Posted on 11/01/2010 9:50:50 PM PDT by Wooly
Chances are you don't leave your front door unlocked. And you shouldn't leave your Wi-Fi network unsecured either.
Many of you may have heard this before, but many still seem to not be doing anything about it. You should. Here's why. With a $50 wireless antenna and the right software a criminal hacker located outside your building as far as a mile away can capture passwords, e-mail messages, and any other data being transmitted over your network, and even decrypt data that is supposedly protected.
(Excerpt) Read more at news.cnet.com ...
Make sure you change that phrase a couple of times a year at least.
Fine. But what do you recommend if you are stuck in a hotel with a wireless connection. Is there any way to protect your passwords?
Thank you so much for your attention. I followed your directions, found the screen, had 4 icons on it. Two were security enabled but the one I was on did not say anything.
I clicked on properties and it said Security:WPA Personal and TKIP Encyption type.
Does all that mean I am secure? Thank you.
The password I was referring to was the one you enter on your laptop to connect to your home wireless router (the one you have configured on the router). To protect your passwords on a public wireless network like at a hotel, you can do a few things. First, you can use https connections for any sensitive things you do, though that can be risky as some pages don’t encrypt the whole thing and if you’re not an expert it’s not always easy to tell. Another thing you can do is set up a VPN tunnel over the hotel connection, but you have to have a computer on the other end to complete the tunnel; you can’t just tunnel to anywhere. The most secure thing you can do is not visit any web pages that you need to protect the passwords for (bank, medical account, email, etc). Either get a cell modem for those pages, or wait until you can get to a trusted wired network.
I authorize only two MAC numbers on my router, one for each laptop.
______________________________________
"Here's a chapter right out of 'Home Network Security Simplified' that you'll end up showing to every member of your family. It's an easy-to-follow explanation of how to make sure that your home network is secure--why it's important, and amazingly, how few of us actually do it."
By Jim Doherty, Neil Anderson
Securing a wireless network--The basics--Part I
Page 1 http://networksystemsdesignline.com/howto/showArticle.jhtml;jsessionid=QN5IOL1WI2HAMQSNDLSCKHA?articleID=197003923
Page 2 http://networksystemsdesignline.com/howto/showArticle.jhtml;jsessionid=YBGRLZ3HARN0XQE1GHOSKHWATMY32JVN?articleId=197003923&pgno=2
Securing a wireless network--The basics--Part II
Page 1 http://networksystemsdesignline.com/howto/showArticle.jhtml;jsessionid=10YJRWHFMDXQCQSNDLPSKHSCJUNN2JVN?articleID=197004714
Page 2 http://networksystemsdesignline.com/howto/showArticle.jhtml?articleId=197004714&pgno=2
Page 3 http://networksystemsdesignline.com/howto/showArticle.jhtml?articleId=197004714&pgno=3
Securing a wireless network--The basics--Part III
Page 1 http://networksystemsdesignline.com/howto/showArticle.jhtml;jsessionid=DXLNYEIGK35N2QSNDLRSKH0CJUNN2JVN?articleID=197005104
Page 2 http://networksystemsdesignline.com/howto/showArticle.jhtml?articleId=197005104&pgno=2
Securing a wireless network--The basics--Part IV
Page 1 http://networksystemsdesignline.com/howto/showArticle.jhtml;jsessionid=O3BWSRNIIUYKQQSNDLPCKHSCJUNN2JVN?articleID=197005948
Page 2 http://networksystemsdesignline.com/howto/showArticle.jhtml?articleId=197005948&pgno=2
Securing a wireless network--The basics--Part V
Page 1 http://networksystemsdesignline.com/howto/showArticle.jhtml;jsessionid=3QAKD0LUJTXPIQSNDLRSKH0CJUNN2JVN?articleID=197007563
Page 2 http://networksystemsdesignline.com/howto/showArticle.jhtml?articleId=197007563&pgno=2
Securing a wireless network--The basics--Part VI
Page 1 http://networksystemsdesignline.com/howto/showArticle.jhtml?articleID=197008575
Page 2 http://networksystemsdesignline.com/howto/showArticle.jhtml?articleId=197008575&pgno=2
____________________________________________________
I use 63 printable ASCII characters to encrypt my home modem/router and network with WPA2 AES . I also cut out a strong password from these ASCII characters to access my modem/router. Here is where you can get a random generated string for passwords or WPA and WPA2 encryption.
Enabling MAC address filtering/restriction is the ultimate security measure, equivalent to putting a fingerprint scanner on your front door. You ultimately have control over who can and cannot access your router.
Granted, one can spoof a MAC address much like someone could cut off you finger and use it to get into your house or use something like out of a movie with a fake fingerprint, but hiding the SSID, MAC filtering, WPA2 with AES, and AP isolation (if you know how to use it) make your network as secure as most you will find.
If you have the resources, investing in a server running RADIUS or some other type of VLAN routing table software add further levels of abstraction to your network security.
A roll of postage stamps and thirty minutes doing bookkeeping and bill paying with the checkbook every Saturday afternoon work just fine for us.
I've been doing it for years. Never a problem.
I authorize only two MAC numbers on my router, one for each laptop.
MAC filtering is almost no protection. MAC addresses are transmitted in the clear and can be spoofed easily. ie. My router allows me to set its MAC address. MAC filtering is like locking your screen door. It will only keep out those that value your property. That said, I still do it myself for the heck of it. But I also have real security measures in place as well.
Two parts. One, they were cataloging WiFi hot spots. They were/are using that data. Two, As part of one, they also captured unsecured emails and passwords. They have stated they have no intention of using that data.
Granted, one can spoof a MAC address much like someone could cut off you finger and use it to get into your house or use something like out of a movie with a fake fingerprint,
Oh my dear Lord... no. PLEASE don't pass on this information anymore. MAC address filtering isn't even a good security measure, much less anything approaching "the ultimate." And while I can only imagine the logistics involved in securing a finger and using it before said owner of the finger complains or turns up missing, overcoming a MAC filter is as simple as capturing the MAC address from the air and setting it on the device you wish to access the network. I can do that here from my desk, no movies effects, bolt cuttters or bloody appendages involved.
WPA2 with AES
This on the other hand is the good advice.
Ping
I put out there that MACs can be spoofed, but the majority of script kiddies and 10 year olds aren’t going to bother with port sniffing. The initial communication between a client and the AP can be sniffed for just about anything, esp. if the AP is unsecure.
I’ve used a wireless security auditing program to sniff unsecured neighbor’s wireless APs, printed out a report of their passwords typed during the sniff, and knocked on their door with the printout in hand and said, “Secure your wireless network. If I can get this, imagine what malicious people would do with it.”
They initially rebuked me for poking around, one guy even called the police, but when they understood that I was trying to help, they actually paid me to come over to secure their network. One cop laughed when he was talking to me privately and said, “I should have you come over and do my network too!”
MAC filtering is just another tool. It’s not the best tool, but adding multiple layers of abstraction to your wireless security makes attacks less likely. The lower your risk footprint, the less likely you’ll be hacked randomly.
Hope you take the letters to the post office, because you are more likely to get something stolen from your mailbox and used.
I was taking issue with how you portrayed the level of protection it provides and level of difficulty it presents in overcoming it.
For a home user, it’s relatively simple if you have a basic understanding of networking (MAC addresses, etc.), but yeah, if someone is intent on getting into your wireless network, MAC filtering isn’t going to save your hide.
I recommend it to folks whose routers I configure, but I always explain that it’s an administrative hassle every time a new person comes over. For the micro-managers among them, they usually like to have that level of control, and I’ll teach them how to input new MACs.
Also, depending on the firmware on your router, it’s not hard to edit that table or the on/off value for it if you know what you’re doing. I setup a dedicated crossover connection between my router and my server for both RADIUS and JTAG connectivity and locked the administrative ports down to cabled-access only.
If you’re paranoid, there’s nothing wrong with throwing another spike strip down in front of war drivers, but if they’re in a half-track or a deuce.25, it’s just a speed bump, I admit.
I understand that AP isolation is really the best way to keep ne’er-do-wells out, but even I had a lot of issues getting that to work on my home network. Virtual APs are cool too; I setup a WEP VAP with AP iso for my Nintendo DS wireless, and it works incredibly well.
Go to work today after voting.
Presuming you work in an office, your computer is likely connected to a network.
Now: look at the back of your computer. Find the network connection. You will not find a wireless connection. You will see a cable.
There’s a reason for that.
I’m using wifi from somewhere in my building right now to read FR on my android - haven’t gotten up yet to turn on the computer.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.