Wi-Fi cloaks a new breed of intruder (Turn on your router's encryption, people!)

St. Petersburg Times ^ | July 4, 2005 | Alex Leary

[firewalk]

.

[Focault's Pendulum]

Had second thoughts...huh?

[.308 PSS]

Oh and as far as admin for password, if that be the case......change that too, I have found networks that were unsecure and had the default password as admin!! This allows me to get you main ISP email address and account password, using a simple program.

[Cboldt]

By the way, WEP encryption is so lame as to be almost totally useless. Turn on WPA encryption instead.

Encryption of communications between the devices doesn't prevent the communication.

To limit the devices that can access your wireless network, ID each permitted device by its MAC.

[Cboldt]

Access control - not encryption - is useful for preventing unauthorized use of bandwidth.

A point obfuscated by the thrust of the article, and most of the comments on this thread.

[PogySailor]

Using the proper settings for encryption also prevents access to the WAP. Using WPA-PSK/AES with MAC filtering is a "belt and suspenders" way of securing your network.

Of course, the best way would be to use RADIUS and a password token (i.e SecureID). But that's way beyond what's needed for the average Joe's home WLAN.

[COBOL2Java]

Set your wireless router to not broadcast the SSID. Then, make up a SSID which is difficult to guess, like you would a password - e.g., use @ for 'a' and 0 for 'o' in the SSID. That plus password encryption (the highest your router will support - mine uses 128-bit) will go a long way.

Also: change your password regularly. One good strategy for creating passwords is to take a poem or a limerick you know, and use the first initials of every word to form the password.

[firewalk]

troublemaker...

[Cboldt]

Using WPA-PSK/AES with MAC filtering is a "belt and suspenders" way of securing your network.

There is more than one way to obtain unauthorized access. For most home networks, it is sufficient to limit the machines that are authorized (e.g., via MAC limiting), without getting to the "user" level.

Encryption is necessary to make it more difficult for strangers to snoop on your broadcast keystrokes.

The problem with this article is that it plants the idea that data encryption instigated/required by the WAP will prevent unauthorized access.

[COBOL2Java]

I have found networks that were unsecure and had the default password as admin!!

I can't tell you how many commercial systems I've worked on where they had the password set to 'password'! >:-0 Blows my mind...

[VeniVidiVici]

bump

[bwteim]

"If you have a wireless network, and its not encrypted, you're just plain loopy."

Bump

[clyde asbury]

bttt

[COBOL2Java]

MAC filtering is simple way to keep people out, not bullet proof.......nothing is, but its better than nothing and keeps the casual wardriver out. With MAC filtering the user will go to other unsecure networks.

Exactly. It's the same as securing your car or home from theft; let them go look for easier pickings. Sad to say, but you can hope that the crook will pass over your network because it's too difficult, and instead go over to your idiot neighbor's.

[.308 PSS]

I should post here more regularly, I like to read the posts but I do not have alot of time to post.

[maui_hawaii]

Is echelon a real thing?

----

Real. Very. Trust me.

[PogySailor]

It does make a hash of access control and packet protection. But then again I don't expect to high a level of technical detail in a newspaper. I didn't link to the article so I don't know if they referenced some other material on the subject.

Since WPA-PSK is one of the standard models of 802.11x, it does control access. If the client (or supplicant in 802.11x lingo) doesn't have the proper key, the WAP will not establish a connection. The data confidentiality is provided by TKIP (WPA) or AES-CCMP (WPA2). The PSK that controls access also is used as the seed for the packet encryption for both methods.

The problem I see with most (if not all) consumer WAP models is that out of the box they are "open" and most people don't bother to set up any authentication or encryption. And the documentation that comes with them (at least 6-8 months ago) isn't really straight forward with the need to change settings.

For instance, I found several open WAP's in my neighborhood when I was setting my WLAN up (scanning to see if I needed to change the WAP's channel) and helped them get locked down. The homeowners didn't know they were at any risk.

If I didn't do networks for a living (I'm a CCNP/CCDP) I'd have never known how important it is to change those defaults.

[Ranxerox]

BUMP and Bookmark for later

[Tunehead54]

Thanks! Actually we've got eight total but it works great! If the MAC address isn't on the list it doesn't get through the gateway! The two I mentioned were wireless PCs but it affects the wired PCs as well.

I was worried I'd have to add a couple of hubs but that was not necessary. Thanks again! ;-)

---

[FourtySeven]

I have a rock solid, 100% guaranteed way to secure my computer from unauthorized, Wi-Fi access: I don't USE Wi-Fi! Imagine that!

I never understood the appeal of it anyway. So you can sit on your porch while using your laptop? You can avoid hooking a simple cable into your computer at a coffee shop? WHOOPIE!

What's so taxing and challenging about running wires to where you normally would want to sit and work/play with your laptop? I mean, are Wi-Fi users literally walking around while they're online, and thus couldn't possibly use a cable/cord?

I already know the answer to that question, as my parents have Wi-Fi. But still, given these latests methods of theivery, if I were them I would look into just running wires to the most common points where they like to sit and work on the computer. I mean, why invite trouble?