Wireless Network Security

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


I have a WAP54G v2 and I think I have it locked down pretty tightly altho
when I review the log for it it still says "Wireless PC connected..." on
occasion with different MAC addresses that are not associated with my
network. Here are the measures I've taken so far to secure my network:

WEP 128bit enabled
DHCP server in router off, all static IPs assigned to my systems starting
with 10.x.x.x
SSID Broadcast disabled and changed to something other than the default
'linksys'.
MAC filtering enabled
Using Channel 11
Using Shared Key

With this setup, 1. according to the log, are these 'wireless pcs' actually
connecting to my network or are these just failed attempts? and
2. Are there any other security measures I need to take or is this setup
about as secure as it gets?
Thanks for any info

--
A:\DOS\ver
 MS-DOS version 2.11
A:\DOS\_




Re: Wireless Network Security


Another Anonymous wrote:

>I have a WAP54G v2 and I think I have it locked down pretty tightly altho
>when I review the log for it it still says "Wireless PC connected..." on
>occasion with different MAC addresses that are not associated with my
>network. Here are the measures I've taken so far to secure my network:
>
>WEP 128bit enabled
>DHCP server in router off, all static IPs assigned to my systems starting
>with 10.x.x.x
>SSID Broadcast disabled and changed to something other than the default
>'linksys'.
>MAC filtering enabled
>Using Channel 11
>Using Shared Key
>
>With this setup, 1. according to the log, are these 'wireless pcs' actually
>connecting to my network or are these just failed attempts? and
>2. Are there any other security measures I need to take or is this setup
>about as secure as it gets?
>Thanks for any info
>
>  
>
Well, WEP is not secure (can be easily broken).

If you filter only to connect to specific MAC addresses, that's good.
Know that a MAC address can be spoofed.

Someone who really wants in can get in, but not easily.

WPA would be MUCH more secure.



Re: Wireless Network Security



> Another Anonymous wrote:
>
> >I have a WAP54G v2 and I think I have it locked down pretty tightly
altho
> >when I review the log for it it still says "Wireless PC
connected..." on
> >occasion with different MAC addresses that are not associated with
my
> >network. Here are the measures I've taken so far to secure my
network:
> >
> >WEP 128bit enabled
> >DHCP server in router off, all static IPs assigned to my systems
starting
> >with 10.x.x.x
> >SSID Broadcast disabled and changed to something other than the
default
> >'linksys'.
> >MAC filtering enabled
> >Using Channel 11
> >Using Shared Key
> >
> >With this setup, 1. according to the log, are these 'wireless pcs'
actually
> >connecting to my network or are these just failed attempts? and
> >2. Are there any other security measures I need to take or is this
setup
> >about as secure as it gets?
> >Thanks for any info

Could be failed access attempts, but the way it sounds, you are using
open system
instead of shared key (not disputing what you said). Open system
allows one to associate with the AP but not
authenticate to use the network. These associations are logged.
Shared key wont allow you to associate unless you have the key.
Open is supposedly more secure do to the 4 way handshake of shared.
In shared unencrypted challenge text is sent from the AP to the
client, the client then
encrypts it with the key. A hacker can then determine the key by
knowing the challenge
text, thus he knows your encryption key. Open system doesnt open this
door but
weakness in the IV allow it to be hacked anyway so damn if you do damn
if you dont.
WPA is the way to go if you use a good passphrase, otherwise it is
susceptible to dictionary
attacks.



Re: Wireless Network Security


Thanks for the info there. I would rather use WPA but I also have a WML11B
on my network and (unless I've missed something in the setup) it doesn't
seem to accept any form of security other than WEP. I have the latest
firmware in my WML11B but WEP is all that shows in the security setup menu.

>
>> Another Anonymous wrote:
>>
>> >I have a WAP54G v2 and I think I have it locked down pretty tightly
> altho
>> >when I review the log for it it still says "Wireless PC
> connected..." on
>> >occasion with different MAC addresses that are not associated with
> my
>> >network. Here are the measures I've taken so far to secure my
> network:
>> >
>> >WEP 128bit enabled
>> >DHCP server in router off, all static IPs assigned to my systems
> starting
>> >with 10.x.x.x
>> >SSID Broadcast disabled and changed to something other than the
> default
>> >'linksys'.
>> >MAC filtering enabled
>> >Using Channel 11
>> >Using Shared Key
>> >
>> >With this setup, 1. according to the log, are these 'wireless pcs'
> actually
>> >connecting to my network or are these just failed attempts? and
>> >2. Are there any other security measures I need to take or is this
> setup
>> >about as secure as it gets?
>> >Thanks for any info
>
> Could be failed access attempts, but the way it sounds, you are using
> open system
> instead of shared key (not disputing what you said). Open system
> allows one to associate with the AP but not
> authenticate to use the network. These associations are logged.
> Shared key wont allow you to associate unless you have the key.
> Open is supposedly more secure do to the 4 way handshake of shared.
> In shared unencrypted challenge text is sent from the AP to the
> client, the client then
> encrypts it with the key. A hacker can then determine the key by
> knowing the challenge
> text, thus he knows your encryption key. Open system doesnt open this
> door but
> weakness in the IV allow it to be hacked anyway so damn if you do damn
> if you dont.
> WPA is the way to go if you use a good passphrase, otherwise it is
> susceptible to dictionary
> attacks.
>




Re: Wireless Network Security



> Thanks for the info there. I would rather use WPA but I also have
> a WML11B on my network and (unless I've missed something in the
> setup) it doesn't seem to accept any form of security other than
> WEP. I have the latest firmware in my WML11B but WEP is all that
> shows in the security setup menu.
>
>>
>>> Another Anonymous wrote:
>>>
>>> >I have a WAP54G v2 and I think I have it locked down pretty
>>> >tightly
>> altho
>>> >when I review the log for it it still says "Wireless PC
>> connected..." on
>>> >occasion with different MAC addresses that are not associated
>>> >with
>> my
>>> >network. Here are the measures I've taken so far to secure my
>> network:
>>> >
>>> >WEP 128bit enabled
>>> >DHCP server in router off, all static IPs assigned to my
>>> >systems
>> starting
>>> >with 10.x.x.x
>>> >SSID Broadcast disabled and changed to something other than the
>> default
>>> >'linksys'.
>>> >MAC filtering enabled
>>> >Using Channel 11
>>> >Using Shared Key
>>> >
>>> >With this setup, 1. according to the log, are these 'wireless
>>> >pcs'
>> actually
>>> >connecting to my network or are these just failed attempts? and
>>> >2. Are there any other security measures I need to take or is
>>> >this
>> setup
>>> >about as secure as it gets?
>>> >Thanks for any info
>>
>> Could be failed access attempts, but the way it sounds, you are
>> using open system
>> instead of shared key (not disputing what you said). Open system
>> allows one to associate with the AP but not
>> authenticate to use the network. These associations are logged.
>> Shared key wont allow you to associate unless you have the key.
>> Open is supposedly more secure do to the 4 way handshake of
>> shared. In shared unencrypted challenge text is sent from the AP
>> to the client, the client then
>> encrypts it with the key. A hacker can then determine the key by
>> knowing the challenge
>> text, thus he knows your encryption key. Open system doesnt open
>> this door but
>> weakness in the IV allow it to be hacked anyway so damn if you do
>> damn if you dont.
>> WPA is the way to go if you use a good passphrase, otherwise it
>> is susceptible to dictionary
>> attacks.

The most important things in network security (wired or wireless) are
AUTHENTICATION and ENCRYPTION.

For a wireless network, the most secure is WPA (encryption +
authentication using a RADIUS server). However, most home users will
not have this, so the best available is WPA-PSK.

If you cannot use WPA-PSK for any reason then use WEP with Open
System authentication.

Note that there are several reasons why you may not be able to use
WPA-PSK, ranging from not all your devices supporting it to using a
WDS link (Wireless Distribution System, eg using a repeater or
wireless client bridge) where in general it will not work.

While there are known weaknesses in WEP, the ease of cracking its
encryption is often exaggerated. However, there is a serious weakness
in its authentication mechanism when using Shared Key authentication
which causes the exposure of both plaintext and matching ciphertext.  
If the traffic is sniffed, this allows the encryption key to be
easily deduced. So, although it does not have explicit
authentication, use Open System. Traffic from stations not correctly
encrypted with a valid key will be dropped, so you will be OK.

This (WPA-PSK or WEP with Open System authentication) should be all
you need.

Other points:
- ensure you change the router's logon and password details. You
don't mention this, but I guess you have done it...

- enable SSID broadcast. Attempts to hide it are *not* a security
measure. It is designed to be broadcast. Useful things will stop
working when it is disabled. It is *always* transmitted and cannot be
successfully hidden.

- MAC address filtering adds very little to your security. Sniffing a
valid MAC address and spoofing it is very easy, far easier than
cracking WEP encryption. By all means use it if it makes you feel
better, but it will be a false sense of security.

- using static IPs provides no security. IP addresses are always
transmitted and if the traffic is sniffed, a valid IP address can be
immediately deduced.

What you are doing with most of such attempts at security is
protecting yourself from your friendly next door neighbour, who is
likely harmless anyway. They provide *no* protection from anyone with
the right tools. And perhaps worst, they give you a false sense of
security.

I tend to rant a little about security. All of the measures which are
often recommended appear attractive - but I do wonder whether any
person who recommends them has ever tried a few practical experiments
which would soon demonstrate the fact that they are either worthless,
or offer very limited protection...

Hope this helps

--

Richard Perkin
To email me, change the AT in the address below
richard.perkinATmyrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is.  If you don't, it's its.  Then too, it's hers.  It isn't her's.
It isn't our's either.  It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News


Re: Wireless Network Security



> - enable SSID broadcast. Attempts to hide it are *not* a security
> measure. It is designed to be broadcast. Useful things will stop
> working when it is disabled. It is *always* transmitted and cannot be
> successfully hidden.

it is one more obstacle to overcome.  the typical wardriver is not
likely to bother finding the hidden ssids since the visible ones are so
plentiful.

as for things breaking,  most access points offer ssid hiding and users
are hiding them.  it really doesn't matter if it is out of spec or not,
the fact is, there *are* hidden ssids out there and software needs to
deal with it without breaking.

> - MAC address filtering adds very little to your security. Sniffing a
> valid MAC address and spoofing it is very easy, far easier than
> cracking WEP encryption. By all means use it if it makes you feel
> better, but it will be a false sense of security.

sure it can be spoofed, but it is yet one more obstacle.

> - using static IPs provides no security. IP addresses are always
> transmitted and if the traffic is sniffed, a valid IP address can be
> immediately deduced.

sure it can be sniffed but it is yet one more obstacle.  

also, if there is no traffic at the time the intruder is attempting to
connect, what is he going to sniff?

> What you are doing with most of such attempts at security is
> protecting yourself from your friendly next door neighbour, who is
> likely harmless anyway. They provide *no* protection from anyone with
> the right tools. And perhaps worst, they give you a false sense of
> security.

the more obstacles the better.  unless someone is specifically
targetting *you*, all that really matters is that it is harder to crack
than the network up the street.  

if they *are* targetting you, then you probably have bigger problems
than just the wireless network being compromised.  and if that is the
case, just unplug it.

> I tend to rant a little about security. All of the measures which are
> often recommended appear attractive - but I do wonder whether any
> person who recommends them has ever tried a few practical experiments
> which would soon demonstrate the fact that they are either worthless,
> or offer very limited protection...

every little bit counts. security comes in layers, and while any item
by itself may be trivial to breech, taken as a whole, it is more
secure.


Re: Wireless Network Security


Thanks for the info. I would rather use WPA but I also have a WML11B on my
network and (unless I've missed something in the setup) it doesn't seem to
accept any form of security other than WEP. I have the latest firmware in my
WML11B but WEP is all that shows in the security setup menu.

> Another Anonymous wrote:
>
>>I have a WAP54G v2 and I think I have it locked down pretty tightly altho
>>when I review the log for it it still says "Wireless PC connected..." on
>>occasion with different MAC addresses that are not associated with my
>>network. Here are the measures I've taken so far to secure my network:
>>
>>WEP 128bit enabled
>>DHCP server in router off, all static IPs assigned to my systems starting
>>with 10.x.x.x
>>SSID Broadcast disabled and changed to something other than the default
>>'linksys'.
>>MAC filtering enabled
>>Using Channel 11
>>Using Shared Key
>>
>>With this setup, 1. according to the log, are these 'wireless pcs'
>>actually connecting to my network or are these just failed attempts? and
>>2. Are there any other security measures I need to take or is this setup
>>about as secure as it gets?
>>Thanks for any info
>>
>>
> Well, WEP is not secure (can be easily broken).
>
> If you filter only to connect to specific MAC addresses, that's good. Know
> that a MAC address can be spoofed.
>
> Someone who really wants in can get in, but not easily.
>
> WPA would be MUCH more secure.
>




Site Timeline