running around the office or pay money to have "drops" put in. The wiress running along the floor is unsightly and unsafe. Doing the drops can be expensive. With the wireless network, if the business moves, they unplug it, move, plug it back in, reboot and they are gold.
The key for homeowners or business owners is value. A wireless network can provide them value. But, it really is imperative that the network is locked down.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.