How safe us my wireless network

Subscribe to: alt.internet.wireless for expert opinions :)

Hehe fair enough :)

wep can be cracked, if your device supports it, use wpa with a long

20+ character string. Also disable the advertisement (actual setting varies). But basically you can stop it from being visible as an available wireless network so only people who know its their can connect to it.

Flamer.

I've cracked WEP keys before... takes about 2 minutes after you find a good packet to inject... it's like asking for something and them handing it right over...

WPA/WPA2 just take a while longer, like days.... anyone who is persistent enough and with the right tools will break into anything...

use alphanumeric and special characters, and if your WAP(Wireless Access Point) does it, use spaces too....

RedForeman

Am Mon, 14 May 2007 05:30:18 -0700 schrieb RedForeman:

Secure it via IPSec, thats defently the most secure WLAN.

IPSec is good, but like a VPN, it carries a higher overhead, and would surely slow things down noticably... It's widely known that using WPA2 is the way to go, using a passphrase with spaces and punctuation... "This is my secure password for wireless networks."

Am Tue, 15 May 2007 05:35:43 -0700 schrieb RedForeman:

It is VPN, the overhead are 20 Bytes (IP Header) so you don't feel a difference.

The list isn't bad at all but it's pretty easy to detect the frequency and

2,4 GHz is mostly WLAN, now recording traffic and analyze it. The goal is reached if you can get only parts of the traffic, especially the payload is interesting watching for credit card numbers from banking sessions etc. The other side is if somebody got the key he sniffs all of your traffic because the payload isn't encrypted anymore. IPSec works on Layer IP your tcp packet is encrypted and if you use AH your data is still secure if somebody find out your key. You have with IPSec more ecryptions and hash algorythms, IKE/ISAKMP rekeys alone etc. It's only an option you could use if you want, I use it since 2 years with certifcate based authentification and I had never problems. I rebuild the antenna and built an amplifier so I can reach my brother in law on a stable connection (his app. is over the street round about 100m). cya

NetStumbler...Ethereal....or Airodump.... AirCrack.... Aireplay

TCPDump

this to me lends itself to user error, headaches, and problems... keys, keys, keys....

Ok, good clarification... but IMO, too many variables... I think....

You've got 2 schools of thought....IMO.... (i say that alot....)

1. Easy to manage - less secure - WPA2-TKIP or even WPA is enough to keep out 'most' kiddies...
2. Harder to manage - more secure - IPSec over a VPN on a wireless connection...

~90% of people will fall into the first category, and that most people aren't saavy enough to know how to implement IPSec over a VPN... ~5% of the remainder want to be especially secured - paranoid users, scared to do banking online, purchase over the internet, etc... ~3% know it's ok, just be smart about surfing, email, etc.... ~2% are the exception, IMO... who know more than your average bear, implement the most stoutest of security measures, and believe that they are secured...

you my friend, are without a doubt, the 2% of ppl... and I'm not... I'm in the 3% group, that is smart, but lazy about implementing....

RedForeman

That is probably for the paranoid. You have forgot to use a public IP network inside your LAN. Pick one which you know you will never try to access (e.g. the Communicy College of Timbuktu) and use their IP address range. If someone hacks into the LAN he will usually first scan for the private address ranges... Also remember to setup strict LAN filtering on all computers connected to accept only traffic from IP addresses of your computers. Also you should actually add you honeypot DHCP server in the LAN. A DHCP server which hands out an IP address to any one who wants one and rings the alarm immediately if someone does because all your computers are static IP...

The problem with this checklist is that is is only really useful for people who know what they are doing. The average person may be able to set it up initially. But then, a year later they want to add a new laptop and then the trouble stars. They have to remember exactly what they have to do to get it in: they have to manually enter the SSID, the encryption key, to assign a static IP address, get access to the router configuration, remember the router password, find the mac filtering function again, add the mac address...

For the average user, all he needs is a good preshared key with WPA or WPA2. Anyone, you has the power or knowledge to break WPA or WPA2 at the moment won't be kept off by the rest of the list...

Gerald

You mistyped "millennia"¹.

cu

59cobalt  ¹ provided we're talking about WPA with a good (strong) passphrase.

Can't confirm that.

Actually that's a bad passphrase, because it's prone to dictionary-based attacks that compose passphrases of words rather than characters.

Actually the list isn't that good.

WPA is a good security measure against intruders as long as you're using a strong passphrase (50+ characters, mixed case, digits, special characters).

Pointless.

Pointless, plus increases your administrative overhead.

If by "obscure" you mean "strong" then yes.

Pointless.

Nothing wrong with that. Helps saving the environment, too.

cu

59cobalt