| Author |
Message |
    
Smarty Jones
Citizen
Username: Birdstone
Post Number: 283
Registered: 10-2005
| | Posted on Tuesday, January 31, 2006 - 12:07 pm: |     |
We have a household wireless network, using Netgear equipment/card, and a Microsoft Windows software (allowing MS Windows to manage the connections).
It's unsecure, because we didn't think we'd need it. But I've noticed that my computer picks up 6 networks around us (4 secure, 2 unsecure) and now I'm starting to think otherwise. Also, on one of our laptops, AOL logs itself off every 20 minutes or so, saying something about "network not available"
Are these issues linked at all? Is securing our network important? Can somebody provide guidance on how to do so?
Thanks |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12224
Registered: 1-2003
| | Posted on Tuesday, January 31, 2006 - 12:19 pm: | |
They might be related, but I can't think of how, right off the bat.
It's probably worthwhile securing your network. Why provide your neighbors free access?
Read the manual for your router. The administrative interface is through your web browser.
Your router probably broadcasts its SSID. This is a name. Change the name, and stop broadcasting.
Your router can probably also control which computers can access it over wireless. I recommend using this feature. You need to find the MAC addresses of all your computers. MAC stands for Media Access Control. It's just a serial number embedded in the network interface. If you are running Windows, start a command prompt window and type "ipconfig /all" and notice the "physical address" of the wireless interface. Enter all the addresses into the list of allowed systems.
Change the administrative password for the router.
You may also want to enable encryption, as a belt-and-suspenders approach. That makes it even harder for a casual passer-by to use your network, but still not impossible. Write back if you want details on how to do it.
"This is the only thing my signature says." |
Smarty Jones
Citizen
Username: Birdstone
Post Number: 285
Registered: 10-2005
| | Posted on Tuesday, January 31, 2006 - 12:22 pm: | |
So I can authorize the Hardware piece (what you are calling the router) that my DSL line plugs into, to be Named, and then also only to talk to the Laptops we authorize? Occasionaly family members visit with their Laptops, would they be precluded from accessing our network when they visit?
Thanks Tom |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12227
Registered: 1-2003
| | Posted on Tuesday, January 31, 2006 - 12:30 pm: | |
Well, your router cannot distinguish between your relatives and your neighbors, so you have to let them all in or none. But when your relatives visit, you can ascertain their computers' MAC addresses and enter them into your router. You'll only have to do that on their first visit.
The answer to your first question is yes.
"This is the only thing my signature says." |
argon_smythe
Citizen
Username: Argon_smythe
Post Number: 752
Registered: 5-2001
| | Posted on Tuesday, January 31, 2006 - 1:37 pm: | |
Don't worry about how many other networks you can see. Worry about who can see your network. Change your SSID and then turn off SSID broadcasting on the router. Nobody will see your network pop up on their lists.
Check your wireless client connections every so often too. You will see a new, unknown entry if somebody has made a connection to your router.
I also suggest limiting connections to known MAC addresses as Tom suggests above.
WEP encryption is, in my opinion, a PITA to deal with and overkill for most suburban home applications.
|
Smarty Jones
Citizen
Username: Birdstone
Post Number: 288
Registered: 10-2005
| | Posted on Tuesday, January 31, 2006 - 2:20 pm: | |
Ok...my router was a 2nd hand gift, so I have no instructions, manuals or understanding of how to do this. Am I better off buying a new one and starting from scratch? If so, any suggestions for light home use?
If not, is there an on-line resource that can walk me through this? |
Eponymous
Citizen
Username: Eponymous
Post Number: 47
Registered: 6-2004
| | Posted on Tuesday, January 31, 2006 - 3:00 pm: | |
SJ,
Surely the router's manufacturer will have an on-line manual for the downloading. Most (all?) of them use a web interface, and you can probably google the appropriate address to access it too.
I'm with argon, go with MAC and forget WEP. The dedicated hacker can easily get through that anyway and the casual one will be stopped by the MAC requirement.
At least change the admin password on it.
OTOH, you probably wouldn't notice your neighbors using your connection, unless they're huge downloaders. Up to you of course. I once picked up three different signals parked in a spot in town. At least one was not locking guests out. |
SOSully
Citizen
Username: Sullymw
Post Number: 1136
Registered: 5-2001
| | Posted on Thursday, February 2, 2006 - 10:23 am: | |
send me make/model and I'll try to find you a link to the manual |
monster
Supporter
Username: Monster
Post Number: 2005
Registered: 7-2002
| | Posted on Thursday, February 2, 2006 - 11:31 am: | |
If you need the default admin user/password info, there are lists all over the internet
http://www.governmentsecurity.org/articles/DefaultLoginsandPasswordsforNetworked Devices.php |
Rastro
Citizen
Username: Rastro
Post Number: 2298
Registered: 5-2004
| | Posted on Friday, February 3, 2006 - 10:28 am: | |
MAC filtering and WEP encryption accomplish two different things. MAC filtering prevents certain devices from actually using your network. But WEP encryption (and WPA) prevent someone from intercepting your connection and seeing what you do.
You should do both WPA (or WEP) and MAC filtering. That way no one can get onto your network to use it, and they can't "tap" your connection. |
Eponymous
Citizen
Username: Eponymous
Post Number: 59
Registered: 6-2004
| | Posted on Friday, February 3, 2006 - 10:58 am: | |
Rastro,
WEP requires a password, so it also prevents users from using your network, just as MAC filtering does.
Breaking WPA and WEP are fairly easy to do for eavesdroppers. Just Google "hack wep" vel sim.
Since it imposes a cpu burden (to encrypt and decrypt), I usually don't recommend it. Serious hackers will just get around it no matter what anyway. |
Rastro
Citizen
Username: Rastro
Post Number: 2300
Registered: 5-2004
| | Posted on Friday, February 3, 2006 - 11:59 am: | |
MAC filering, however, does not precvent someone from eavesdeopping on your connection. All it does is prevent someone else from using your access point. It does not prevent them from intecepting the cleartext transmission between your laptop and the access point/router.
I know WEP is about as tough to crack as a peanut shell. But I have not heard of complex passphrases being cracked in WPA. Short ones? Yep. But not those with any complexity to them.
I do agree that WPA can accomplish (sort of) the same thing that MAC filtering can. To me, the downside of MAC filtering is that if you bring home a laptop from work, you need to log into the router to allow it. Same if a friend comes over with their computer. But I do it anyway.
I have not really noticed the overhead of WPA with a modern processor, but as always, YMMV. |
SOSully
Citizen
Username: Sullymw
Post Number: 1147
Registered: 5-2001
| | Posted on Friday, February 3, 2006 - 12:11 pm: | |
yes, I gave up on MAC filtering because of what Rastro said above. In our quiet little neighborhoods do we really have more to fear than someone just hijacking our internet service for free? The risk is minimal, imo. I use 128-bit WEP and don't broadcast my SSID. That is going to be sufficient 99.9% of the time. Good enough odds for me. |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12303
Registered: 1-2003
| | Posted on Friday, February 3, 2006 - 12:47 pm: | |
I'm with you SOSully, but I gave up on WEP, not MAC filtering. I bought a couple of wireless adaptors that should be able to handle WEP but don't. Or I haven't figured out how. So I'm just using MAC filtering and have decided I feel safe enough.
|
Eponymous
Citizen
Username: Eponymous
Post Number: 61
Registered: 6-2004
| | Posted on Saturday, February 4, 2006 - 12:22 am: | |
SOSully,
I don't understand the logic there. You're not worried about people stealing your internet service, but you are concerned that they're eavesdropping on it? I think you've got the relative risks backward. And again, I would suggest that anyone intent on eavesdropping is going to get the hacker software to break WEP. If that's your neighber, they'll have plenty of time to collect packets to do it with.
Rastro,
Sure, modern processors shouldn't really show much of a load, but every little bit sucks that much more life out of my battery, which means I have to get off the couch sooner. 
I just don't think it's worth it.
Oh, another thing to try (and it's fun too) is to put a parabolic reflector on your router's antenna to direct the signal in one direction, thus cutting it out from the other. If you have the router on one side of your house, you could, for example, significantly decrease the signal strength going out your wall. If your router has two antennas, you can effectively point them both. I tried it with my brother's set-up, and we got much better reception at the other end of the house:
http://www.freeantennas.com/projects/template/
Some cardboard, glue and aluminum foil did it for us. |
SOSully
Citizen
Username: Sullymw
Post Number: 1148
Registered: 5-2001
| | Posted on Sunday, February 5, 2006 - 12:47 am: | |
no, I think you misunderstand what I said. |
TarPit Coder
Citizen
Username: Tarpitcoder
Post Number: 23
Registered: 12-2004
| | Posted on Tuesday, February 7, 2006 - 9:12 am: | |
Wasn't the original weakness with WEP that the Initialization Vector sucked? I seem to recall that's what they fixed with WPA in it's most common incarnations - but the PSK bit sucks too...
I always used to leave my wireless (With WEP and MAC address locked down) turned off back in Boston unless I was using it.
Down here everyones so nice we leave it on (With 128 bit WEP) - and I can see about 10 other networks from here too - lots wide open with default SSID's!
I haven't thrown all the MAC addresses in yet - but I should.
I've always personally felt that the wireless stuff is best thought of as hanging your ethernet out the window for anyone to jump on. It's just too easy to find script-kiddie toys for cracking it unless you get serious and use 802.1x and a RADIUS box.
If your gonna go to that effort, you may as well just setup SSH and use SSH tunnels between everything like you would for the internet.
Just my $0.02 worth. |
monster
Supporter
Username: Monster
Post Number: 2038
Registered: 7-2002
| | Posted on Tuesday, February 7, 2006 - 11:07 am: | |
For the most part, I've always just let it all hang out, but I do keep a sniffer running to detect outside wireless, this way I can shut it down if I feel the need.
A couple of years ago my daughter was having an after school class at the high school, I used to set out on Academy street and leech off of someones wireless, I had a couple to choose from.
Driving down Parker Ave. once, I recorded quite a few wireless networks, many of which were wide open, some hadn't even changed the default admin access to the router, which is where that list above comes in handy (if one were so inclined), I just used it to check if it had been changed.
I took this adventure a bit further and drove around town, and I have to say that easy access is everywhere....
|
SOSully
Citizen
Username: Sullymw
Post Number: 1152
Registered: 5-2001
| | Posted on Tuesday, February 7, 2006 - 11:10 am: | |
yes, the average users finds wireless security difficult to understand and set up. |
Tom Reingold
Supporter
Username: Noglider
Post Number: 12353
Registered: 1-2003
| | Posted on Tuesday, February 7, 2006 - 11:11 am: | |
The manufacturers should figure out a way to make it easy to set up while not leaving the router open to strangers.
monster, what sniffer do you use?
|
monster
Supporter
Username: Monster
Post Number: 2040
Registered: 7-2002
| | Posted on Tuesday, February 7, 2006 - 12:09 pm: | |
Macstumbler & KisMac are what I generally run to detect wireless signals
You might want to look at ettercap
Ethereal for OS X
and then there is Snort for OS X, One could use HenWen for this,
|
Smarty Jones
Citizen
Username: Birdstone
Post Number: 342
Registered: 10-2005
| | Posted on Sunday, February 12, 2006 - 1:40 pm: | |
With the snowstorm, I finally am getting achangce to try and do this, and I've got a few basic questions....
Tom, in your earlier post you suggested I open a "Command Prompt and type "ipconfig /all". How do I open a command prompt in XP?
Is the router the box that the DSL comes into, or is the router the box that DSL plugs into, and rebroadcasts wireless signals?
Argon, how do I rename the SSID on my router? Is it a software I launch that should have come with the router?
I have a verizon provided Westin DSL router, that plugs into a Belkin wireless broadcasting antenna. |
Bailey
Citizen
Username: Baileymac
Post Number: 168
Registered: 3-2005
| | Posted on Sunday, February 12, 2006 - 1:59 pm: | |
you can get to the command prompt window easily.
Click Start
Click Run
Type cmd or command
You'll have a Dos looking window open, then type ipconfig/all
DSL phone line goes into a modem, then you plug the router into the modem. |
Case
Citizen
Username: Case
Post Number: 1118
Registered: 2-2005
| | Posted on Sunday, February 12, 2006 - 2:39 pm: | |
I'm bored, so I just sent you a private message with my phone number - we can discuss this.
If you don't get it, email me at divemaster@optonline.net |
kevin
Citizen
Username: Eloso
Post Number: 85
Registered: 12-2004
| | Posted on Tuesday, February 14, 2006 - 10:06 am: | |
SoSully,
When you get subpoenaed by the MPAA because your neighbors kid is hosting 1000 MP3s, you will wish you had set up MAC filtering.
P.S. normally I don't worry about setting up WEP because any information that I don't want people to sniff is encrypted by the browser in SSL.
Kevin |
SOSully
Citizen
Username: Sullymw
Post Number: 1157
Registered: 5-2001
| | Posted on Tuesday, February 14, 2006 - 10:48 am: | |
I stand by what I said. If I don't broadcast my SSID, the neighbor's kid is going to move in on the myriad of completely unprotected wireless networks in the area. There are plenty of those |
Closed: New threads not accepted on this page