Guru3D.com Forums

Go Back   Guru3D.com Forums > Hardware > Network questions and troubleshooting
Network questions and troubleshooting Does it work or doesn't it ? Discuss it here.



Reply
 
Thread Tools Display Modes
Six quick wireless security tips
Old
  (#1)
Finchwizard
Don Apple
 
Finchwizard's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default Six quick wireless security tips - 12-23-2004, 03:27 | posts: 16,440 | Location: Locked in Guru3D Server Room. Help!

Plan antenna placement
The first step in implementing a closed wireless access point is to place the access point's antenna in such a way that it limits how much the signal can reach areas outside the coverage area. Don't place the antenna near a window, as the glass does not block the signal. Ideally, your antenna will be placed in the centre of the area you want covered with as little signal leaking outside the walls as possible. Of course, it's next to impossible to completely control this, so other measures need to be taken as well.


Use WEP/WPA
Wireless encryption protocol (WEP) is a standard method to encrypt traffic over a wireless network. While it has major weaknesses, it is useful in deterring casual hackers. Many wireless access point vendors ship their units with WEP disabled in order to make the product installation easier. This practice gives hackers immediate access to the traffic on a wireless network as soon as it goes into production since the data is directly readable with a wireless sniffer.


Change the SSID and disable its broadcast
The Service Set Identifier (SSID) is the identification string used by the wireless access point by which clients are able to initiate connections. This identifier is set by the manufacturer and each one uses a default phrase, such as "101" for 3Com devices. hackers that know these pass phrases can easily make unauthorised use of your wireless services. For each wireless access point you deploy, choose a unique and difficult-to-guess SSID, and, if possible, suppress the broadcast of this identifier out over the antenna so that your network is not broadcast for use. It will still be usable, but it won't show up in a list of available networks.


Disable DHCP
At first, this may sound like a strange security tactic, but for wireless networks, it makes sense. With this step, hackers would be forced to decipher your IP address, subnet mask, and other required TCP/IP parameters. If a hacker is able to make use of your access point for whatever reason, he or she will still need to figure out your IP addressing as well.


Disable or modify SNMP settings
If your access point supports SNMP, either disable it or change both the public and private community strings. If you don't take this step, hackers can use SNMP to gain important information about your network.


Use access lists / MAC Filtering
To further lock down your wireless network, implement an access list, if possible. Not all wireless access points support this feature, but if yours does, it will allow you to specify exactly what machines are allowed to connect to your access point. The access points that support this feature can sometimes use Trivial File Transfer Protocol (TFTP) to periodically download updated lists in order to prevent the administrative nightmare of having to sync these lists on every unit.
Using MAC address filtering also improves your security drastically.

Last edited by Finchwizard; 12-23-2004 at 03:31.
   
Reply With Quote
 
Old
  (#2)
GKZ
Maha Guru
 
GKZ's Avatar
 
Videocard: XFX Radeon 4890 1GB
Processor: AMD Phenom II X4 955
Mainboard: ASUS M4A79T Deluxe
Memory: CORSAIR XMS3 8GB
Soundcard: Integrated; Altec Lansing
PSU: SeaSonic M12 SS-700HM 700
Default 03-15-2005, 04:47 | posts: 801 | Location: Troy, Ohio

I'd really like to suggest a simple solution (also promoting Finchwizard's MAC filtering idea)..

If you have a small network (like one, maybe up to 10, maybe even more) the BEST way is to quite simply allow ONLY the MAC addresses you put into the router. Linksys routers can hold up to 25 at least. This is a 100% chance that everyone on your router is either wired in, or has been manually put in. This really is a fantastic tool...

AFAIK all Linksys' routers have this, I'm sure that others do...
   
Reply With Quote
Old
  (#3)
Finchwizard
Don Apple
 
Finchwizard's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 03-15-2005, 04:51 | posts: 16,440 | Location: Locked in Guru3D Server Room. Help!

Yeah, network I'm on has about 10 laptops with Wireless, I always Add the MAC addresses and ONLY allow access to anything via those.

Very good, lets you keep track of who wants access too.
   
Reply With Quote
Old
  (#4)
AJČ06
Ancient Guru
 
AJČ06's Avatar
 
Videocard: GeForce GT 330M 512MB
Processor: Intel Core i5 - 520M
Mainboard: Intel PM55 Express-M
Memory: 4BG DDR3/1066
Soundcard: Realtek HD
PSU: 108w
Default 10-16-2005, 22:42 | posts: 4,852 | Location: USA

Im confused.... and Im about to get a wireless network started... :woried:
   
Reply With Quote
 
Old
  (#5)
AJČ06
Ancient Guru
 
AJČ06's Avatar
 
Videocard: GeForce GT 330M 512MB
Processor: Intel Core i5 - 520M
Mainboard: Intel PM55 Express-M
Memory: 4BG DDR3/1066
Soundcard: Realtek HD
PSU: 108w
Default 12-21-2005, 21:18 | posts: 4,852 | Location: USA

OMG... HEY a question. I kinda understand things now but I ran into a major problem... I have a neatgear wireless card and it connects to the network [I can access my shared files], but I cant use the internet on that laptop... what am I doing wrong. THANX Finch...

ps... I know this might be what u guys consider thread hijacking...
   
Reply With Quote
Old
  (#6)
Finchwizard
Don Apple
 
Finchwizard's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 12-21-2005, 21:54 | posts: 16,440 | Location: Locked in Guru3D Server Room. Help!

It is, but make sure your DNS Servers are set to point to your Router.
   
Reply With Quote
Old
  (#7)
AJČ06
Ancient Guru
 
AJČ06's Avatar
 
Videocard: GeForce GT 330M 512MB
Processor: Intel Core i5 - 520M
Mainboard: Intel PM55 Express-M
Memory: 4BG DDR3/1066
Soundcard: Realtek HD
PSU: 108w
Default 12-21-2005, 23:26 | posts: 4,852 | Location: USA

Quote:
Originally Posted by Finchwizard
It is, but make sure your DNS Servers are set to point to your Router.
The routers IP?... right. It is like that and its still a no go...
   
Reply With Quote
Old
  (#8)
GKZ
Maha Guru
 
GKZ's Avatar
 
Videocard: XFX Radeon 4890 1GB
Processor: AMD Phenom II X4 955
Mainboard: ASUS M4A79T Deluxe
Memory: CORSAIR XMS3 8GB
Soundcard: Integrated; Altec Lansing
PSU: SeaSonic M12 SS-700HM 700
Default 12-22-2005, 00:13 | posts: 801 | Location: Troy, Ohio

Quote:
Originally Posted by AJČ06
The routers IP?... right. It is like that and its still a no go...
Since you're on a small network, a static IP should be no problem for you (in fact more of a convenience). Simply go to your WLAN's protocol properties (which should be titled Internet Procotol TCP/IP). Specify the IP address that DHCP leased you, then for DNS servers...

I generally do one of two methods:
-Get on your desktop (which has Internet, I'm assuming, and in the prompt type: tracert www.google.com Copy two of the IP addresses (I suggest the third and fourth hop) and put them into your DNS entries on your lappy's WLAN.

-Google your ISP's DNS servers, and use those.
   
Reply With Quote
Old
  (#9)
SniperDaws
Banned
 
Videocard: XFX7600GTXXX Zalman Vf900
Processor: Opteron 146 @ 2.61 Ghz
Mainboard: Asrock Dual SATA2
Memory: 2gig Geil Value @ 223Mhz 2.60v
Soundcard: Audigy 2 + Altec Lansing MX-5021 2.
PSU: Hiper Type M 730w
Default 12-22-2005, 08:06 | posts: 2,565 | Location: UK

Might be a good idea to let people know they can change there default router address aswell as another security measure, ive only just realised you can change it from the default 192.168.0.1.

Last edited by SniperDaws; 12-22-2005 at 08:18.
   
Reply With Quote
Old
  (#10)
Finchwizard
Don Apple
 
Finchwizard's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 12-22-2005, 10:35 | posts: 16,440 | Location: Locked in Guru3D Server Room. Help!

Hey mate, sorry, I'm actually on holidays, haven't spent much time near a computer.

You can change the default IP, not a huge advantage though, changing default passwords definitely though.
   
Reply With Quote
Old
  (#11)
SniperDaws
Banned
 
Videocard: XFX7600GTXXX Zalman Vf900
Processor: Opteron 146 @ 2.61 Ghz
Mainboard: Asrock Dual SATA2
Memory: 2gig Geil Value @ 223Mhz 2.60v
Soundcard: Audigy 2 + Altec Lansing MX-5021 2.
PSU: Hiper Type M 730w
Default 12-22-2005, 18:24 | posts: 2,565 | Location: UK

No probs mate i know how it is, ill be asking questions after new year though.....lol
   
Reply With Quote
Old
  (#12)
AJČ06
Ancient Guru
 
AJČ06's Avatar
 
Videocard: GeForce GT 330M 512MB
Processor: Intel Core i5 - 520M
Mainboard: Intel PM55 Express-M
Memory: 4BG DDR3/1066
Soundcard: Realtek HD
PSU: 108w
Default 12-22-2005, 23:01 | posts: 4,852 | Location: USA

YES>... I got it now. I contacted the SBC ppl and they told me to change this and that and I had to changes the values of my IP and DNS servers to the ones they gave me. ANY idea why that would change all of a sudden? I mean before I had the values on "automatic".... HMMM>>>>???
   
Reply With Quote
Old
  (#13)
Kon$olE
Ancient Guru
 
Kon$olE's Avatar
 
Videocard: EVGA GTX 1060 6GB - eGPU
Processor: i5 2540m
Mainboard: x220
Memory: 2x4GB Crucial 1866Mhz
Soundcard:
PSU: Dell DA-2
Default 12-22-2005, 23:16 | posts: 3,900 | Location: Canada, eh?

I cant understand all the hoop-lah (or however you speel that...) about wireless security. Maybe its cause i live in a place were im 100% sure nobody will/knows how to hack, but i dont see the purpose. Many of the houses surrounding me also have wireless, and i occasionaly get their signal.

What could someone do with an unprotected signal? Wouldnt the security depend mostly on the computer they are trying to damage/infect?
   
Reply With Quote
Old
  (#14)
Finchwizard
Don Apple
 
Finchwizard's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 12-22-2005, 23:42 | posts: 16,440 | Location: Locked in Guru3D Server Room. Help!

They can use your Internet connection, scan your computers, get into your computers, use them as Spam relays, upload virus's to send out, you name it really.

It's not hard if you know what your doing, and it's just a safety precaution, you should secure it regardless.
   
Reply With Quote
Old
  (#15)
Kon$olE
Ancient Guru
 
Kon$olE's Avatar
 
Videocard: EVGA GTX 1060 6GB - eGPU
Processor: i5 2540m
Mainboard: x220
Memory: 2x4GB Crucial 1866Mhz
Soundcard:
PSU: Dell DA-2
Default 12-23-2005, 05:04 | posts: 3,900 | Location: Canada, eh?

Undersandable, really. Its nice to know that your safe from thing/people like that, even if it takes a bit to do it.
I like to think im providing a service by leaving it open, kinda like im donating an internet connection to those who dont have one.

I guess i'll follow the above tips tommorow.
   
Reply With Quote
Old
  (#16)
Clements
Maha Guru
 
Clements's Avatar
 
Videocard: Geforce GTX 670
Processor: Intel i5 4650K
Mainboard: MSI Z87 GD45
Memory: 16GB DDR3-1600
Soundcard: Realtek ALC1150
PSU: Antec Trupower 850W
Default 12-23-2005, 05:15 | posts: 903 | Location: Britain

Too many people leave their wireless networks completely unprotected, and it's very easy to steal their connection - especially with wireless now the standard on laptops. This is a good tutorial to help stop the leechers from tapping in. At home, I personally use a wired network as for me it worked out much cheaper, as my computers were both equipped with Gigabit Ethernet and are in the same room.
   
Reply With Quote
Old
  (#17)
Advis
Maha Guru
 
Advis's Avatar
 
Videocard: XFX GeForce 6600GT 128mb
Processor: AMD Athlon XP 3000+ @ 2.2 Ghz / 400
Mainboard: Shuttle SN45G nForce 2 Ultra 400
Memory: 2 x 512mb Crucial DDR400
Soundcard: Creative Audigy 4 & Logitech Z-640
PSU: Shuttle SilentX 250W
Default 03-18-2006, 15:24 | posts: 907 | Location: The Glorious hills of Yorkshire.

This could do with updating a bit. I have a few pointers If you want to discuss Finchwizard?
   
Reply With Quote
Old
  (#18)
Finchwizard
Don Apple
 
Finchwizard's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 03-19-2006, 10:00 | posts: 16,440 | Location: Locked in Guru3D Server Room. Help!

Actually they are still valid.

Only thing that may have changed is WEP, although I'm not a user of WAP or anything.
   
Reply With Quote
Old
  (#19)
Advis
Maha Guru
 
Advis's Avatar
 
Videocard: XFX GeForce 6600GT 128mb
Processor: AMD Athlon XP 3000+ @ 2.2 Ghz / 400
Mainboard: Shuttle SN45G nForce 2 Ultra 400
Memory: 2 x 512mb Crucial DDR400
Soundcard: Creative Audigy 4 & Logitech Z-640
PSU: Shuttle SilentX 250W
Default 03-19-2006, 14:33 | posts: 907 | Location: The Glorious hills of Yorkshire.

Most are still valid. The part about WEP needs changing : it's very insecure any anybody can break it with the right tools. WPA is better if you use a 63 charecter key, but it is still not perfect in all respects. Also MAC address spoofing relegates MAC filtering more or less down to idiot proofing a network.
   
Reply With Quote
Old
  (#20)
aircool
Don Aircooleone
 
aircool's Avatar
 
Videocard: Zotac GTX 560 Ti 448 Core
Processor: Intel i5 2500K @ Stock
Mainboard: ASUS P8Z68-V LX
Memory: Corsair 8GB @ 1600
Soundcard: ALC887 - Inspire P580.
PSU: Antec TruePower New 650W
Default 03-19-2006, 20:56 | posts: 13,735 | Location: Devon, In A Little Town.

if you want to increase your range outside place your router near a window as it radiates the signal and thus better range
   
Reply With Quote
Old
  (#21)
Finchwizard
Don Apple
 
Finchwizard's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 03-19-2006, 22:00 | posts: 16,440 | Location: Locked in Guru3D Server Room. Help!

Haha dude, as an Systems Administrator, nothing is full proof, there are tools out there that can crack both just as easy.

But for the average joe, WEP (As opposed to nothing) and MAC filtering is fine, those tips will still secure your network down than a lot of peoples networks.
   
Reply With Quote
Old
  (#22)
aircool
Don Aircooleone
 
aircool's Avatar
 
Videocard: Zotac GTX 560 Ti 448 Core
Processor: Intel i5 2500K @ Stock
Mainboard: ASUS P8Z68-V LX
Memory: Corsair 8GB @ 1600
Soundcard: ALC887 - Inspire P580.
PSU: Antec TruePower New 650W
Default 03-20-2006, 16:18 | posts: 13,735 | Location: Devon, In A Little Town.

there are a lot of tools out so be careful
   
Reply With Quote
Old
  (#23)
SniperDaws
Banned
 
Videocard: XFX7600GTXXX Zalman Vf900
Processor: Opteron 146 @ 2.61 Ghz
Mainboard: Asrock Dual SATA2
Memory: 2gig Geil Value @ 223Mhz 2.60v
Soundcard: Audigy 2 + Altec Lansing MX-5021 2.
PSU: Hiper Type M 730w
Default 05-16-2006, 22:36 | posts: 2,565 | Location: UK

Does Wep and WPA1 and 2 slow down your wireless?
   
Reply With Quote
Old
  (#24)
Finchwizard
Don Apple
 
Finchwizard's Avatar
 
Videocard: -
Processor: -
Mainboard: -
Memory: -
Soundcard: -
PSU: -
Default 05-16-2006, 22:53 | posts: 16,440 | Location: Locked in Guru3D Server Room. Help!

No they don't, if they do, it's very minimal.
   
Reply With Quote
Old
  (#25)
SniperDaws
Banned
 
Videocard: XFX7600GTXXX Zalman Vf900
Processor: Opteron 146 @ 2.61 Ghz
Mainboard: Asrock Dual SATA2
Memory: 2gig Geil Value @ 223Mhz 2.60v
Soundcard: Audigy 2 + Altec Lansing MX-5021 2.
PSU: Hiper Type M 730w
Default 05-16-2006, 22:59 | posts: 2,565 | Location: UK

Thankyou mate.

Now finchy can you have a read of this and tell me if theres anything i can do please mate.
http://forums.guru3d.com/showthread.php?t=182732
   
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com
Copyright (c) 1995-2014, All Rights Reserved. The Guru of 3D, the Hardware Guru, and 3D Guru are trademarks owned by Hilbert Hagedoorn.