How serious are the security vulnerabilities with a wireless network? I live in a townhouse so there are a couple of houses connected to mine as well as other rows of houses near me. I could run a wire through my house but it looks like that would be a pain. What do you guys think?
RobRPM2222 had a long post on how to secure your wireless LAN. In the meantime, as long as you don't leave it with the default setting, for example, change the SSID, enable WEP, specify DMZ, specify MACs, PW-protect, etc. you'll be relatively safe ... unless Rob and hunting or the usual suspects are your neighbors.
Just do some research and you should be fine. You need to install all the xp fixes.
The security vulnerabilities with a wireless network are very serious. More so for a business, but even for a home, if you has an unprotected WLAN in the same bulding that I lived in, I would be in it all the time.
You need to enable WEP, mac filtering, and change the default ssid at the very least. (putting it behind a VPN is not nessacery unless you are protecting financial data or something of that sort.
Disable DHCP on the router/AP also. Assign all static IP addresses to all clients so that the router does not give out random addresses. mac filtering should take care of that but there are ways to spoof that.
One last thing, find a wireless PCMCIA card that a program called "netstumbler" supports. That will monitor any rogue access points that may pop up and then you can deal with them appropriately.
one of the interesting things I have learned from reading up on this is that SSID Broadcast OFF isn't a real perfect security measure.
if you send the right type of 802.11 frame, the AP will automatically broadcast the SSID.
so, while turning SSID Broadcast OFF helps, if someone's card is spitting out ?association?(I forget) frames while wardriving, they can still get your SSID.
as opposed to having to brute-force/dictonary attack it
I would highly recommend getting a router and card that supports WPA (the successor to WEP) if you can.
All Wireless 802.11G cards should have it. You'll have to check to see if the router has it.
WPA is not perfect, but it's a quantum leap over WEP.
Depends on how you want to control the security. I can keep wireless
encryption off, and let every john, dick and harry onto your access
point, but they have to make a VPN tunnel to get routed passed the
firewall and even authenticate against a proxy that allows only say,
HTTP), I could care less if someone was on my hotspot. They are not
going to sniff through an IPSec VPN tunnel. Here is a great place to put
a honeypot simulating an open network for the script kiddies to try and
exploit (like giving a dog a bone to gnaw on), and you can look
through the logs for fun. Hell, throw in a live Win2k server unpatched
into that subnet for them to play with and think they've accomplished
something. The goal, the people that should be in the network are
securely on the network. If they start doing DoS on your access point,
that's when you triangulate with your other access points, walk up to
the kid, and slap the notebook out of his lap.
Rob, I agree, I was driving down the road the other dat and picked up an AP with the name of "cvsretail". I parked in the parking lot in was literally in there inseconds. It was pretty sad. So, while it is diffucult to completly hide or masqarade the ssid calling it by the business name completly is retarded abd who ever set it up should ne sh
Rob, have you seen a router with WPA?
I have yet to come across one(I honestly haven't been looking that hard though)
hunting- I have a Buffalo that supports WPA. I believe most vendors released firmware upgrades to support it.
Oh yeah, I've seen an SSID as the damn street address! That's convenient. :)
warez- I like that idea...might have to try that with a virgin NT4 box running IIS. :)
that definitely works, if you have a spare Unix box to mess with.
a lot of people don't want to invest that time or money, for instance home use for non-geeks.
my bad... when I think wireless networks, I tend to think in terms of
SME and above. I don't work much with the consumer market, so I
tend to be in my own reality sometimes.
Wow, I've been out of the loop too long. Can anyone recommend a good resource on the subject? Good books or websites? Thanks for all the replies.
lol - I'd take the kids laptop, run along now kiddie, you shouldn't be playing with this.
Somebody translate warez' post to consumer-speak ...I understood all the words but not all of the sentences ... not a wireless SME here.
you put a Unix box in front of your access point.
all traffic is filtered by it's firewall... the only way to get net access is to authenticate against the firewall.
when you authenticate against the firewall, you get a IPSec Virtual Private Network encrypted tunnel.
this all works at OSI layer 3 (IP)....
this solves almost all of the security problems with Wi-Fi.
the only problem with this is that someone can still Denial of Service (DoS) your connection at OSI Layer 2 (link layer- radio)... but as warez pointed out, you can generally walk over and slap the shit out of them.
also, someone can attack the wireless users on your network if their wireless card settings/VPN setup and your wireless router are not properly configured....
once they nail your user, they can go into the network via the user's link....
Usually a VPN client is pretty straight forward. IP of the VPN endpoint,
login, password. If they fail authentication, no VPN. No VPN, no
access to anything.
The clients on the access point do however, have to have their laptops
somewhat secure (not leaving services open), otherwise, as Rob
mentioned, will leave the client open to attacks.