1. Home
  2. Wireless Networking
  3. CNN website has special on wireless and security

CNN website has special on wireless and security

OK... Let's start...

First, it's missing the major error of not changing the default password. Most people just connect their wireless router or access point and that's it. I wonder if anyone has ever uploaded modified firmware onto someone else's router.

Then, there's the turn off SSID broadcasts part. Doing so will make it very difficult to connect to your network under Windows XP when using the built-in wireless service. In addition, turning off SSID broadcasts makes it more difficult to choose broadcast channels that do not overlap with other wireless networks.

There's the "not changing the SSID means an intruder can access your network and the contents of your hard drive, including any personal data" part. That's not the case if you are have properly set up your firewall and/or have password protected network access to your computer. In addition, changing your SSID does not at all prevent people from accessing your network or computer. Ideally, you would also want to use an SSID that in no way identifies that it is your network (actually, the default "default" used by some devices works pretty well).

WEP is no good. It would be nice if CNN would mention the better alternative, WPA, by name. All new wireless hardware should support it and people should only buy those products. These days, buying something that only supports WEP does not make sense.

MAC addresses can easily be spoofed and you would not want to protect a corporate network by merely restricting access to certain MAC addresses.

Turning off DHCP does not help. In fact, if you're using your laptop on the road, you need to configure it to obtain its address via DHCP. The only time it helps to not use DHCP at home is when you have a wireless printerserver or other network devices that you have to connect to by IP address. In those cases, you would still leave DHCP on but assign those devices an IP address below the assignable range.

Finally, the easiest way to keep people off your network is to use WPA with a long passphrase (say at least 20 letters where one word is not a real word). However, this will not shield you from people connecting to your network over the Internet. In this case, putting your computer behind a router helps a lot.

-Yves

Reply to
Yves Konigshofer
Loading thread data ...

formatting link
An interesting read anyway.

- Sandy

Reply to
Sandy A. Nicolaysen

Which (predictably) repeats the current myths about wireless security.

Reply to
Neill Massello

Since I'm new to wireless, could you point out which are the myths? I don't mean quote the articles or anything, just which parts of the technology they are wrong about. I'm NOT being a smartass here. I'm really curious. Thanks, Neil, for any info.

- Sandy

Reply to
Sandy A. Nicolaysen

The only real security for wireless networks comes from encryption. The best is WPA, but even weak (40-bit) WEP is better, much better, than no encryption at all. Once you've enabled encryption (with a key that can't easily be guessed), you have secured your network from all but serious, sophisticated hackers willing to spend some time to crack your network. Such hackers will not be deterred, or even much slowed, by a hidden SSID, disabled DHCP, or enabled MAC filtering.

SSID, MAC, and addressing can be used to manage access by friendly users to wireless networks, but they're essentially useless as security precautions against an attack by an outsider. To use analogies, encryption is the heavy-duty deadbolt lock on the front door, and the other measures (SSID, etc) are those little collapsible gates used to keep Baby away from the stairs.

Reply to
Neill Massello

Thank you very much, Yves! I suspected the DHCP thing was questionable.

Too bad my Linksys BEFW11S4 doesn't support WPA. :(

Hmmm...maybe time to upgrade. :/

Regards,

- Sandy

Reply to
Sandy A. Nicolaysen

IMHO, Yves exaggerates when he says WEP is no good. It's not as good as WPA, but it still takes time -- and a lot of network traffic -- to crack

128-bit WEP. If you use a "nonsense" key and change it periodically, your network should be reasonably safe from all but the most determined attacker.

Before you upgrade your wireless router, make sure that the wireless adapters in your computers are also capable of WPA. Older ones may not be.

There are no absolutes in computer security. It's always a balance of costs and benefits. Unless you think you're a likely target of serious snooping, I don't see the need to spend money right away just to get WPA.

Reply to
Neill Massello

Not necessarily. You can protect yourself by other means, depending on the resources available to you.

If you're always connecting to a corporate network via a Windows server, you could enable secure connections and/or authentication, or create VPN tunnels to bridge the wireless network. When properly setup, anyone breaking the WEP encryption to access your 802.11b subnet will find themselves lost in a data island where nobody talks to strangers and there's nothing worth having.

Sort of like trying to break into the bank vault and winding up in Denny's ...

HTH.

William

Reply to
William Warren

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.