Six quick wireless security tips

Discussion in 'Network questions and troubleshooting' started by Finchwizard, Dec 23, 2004.

  1. Finchwizard

    Finchwizard Don Apple

    Messages:
    16,441
    Likes Received:
    5
    GPU:
    -
    Haha dude, as an Systems Administrator, nothing is full proof, there are tools out there that can crack both just as easy.

    But for the average joe, WEP (As opposed to nothing) and MAC filtering is fine, those tips will still secure your network down than a lot of peoples networks.
     
  2. aircool

    aircool Don Aircooleone Staff Member

    Messages:
    13,735
    Likes Received:
    0
    GPU:
    Zotac GTX 560 Ti 448 Core
    there are a lot of tools out so be careful
     
  3. SniperDaws

    SniperDaws Banned

    Messages:
    2,565
    Likes Received:
    0
    GPU:
    XFX7600GTXXX Zalman Vf900
    Does Wep and WPA1 and 2 slow down your wireless?
     
  4. Finchwizard

    Finchwizard Don Apple

    Messages:
    16,441
    Likes Received:
    5
    GPU:
    -
    No they don't, if they do, it's very minimal.
     

  5. SniperDaws

    SniperDaws Banned

    Messages:
    2,565
    Likes Received:
    0
    GPU:
    XFX7600GTXXX Zalman Vf900
  6. zhackore

    zhackore Ancient Guru

    Messages:
    2,608
    Likes Received:
    2
    GPU:
    Asus GTX 570
    if you disable dhcp, and your isp changes your ip won't that cause problems for your router?
     
  7. Finchwizard

    Finchwizard Don Apple

    Messages:
    16,441
    Likes Received:
    5
    GPU:
    -
    DHCP is for the LAN side of things, not the WAN.
     
  8. InGen

    InGen Master Guru

    Messages:
    968
    Likes Received:
    0
    GPU:
    EVGA GTX 570
    Is there any real need to have WEP/WPA when MAC address filtering is enabled?

    I mean surely MAC address filtering is the best and only option requsred because it limited to just that, the MAC address. Everyones number is unique, so if no two addresses are the same how can they gain access to the router?
    The only way i could see that happening is if the hacker could somehow mask his MAC address as your own which doesnt seem very easy to do, if not impossible.
     
  9. Finchwizard

    Finchwizard Don Apple

    Messages:
    16,441
    Likes Received:
    5
    GPU:
    -
    Spoofing MAC addresses is relatively easily, and when there is no encryption it makes it very easy.

    You need some kind of Encryption, and the MAC filtering is just an added thing too
     
  10. InGen

    InGen Master Guru

    Messages:
    968
    Likes Received:
    0
    GPU:
    EVGA GTX 570
    So in your opinion what should i go for WEP, WPA or WPA 2?

    Cheers!
     

  11. Finchwizard

    Finchwizard Don Apple

    Messages:
    16,441
    Likes Received:
    5
    GPU:
    -
    I use WEP, but it's easily crackable now, something like 15 seconds?

    Then again, the others are crack-able too, if you do go WPA(2) you need to pick a LONG key with characters, capitals, numbers, lowercase etc.

    Nothing in the dictionary either.
     
  12. Roccer

    Roccer Ancient Guru

    Messages:
    1,933
    Likes Received:
    1
    GPU:
    EVGA GTX 970 SSC
    this sticky should really be updated for the current times. if i may be so bold to suggest: to use WPA2 whenever possible. it gets over the many flaws in WEP (and yes finch, 15sec is a best case scenario time if the APs are spweing out a TON of IV keys, but on a home network, unless using ARP injections it can take a while for the AP to generate enough IV keys for a WEP cracking util to decipher the 64 or 128bit HEX key, but is still relatively easy to crack). WPA2 + long, complex passphrase is miles better then WEP

    also, note that just because SSID broadcast is off, the SSID can still be found simply by listening to the traffic. all SSID broadcasting allows for is to see the SSID when looking for available networks in fancy pants GUIs like with windows connection wizard. the SSID is still "broadcast" every now and then in the AP's Beacon frames regardless if SSID broadcast is on or off.

    also maybe add about wireless channels? if you find several other APs all broadcasting on 11 or 6 (2 most common) switch its settings to another channel to lower the chance of interference.

    your writeup is still very good, but i just think it might help to update it to stay current with new security features and such.
     
  13. Finchwizard

    Finchwizard Don Apple

    Messages:
    16,441
    Likes Received:
    5
    GPU:
    -
    You're most welcome to make another security page.

    I just don't have the time at the moment.
    I'd like to get into a few sections and update my things.

    WPA2 is the best option, along with Mac filtering again, and turning off DHCP. Which should be turned off regardless unless you're on a large network.

    It depends who you ask too, some people suggest running the standard channels, because you get less of a bleed out with frequencies.
    Others say to use them all on different frequencies to avoid interferences.

    SSID broadcasting just stops the people who are next door from accidentally connecting to it or seeing it. By no means to stop war drivers etc.

    If someone wants in, they'll get in.
    If we are talking about Corporate Wireless you can use VPN's and RADIUS auth servers and whole bunch of other things, but that's far outside the scope of the normal user.
     
  14. Intrepidx

    Intrepidx Member Guru

    Messages:
    128
    Likes Received:
    0
    GPU:
    EVGA/9800GX2/1024MB
    BackTrack3<3 :)
     
  15. dcx_badass

    dcx_badass Ancient Guru

    Messages:
    9,982
    Likes Received:
    1
    GPU:
    Gigabyte GTX570 1280mb
    Finch can you update this to say WPA not WEP?

    Also at work (a school) we have about 150 laptops on the wireless and will be using mac filtering, although I'm not sure if they did it yet as when I left they only had one Wireless AP in the school instead of the 60+ we should have had, but there was a EU wide shortage of Cisco Wireless AP's, paying £65,000 for the network you'd think they could freaking do it on time.
    ^^ None of the about is relevant to this thread really. ^^
     

  16. Mineria

    Mineria Ancient Guru

    Messages:
    3,790
    Likes Received:
    9
    GPU:
    Asus Strix GTX 1080
    A little something to add on the SSID part.

    Disabling SSID broadcasting doesn't hide the access point completely.
    IBM/Lenovo's connection software will still be able to see it on the list, the same goes for some Windows 7 beta releases.

    I kinda freaked out when I saw a fresh installed Windows 7 beta doing just that on my PC.
     
  17. yleclerc

    yleclerc Master Guru

    Messages:
    618
    Likes Received:
    0
    GPU:
    Intel / nVidia GT845 2GB
    The guide would definiately need to be updated. WPA2 with AES is the recommended settings for most Intel Centrino based laptops. Without these settings, the laptop may not use the full access speeds provided most 11n routers.
     

Share This Page