A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.comp.home-networking (UK home networking)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.comp.home-networking (UK home networking) (uk.comp.home-networking) Discussion of all aspects of computer networking in the home, regardless of the platforms, software, topologies and protocols used. Examples of topics include recommendations for hardware or suppliers (e.g. NICs and cabling), protocols, servers, and specific network software. Advertising is not allowed.

wireless security



 
 
Thread Tools Display Modes
  #1  
Old July 26th 05, 12:59 PM posted to uk.comp.home-networking
J
external usenet poster
 
Posts: 8
Default wireless security

Hi,

Just a few quick questions to ask about setting up a wireless router
securely. Just been reading the 'stealing neighbour signal' thread with
interest and made me wonder what I could do to make my wireless network
more secure.

1. I've changed the default SSID to something else and try to change
this regularly.

2. I've tried to hide the SSID (not broadcast it), but is there a way to
allow WinXP to automatically connect to this everytime it logs in (as a
non-admin account, which also leads me to another question regarding
WinXP, I'm using a non-admin account, this means that I have to manually
start up the 'Wireless Zero Configuration' as a service everytime I try
to connect. When using an Administrator account, there is no need to do
this. Is there a way to automate this?)

3. I'm using WEP as encryption. Or should I really be using something
else? All I want is an even balance between security and performance.

4. I'm used MAC filtering on router, the only incoming access allowed is
my laptop wireless MAC address, all others denied.

5. I've set up logging as well on router, and do check this from time to
time (when I can be arsed)

Is there anything else I could do? I have a Linksys Wireless G broadband
router (WRT54G).

By the way, where I live in my neighbourhood, I can see upto 4 different
wireless networks at one time, none of which have had their default SSID
changed and none are secure. People tend to just take the router out of
the box and plug it in, without any configuration. I personally think
it's upto the manufacturers to make security set by default.

Thanks for your help

J
  #2  
Old July 26th 05, 02:50 PM posted to uk.comp.home-networking
Bob Lawn
external usenet poster
 
Posts: 20
Default wireless security


"J" wrote in message ...
Hi,

Just a few quick questions to ask about setting up a wireless router
securely. Just been reading the 'stealing neighbour signal' thread with
interest and made me wonder what I could do to make my wireless network
more secure.

1. I've changed the default SSID to something else and try to change this
regularly.

2. I've tried to hide the SSID (not broadcast it), but is there a way to
allow WinXP to automatically connect to this everytime it logs in (as a
non-admin account, which also leads me to another question regarding
WinXP, I'm using a non-admin account, this means that I have to manually
start up the 'Wireless Zero Configuration' as a service everytime I try to
connect. When using an Administrator account, there is no need to do this.
Is there a way to automate this?)

if the name is hidden from 'browsing' it just needs to be typed in manually
when i've set up wireless access for people, i've just created a profile
with network name, encryption type key etc and then this profile is
automatically loaded when they log on.
i can't remember having to do any more than this.
the actual zero config service should be running all the time - not sure why
you need to restart it.
3. I'm using WEP as encryption. Or should I really be using something
else? All I want is an even balance between security and performance.

if you have the choice WPA is more secu some varieties of WEP can be
cracked in seconds
4. I'm used MAC filtering on router, the only incoming access allowed is
my laptop wireless MAC address, all others denied.

every little helps - but mac addresses can be set up in software i.e.
spoofed
5. I've set up logging as well on router, and do check this from time to
time (when I can be arsed)

Is there anything else I could do? I have a Linksys Wireless G broadband
router (WRT54G).

By the way, where I live in my neighbourhood, I can see upto 4 different
wireless networks at one time, none of which have had their default SSID
changed and none are secure. People tend to just take the router out of
the box and plug it in, without any configuration. I personally think it's
upto the manufacturers to make security set by default.

couldn't agree more
sounds like you're on the right track with this; the WPA encryption is the
biggest thing
Thanks for your help

J

bob


  #3  
Old July 26th 05, 07:48 PM posted to uk.comp.home-networking
John Steele
external usenet poster
 
Posts: 62
Default wireless security


"Bob Lawn" wrote in message
...

"J" wrote in message ...
Hi,

you need to restart it.
3. I'm using WEP as encryption. Or should I really be using something
else? All I want is an even balance between security and performance.


couldn't agree more
sounds like you're on the right track with this; the WPA encryption is the
biggest thing
Thanks for your help


I agree with the use of WPA if your wireless device supports it (mine
doesn't).

For maximum security feel free to try my free random key generator
http://www.soroban.co.uk/wepkeygen.htm

John Steele


  #4  
Old July 26th 05, 07:59 PM posted to uk.comp.home-networking
AAL
external usenet poster
 
Posts: 4
Default wireless security

I have set-up quite a few wireless networks in central London and all
are based upon WPA

With WPA my set-up is a RADIUS server for authentication (which can be
bolted onto your ADS or even use RSA security methods) and then use of
certificates for valid client machines - using TKIP (Temporary Key
Integral Protocol) the WEP key is changed every so many thousands of
packets/cycles.. again another added bonus is to reduce the signal
strength of a AP as not to leak the signal outside of the building.

Another method is to use the 802.11a standard (as most hackers would
assume all wifi networks are on the 802.11b/g standard - and the 'a'
standard not being very common)

I have done extensive testing with the above and it seems to be secure
and meets all the requirements for a WPA set-up.

Currently looking into WPA2


  #5  
Old July 26th 05, 10:40 PM posted to uk.comp.home-networking
myWIFIzone
external usenet poster
 
Posts: 8
Default wireless security


On top of that you could try our free WIFI blocking software at
http://www.myWIFIzone.com - now works with WPA.

  #6  
Old July 27th 05, 11:43 AM posted to uk.comp.home-networking
J
external usenet poster
 
Posts: 8
Default wireless security

AAL wrote:
I have set-up quite a few wireless networks in central London and all
are based upon WPA

With WPA my set-up is a RADIUS server for authentication (which can be
bolted onto your ADS or even use RSA security methods) and then use of
certificates for valid client machines - using TKIP (Temporary Key
Integral Protocol) the WEP key is changed every so many thousands of
packets/cycles.. again another added bonus is to reduce the signal
strength of a AP as not to leak the signal outside of the building.


Can you explain in detail how this can be done? I mean the use of
certificates. I also have no idea how you can reduce the signal strength
either. I saw no option on my Linksys router to do this.

Another method is to use the 802.11a standard (as most hackers would
assume all wifi networks are on the 802.11b/g standard - and the 'a'
standard not being very common)


Good idea, but this reduces performance as well, you need to keep a good
balance between security and performance. Anyway, Mine only support b/g,
so can't really do this.

I have done extensive testing with the above and it seems to be secure
and meets all the requirements for a WPA set-up.

Currently looking into WPA2


Thanks for your help
  #7  
Old July 27th 05, 11:43 AM posted to uk.comp.home-networking
J
external usenet poster
 
Posts: 8
Default wireless security

myWIFIzone wrote:
On top of that you could try our free WIFI blocking software at
http://www.myWIFIzone.com - now works with WPA.


Thanks, have downloaded it and will install it later tonight, will let
you know what I think of it.
  #8  
Old July 27th 05, 01:02 PM posted to uk.comp.home-networking
Bob Lawn
external usenet poster
 
Posts: 20
Default wireless security


"J" wrote in message ...
Bob Lawn wrote:


As for the wireless zero configuration service, it does run automatically,
but only if you're logged in with admin privileges. Otherwise, it doesn't
start up and you have to do this manually. I'm just trying to see if
there's a way to start it up even when using a non-admin account.

on my kids machine it runs all the time - and they're no admins!
what often happens is that the card manufacturers software can
(deliberately) stop the service and the latter may be started automatically
at user login.
you can usually use either ms zero config or the manufacturers s/w, but not
both.
perhaps its that.

bob


  #9  
Old July 27th 05, 03:20 PM posted to uk.comp.home-networking
J
external usenet poster
 
Posts: 8
Default wireless security

Bob Lawn wrote:
"J" wrote in message ...

Bob Lawn wrote:


As for the wireless zero configuration service, it does run automatically,
but only if you're logged in with admin privileges. Otherwise, it doesn't
start up and you have to do this manually. I'm just trying to see if
there's a way to start it up even when using a non-admin account.


on my kids machine it runs all the time - and they're no admins!
what often happens is that the card manufacturers software can
(deliberately) stop the service and the latter may be started automatically
at user login.
you can usually use either ms zero config or the manufacturers s/w, but not
both.
perhaps its that.

bob


Thanks for that Bob, the thing is my laptop comes with a built in
wireless adaptor, I have yet to find software specific for it installed,
so I can configure it to my liking (I'll have to check the CDs that came
with it though, it might be there), and if others don't get the problem
I do, then it must be a manufacturer thing. It's not much of a problem
though, it only takes a second to switch the zero wireless thingy on.
I'll google for it tonight to see if I find anything. Thanks again.
  #10  
Old July 27th 05, 04:24 PM posted to uk.comp.home-networking
Andrew Oakley
external usenet poster
 
Posts: 37
Default wireless security

On Tue, 26 Jul 2005 12:59:37 +0100, J wrote:
3. I'm using WEP as encryption. Or should I really be using something
else? All I want is an even balance between security and performance.


As others have pointed out, WPA is much preferred over WEP for
encryption and authentication. Most WEP can be cracked in half a
minute.

However, if WEP is all that is available to you, as it was for me, you
could consider running a Virtual Private Network (VPN) which is what I
have done.

You can create a VPN from Windows 2000, Windows XP, Linux and other
operating systems. In order to make it secure, you have to have your
WiFi access point SEPERATE from your broadband router, with a computer
(which we'll call the "server") in between the two.

The server has to have TWO network cards, one for the WiFi alone and
one for the rest of the network including the Broadband router.

On Linux you then run PPTPd and NAT to translate between the two. If
you're running Linux then I'll presume you're geeky enough to figure
out the rest of the details, but you can look at my solution he
http://www.nam-vets.org/frampton/hotspot-howto.php

Note that my solution allows limited 128kbit/sec access to the web for
non-VPN users. If you want to completely deny access for non-VPN users
then just comment out my firewall lines permitting port 80, 23 etc.

On Windows XP, you will need to create a firewall to prevent people on
the Access Point getting to the Server without going through the VPN.
So block everything except port 1723 which is the VPN port. Then
create a VPN Server to allow people to come in through the VPN only
and join the LAN and access the broadband router as their gateway. You
can find out more about how to do this he
http://www.onecomputerguy.com/networ...vpn_server.htm

4. I'm used MAC filtering on router, the only incoming access allowed is
my laptop wireless MAC address, all others denied.


MAC filtering does a good job of making WEP more difficult to defeat.
It is still possible but requires a lot more work. Basically the
attacker has to sniff out your laptop's MAC address and spoof that. If
you have someone that determined passing by your network regularly,
you really should consider moving to a quieter neighbourhood.

Is there anything else I could do? I have a Linksys Wireless G broadband
router (WRT54G).


There are a number of third-party firmwares which can "upgrade" this
router to give you more security options. Google for "wrt54g firmware"
but be aware that firmware from any company other than Linksys will
invalidate your warranty. Changing firmware is not recommended unless
you are technically competent and confident. In particular I'd make
sure you have another method of accessing the internet for help in
case you screw up your router.

By the way, where I live in my neighbourhood, I can see upto 4 different
wireless networks at one time, none of which have had their default SSID
changed and none are secure. People tend to just take the router out of
the box and plug it in, without any configuration. I personally think
it's upto the manufacturers to make security set by default.


I think it's good that the manufacturers encourage people to be
community spirited by sharing their bandwidth with their neighbours.
However the manufacturers should find a way to do this without leaving
internal networks insecure. For instance, access to the LAN should be
denied by default on broadband routers; the default subnet should be
255.255.255.255 so that all routes go to the Internet and access to
the LAN is not available until WPA is turned on.


--
Andrew Oakley andrew/atsymbol/aoakley/stop/com
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireless security Mr T uk.telecom.broadband (UK broadband) 30 January 13th 06 04:52 PM
Wireless security Doz uk.telecom.broadband (UK broadband) 0 October 2nd 05 02:00 AM
wireless security setp help peakie uk.comp.home-networking (UK home networking) 1 October 28th 04 12:26 PM
802.1x wireless security rw uk.telecom.broadband (UK broadband) 0 September 23rd 03 12:25 PM
Wireless internet security Den uk.comp.home-networking (UK home networking) 0 July 7th 03 04:54 AM


All times are GMT +1. The time now is 07:49 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.