Need wireless home network security advice

cantdrv55 · 09-19-2005, 11:16 PM

How do you secure your network at home? I noticed that I'm picking up two other networks while sitting in my dining room. Do you use a third party software like Norton Internet Security or are there settings in IE options I should use? Thanks.

Steve Carlton · 09-19-2005, 11:42 PM

I came across this today, and plan on implementing it myself...

http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2005/03/14/BUG39BO6J51.DTL

id10t · 09-20-2005, 04:37 AM

You want to do it on your wireless router. If your hardware supports it, use WPA (not wep), if not, use WEP wtih a complex key. Turn off broadcasting your SSID. If you only use one or two wireless devices, lock down your router to only accept connections from their MAC addresses.

legion · 09-20-2005, 05:03 AM

Quote:

Originally posted by id10t
If you only use one or two wireless devices, lock down your router to only accept connections from their MAC addresses.

That's what I did. I have one wireless card and my router is set up to only accept connections from that card. I'm also only using a "B" router, so the signal doesn't even reach the street (or my garage

)

spinner · spinner's Garage

Picking up other networks doesn't mean YOUR network is compromised. It just means the other networks are broadcasting (and possibly not secured). You already have WEP/WAP enabled and restricted access by MAC address. Just monitor regularly and don't worry - be aware.

Z-man · Z-man's Garage

Quote:

Originally posted by spinner
Just monitor regularly and don't worry - be aware.

Yep - that's the key. Regularly check the logs of the router for any suspicous websites, and check the 'attached devices' list.

In a area where there are lots of wireless routers in use, all you need to do is be the least easiest system to crack. IE: If someone else is running an unprotected network near you, and you're network is protected, chances are that other network will be hacked - not yours.

-Z-man.

VaSteve · 09-20-2005, 05:59 AM

How exactly do you hack into someone's computer using their wireless? I don't know enough of how this stuff works to know how people could get in....

Shaun @ Tru6 · 09-20-2005, 06:03 AM

Chris, what's your wireless router? Chances are it will have its security software and management control panel built in.

We use a belkin pre-N router for the office and it has great security/controls... all browser based.

Z-man · Z-man's Garage

Quote:

Originally posted by VaSteve
How exactly do you hack into someone's computer using their wireless? I don't know enough of how this stuff works to know how people could get in....

Quite easy - if you have a wireless card in your PC (or MAC), you can view what wireless networks are out there. (A list of names of the wireless networks will come up) If there is no password on a network, it is as simple as clicking on the network name, and voila, you're in. Now all you need to do is connect to the other PC's that are connected to the network (via network connections, file sharing...etc) and hack away. If a person didn't lock their network, chances are their file sharing options are wide open too.

-Z.

Joeaksa · 09-20-2005, 06:05 AM

Steve,

I travel for a living. Recently went to Chicago and the WiFi in the hotel was not working. I fired up the laptop and did a search and found no less than 6 WiFi networks in the area. Logged onto one of them that was not secured and downloaded my emails.

I am not a hacker but if I need access and there is a WiFi network around that is not secured I will use it. Most times its another hotel or business who has not secured their system.

If someone wants to get into another company or persons computer, if they have a unsecured WiFi network, thats a backdoor for a hacker. All of my WiFi system is secured with WEP 128 encription but many people just take the unit out of the box, plug it in and start using it.

The default password for most of them is "1234" and the hackers know this. Its listed on the support website for all of the routers/switch's firms and if someone has not changed the info its easy to get in.

JoeA

id10t · 09-20-2005, 08:19 AM

One thing to be careful of using other peoples connections is that they can sniff your traffic. And things like POP3 and IMAP mail send usernames/passwords in plain text.

When I use an "open" wireless - hotel, someone elses neighbors, etc - I just ssh to my home machine and tunnel everything over that encrypted connection. Cheap man's way of having a VPN.

skipdup · 09-20-2005, 08:26 AM

I've never understood this hacking thing. Using a network connection is very different from seeing files on anothers computer, right?

I have a hard enough time sharing files between W2K and WXP machines... And I know the passwords.

Does anyone know how to hack into another machine (assuming the entire system isn't opened to share with no passwords enabled)?

Is it as easy as the security people like to make it sound (in order to get you to buy a product)?

- Skip

bryanthompson · bryanthompson's Garage

turn off ssid broadcast, no password, mac address specific. Or use ssh keys.

masraum · 08:57 AM

Quote:

Originally posted by id10t
You want to do it on your wireless router. If your hardware supports it, use WPA (not wep), if not, use WEP wtih a complex key. Turn off broadcasting your SSID. If you only use one or two wireless devices, lock down your router to only accept connections from their MAC addresses.

I wrote a paper on wireless security recently, and I've worked on the security team at the Cisco Technical assistance center.

Like he said, use WPA if your equipment supports it. WEP can be hacked by anyone with some easily downloaded tools and directions from the internet in less than 15 minutes regardless of how complex the key is.

Also, turning off your SSID broadcast doesn't slow someone down that wants to get on your network. It will only make it more difficult for you to get on.

Setting your network up so that only your MAC address can get on will also not keep anyone down. They will just spoof your MAC which is easy to find.

There are two things to consider here. Are you worried about someone around you or their teenage kid hacking into your network to see what they can do or are you worried about your neighbor ending up using your network connection? If it's the second then some of these other steps will help with that, but they won't do anything for the local hoodlum that is trying to see if he can get your stuff.

For some really good info on the latest in wireless security check here

http://blogs.zdnet.com/Ou/ more specifically, go to page 3 and 4
http://blogs.zdnet.com/Ou/index.php?paged=3
http://blogs.zdnet.com/Ou/index.php?paged=4

masraum · 09-20-2005, 08:59 AM

No WEP encryption is enough, regardless of the size of the key

http://blogs.zdnet.com/Ou/?p=60

Quote:

May 12, 2005
WEP cracking for dummies
-Posted by George Ou @ 10:37 am

* Security

For those who still don't think it's a major problem to run WEP encryption on a wireless LAN, this is your final warning. Humphrey Cheung of Tomsnetworking has released a tutorial that can essentially be summed up as "WEP cracking for dummies". Every time I've written articles on the vulnerability of WEP, I almost always get some wise guy telling me that I'm full of it and that I'm exaggerating the ease with which WEP can be cracked. Now that WEP cracking is child's play, it's almost become a recreational sport for script kiddies and a primary tool of choice for hackers. Now anyone can break in to your WEP based wireless LAN with relative ease.

As I've warned earlier, any WEP based wireless LAN can be cracked in a matter of minutes. The current set of attacks are all implemented in a simple all-in-one CD that is available for free download over the web and it employs the latest packet injection techniques and advanced statistical analysis tools to rapidly recover WEP keys. Even 802.1x based enterprise wireless LANs that have relied on per-user per-session rotating WEP keys to mitigate the security threat are no longer safe because they too can be cracked wide open with just a little more effort. Corporations and homes must protect themselves with a minimum of WPA TKIP encryption but preferably use WPA2 AES encryption.

http://blogs.zdnet.com/Ou/?p=48

Quote:

April 1, 2005
FBI demonstrates 3 minute Wi-Fi hack
-Posted by George Ou @ 1:06 pm

* Security

For those of you who have been reading my blogs on a routine bases, it would come as no surprise to you that the FBI demonstrated the hacking of a wireless LAN in 3 minutes.? It was only last month that I blogged about how you can hack most wireless LANs in minutes with the very same techniques.? It's ironic that the FBI is not using some fancy top secret multi-million dollar device to snoop in on your wireless LAN but instead is using off-the-shelf hacking tools that are freely available on the Internet.

The lesson here is that it doesn't take some super hacker to break in to your home or business network, anyone can.? At the end of the linked article, the FBI gives some decent advice that is pretty much in line with the best practices for homes that I've also outlined.? I probably would have not talked about "network segregation" since that's well beyond the means of most small businesses and homes, but I would definitely recommend following their other recommendations.