General discussion

Locked

Why should I secure wireless connection?

By nebheprura ·
Using Windows XP with Qwest DSL modem and Linksys switch. Was having trouble getting laptop to access network, so while troubleshooting, unplugged switch power cord and restarted dsl modem. Now laptop works, plugged back in switch but terrified about wireless security. I will not be able to get back to location until weekend and am very worried about security for wireless network. Does the switch even have security? Does the dsl modem? Exactly what can happen if someone is using an unsecured wireless signal? How can anyone get to information on your computer through an unsecured wireless network, even if you have firewalls on your computers? Is WEP the best to use or is WPA? If anyone can answer these questions fully, my world would brighten tremendously.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Number33 In reply to Why should I secure wirel ...

ok. Two types of security for wireless, MAC Locking and WEP,WPA transmission security. MAC Locking lets you explicitly specify what MAC (or machines) can access your wireless network. WEP,WPA is transmission level security, hence all of the traffice between say your laptop and the wireless access point (router, ap etc) is encrypted which means no one can snoop the wireless network and "see" what you're doing or "see" your passwords. Using both MAC and WEP,WPA are good. Encryption ensures your web surfing is safe and MAC Locking keeps people from connecting to your network and then having the ability to attack your machines from inside your network (if using a router/firewall). It also keeps others from using your internet connection for things you wouldn't do (p2p sharing) but would be linked back to you. DISCLAIMER: Nothing is 100% fool proof and 100% secure.

Collapse -

by Nico Baggus In reply to Why should I secure wirel ...

MAC addresses are allways in the clear part of
the wireless packets. So if someone sniffs your
address, they can use that address later on.

WEP keys can be broken in 15 minutes max, you
will probably notice the attack or think you
realy have a bad connection. This was shown at a
ISSA event in 2005 I think by some FBI Guys. WPA
is minimum if you want some security. Running
IPSEC over that to connect to your servers is
even better.
Assume the Wireless part is equivalent to the
Internet.

I found a link to it.
http://www.tomsnetworking.com/2005/03/31/the_feds_can_own_your_wlan_too/

Kind regards,

Collapse -

by Nico Baggus In reply to

An additional URL on securing wireless
equipment.

http://www.connectedhomemag.com/HomeControls/Articles/Index.cfm?ArticleID=49176

Collapse -

by nebheprura In reply to Why should I secure wirel ...

Just saw that one of you said WPA is minimal security, yet I just spent twenty minutes reading article saying that WEP is full of security holes and WPA is supposedly the best with 802.11i. I was actually told that WEP was the best as well by a Qwest tech. What's going on here?

Collapse -

by westec77 In reply to Why should I secure wirel ...

Check you security settings via Qwest settings screen. Your provider will be able to tell you how to access these settings.

see ya @ www.sacramentocomputertechnician.com

Collapse -

by jon In reply to Why should I secure wirel ...

One reason opening up your wireless network is a bad idea is if someone is hoarking your bandwidth and doing illegal things under your IP address you're going to be held responsible.

Lock it down with a WEP key.

Collapse -

by evolvemind In reply to Why should I secure wirel ...

You can find clear discussions of wireless security online. A quick Google search on "WEP WPA WPA2" turned this article: http://www.openxtra.co.uk/articles/wpa-vs-wep.php).

Using any of these encryption methods provides a degree of protection. WEP is weakest, being easy to crack and being an afterthought layered onto the wireless protocols. Low end equipment may support only WEP. WPA is much stronger encryption (uses AES, which was approved by the NSA) and WPA2 is better yet. You will need recent equipment (wireless router, wireless adapters, etc.) to support WPA and WPA2. Some routers support WPA and WPA2 devices simultaneously. It is better to buy wireless components that all support the same encryption method. Many routers limit your network encryption method to the lowest form all of your adapters and other devices can support. (Wireless print servers often support only WEP and can, therefore, limit your whole network to WEP. Better to have a wired print server directly cabled to your router.)

There are a lot of other issues, but these were the ones that have mattered most in my home network. Also, you can and should use multiple protection methods together. Don't broadcast your SSID. Use MAC filtering. Learn how to use both the firewall in your router and a good software firewall (I have had good results for three years with ZoneAlarm Pro). Use good antivirus and anti-spyware scanner/cleaners.

Search Google and consider getting one or more good consumer oriented books. I have gotten useful info from:

1. Broadband Bible: Desktop Edition, (2004) by James E. Gaskin. ISBN 0-7645-6951-1.
Chapter 7 is a good introduction to network security for the non-engineer.

2. PC Magazine Wireless Solutions, (2005) by Neil Randall and Barrie Sosinsky. ISBN 0-7645-7438-8.

Collapse -

by sctang73 In reply to Why should I secure wirel ...

*As many others have already stated, the only wireless security scheme that is 100% foolproof is to NOT have a wireless network to begin with. You can only increase the level of difficulty of your WLAN to the point that MOST hackers would leave to find an easier target.

1. In my opinion, MAC filtering w/ WEP-128 is the minimum that home users should have.
-MAC filtering is the rough equivalent to having a VIP list. Not listed = no access. Problem w/ this is that MAC addresses can be easily "forged", much like using a fake ID. The "bouncer" does not know to match a face to a name. He just knows that the name you gave him is on the list, so he lets you in.
-WEP is basically the equivalent of a password. No password = no access. WEP 64 is the weakest, followed by WEP 128 and WEP 256. Some vendors (DLink) offer WEP 152. WEP stronger than MAC filtering, but not by much.
-There is also the issue of using a open or shared key. Open keys allow all wireless traffic to occur as long as you're authenticated & connected to the access point. Shared keys are better because traffic sent between wireless computers also require encryption, not just between the wireless computer & the access point.

2. WPA-PSK uses a higher level of encryption than WEP. It uses a passphrase as ossopse to a password or security key. Stronger than WEP or MAC alone, but still not perfect. Use WPA-PSK w/ MAC filtering if possible.

3. If you have no plans to use your wireless (despite having the option), TURN OFF your wireless antenna and REMOVE it. No signal = no access.
-If you are not able to turn off your antenna, then DISABLE the SSID broadcast. Your wireless network can still be sniffed out, but it won't be identified. The more a hacker has to guess, the more likely he will choose an easier target.

4. Lock down your DHCP scope. Offer a limited range of IP's or work without a DHCP scope if possible. Again, the less information you leave readily available, the more work a hacker nee

Collapse -

by nebheprura In reply to

Poster rated this answer.

Collapse -

by sctang73 In reply to Why should I secure wirel ...

*DISCLAIMER: the only wireless security scheme that is 100% foolproof is to NOT have a wireless network to begin with. You can only increase the level of difficulty of your WLAN to the point that MOST hackers would leave to find an easier target.

1. In my opinion, MAC filtering w/ WEP-128 is the minimum that home users should have.
-MAC filtering is the rough equivalent to having a VIP list. Not listed = no access. Problem w/ this is that MAC addresses can be easily "forged", much like using a fake ID. The "bouncer" does not know to match a face to a name. He just knows that the name you gave him is on the list, so he lets you in.
-WEP is basically the equivalent of a password. No password = no access. WEP 64 is the weakest, followed by WEP 128 and WEP 256. Some vendors (DLink) offer WEP 152. WEP stronger than MAC filtering, but not by much.
-There is also the issue of using a open or shared key. Open keys allow all wireless traffic to occur as long as you're authenticated & connected to the access point. Shared keys are better because traffic sent between wireless computers also require encryption, not just between the wireless computer & the access point.

2. WPA-PSK uses a higher level of encryption than WEP. It uses a passphrase as ossopse to a password or security key. Stronger than WEP or MAC alone, but still not perfect. Use WPA-PSK w/ MAC filtering if possible.

3. If you have no plans to use your wireless (despite having the option), TURN OFF your wireless antenna and REMOVE it. No signal = no access.
-If you are not able to turn off your antenna, then DISABLE the SSID broadcast. Your wireless network can still be sniffed out, but it won't be identified. The more a hacker has to guess, the more likely he will choose an easier target.

4. Lock down your DHCP scope. Offer a limited range of IP's or work without a DHCP scope if possible. Again, the less information you leave readily available, the more work a hacker needs to do to gain access.

Back to Security Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums