General discussion

Locked

Wireless Security - Home

By BadSkippy ·
I set up a home wireless LAN with the following configuration using a popular wireless broadband router.

1. Changed default SSID.
2. Changed Default channel.
3. Enabled 256 bit WEP.
4. Disabled broadcasting of SSID.
5. Generated WEP key using random numbers, letters, & symbols. Also did the same when changing the default admin password.
6. Enabled Mac filtering.
7. Disabled DHCP
8. Disabled remote admin capability (must be connected to LAN to change settings.)
9. Enabled built-in NAT firewall.

I regularly xfer confidential information between hosts on this wireless segment.

I think it is bullet proof but I will be setting up this same configuration for several friends/family so I need to know SPECIFICALLY what vulnerabilitlies still exist, if any.

(Please, no generic responses like "nothing's bullet proof unless you unhook it from the net" or "yea, if you want to be safe, you got to get you one of those danged 'ol VPNs set up." The points will be given to anyone with specific vulnerabilities)

I look forward to your responses...

Thanks!

:-)


"May every spam you receive magically come true."
-Spencer F. Katt (eWeek)

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Wireless Security - Home

by Thamer In reply to Wireless Security - Home

What's the barnd name of your wireless LAN products? ... Based on what IEEE Ethernet standard?

Collapse -

Wireless Security - Home

by Thamer In reply to Wireless Security - Home

... at the time being, you may also want to read this PDF file on "Wireless LAN Risks and. Vulnerabilities" by. Richard A. Stanley, Ph.D., PE, CISSP
@http://www.isaca.org/wirelesswhitepaper.pdf

... start from page 7.

Collapse -

Wireless Security - Home

by BadSkippy In reply to Wireless Security - Home

Poster rated this answer

Collapse -

Wireless Security - Home

by BadSkippy In reply to Wireless Security - Home

Hello Thamer - thank you for your response.
Brand: D-Link
Standard: 802.11b

Collapse -

Wireless Security - Home

by Thamer In reply to Wireless Security - Home

BS,
Almost all warless deployments are, at this time, fundamentally insecure. this is not fear mongering; it is an accurate statement of the reality of the current state of security of warless 802.11-based environments. The only practical approach for any business to take is to assume that end-to-end security can only be provided outside the bounds of wireless infrastructure. That is, you should not count on the wireless environment for any protection of sensitive data. Failing to understand this is like you don't appreciate how truly open the wireless environment really is. Having said that,... lets look close on your setup ...
-Where are the WEP keys stored? ... a) On the client wireless card?(What happens if it got stolen?) ...b) On a local disk? (Is it possible for anybody to copy and use?)
- It requires only a modicum of CPU capability to determine your supposedly WEP encryption keys from your network traffic medium ... the Air
- Do you know that, by default, your MAC filtering table is empty? ... and it can be manually set by any client? Do you know that there are network devices that can "clone" valid MAC addresses?
- Did you install any shielding material to limit the range of your network?

.... Bottom-line,... what you have setup is more than you will need at home. The reason that you are safe with those to security measures in place is simple, if someone wants free access to a network/the internet there are many more places to get it, or steal it with absolutely ... no problems.

Let's wait and see what 802.11g (Probably next year)... will offer.

Take care.

Collapse -

Wireless Security - Home

by BadSkippy In reply to Wireless Security - Home

Poster rated this answer

Collapse -

Wireless Security - Home

by shmaltz In reply to Wireless Security - Home

As far as the technology goes you have set it up correctly. However, the most secure it can be is still not secure. It is secure against regular wireless cards that try to hook into your network, if however someone will just scan the airwaves he will eventually be able to find the SSID. Since if a node has problems connecting to the base (Access Point) it will rebroadcast the SSID unecrypted so it can find the AP.
This is not my idea, here in NYC someone was able to find more than 200 secure wireless Lans in midtown. If you need more info email me.

Collapse -

Wireless Security - Home

by shmaltz In reply to Wireless Security - Home

What I stated above is only regarding someone accessing your network and using it to access available resoureces on your network (like the internet). However since you enabled MAC filtering you are safe from this type of attack. However as I stated above you are only as secure as this technology allows you to be. Since this technology is not considered secure (it is very easy to break the encryption) people will be able to intercept the data if they want to.

Collapse -

Wireless Security - Home

by shmaltz In reply to Wireless Security - Home

BTW, you are only safe from someone hooking up to your network if he doesn't figure out the MAC address of any of your clients, if he does he can clone it.

Collapse -

Wireless Security - Home

by BadSkippy In reply to Wireless Security - Home

Poster rated this answer

Back to Security Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Security Forums