Wireless Security

**Apophis** · 02-16-2005, 07:36 PM

I'm writing up a whitepaper to using wireless access points and routers in a home network environment but I wanted to do a quick poll first. If you guys could answer this poll it would be greatly appreciated. Of course, I will be posting this whitepaper to the forums to benefit any of you thinking about, or currently using wireless networking.

**Apophis** · 02-16-2005, 09:13 PM

Whoever voted that you use WEP with MAC address filtering, can you send me a PM please so I can get some additional information? Please don't post that publically though, for your own sake.. :-)

Lirix · 02-16-2005, 09:39 PM

Hmm, my wireless router supports a 64-bit WEP(or at least claims to). I haven't actually used it yet since I'm not the biggest fan of wireless anything, but thought I'd throw it out there.

Sniper · 02-16-2005, 10:26 PM

I think my Dad uses a wireless with 128 bit WEP encryption.. and mac filtering. I'm not sure though

**TheFeniX** · 02-16-2005, 11:14 PM

For your average home/SOHO network: 128+bit encryption + MAC address filtering will do just fine. Also, make sure to disable SSID broadcasts. This alone beats out any "wireless warriors" or neighbors trying to "bogart" your bandwidth.

Enterprise applications depend soley on what your needs are. It's like asking what's the best car/truck to buy* without any knowledge on what it's to be used for.

Needless, any enterprised should be using WPA. It's easy to get even people with almost no knowledge to configure them. MAC filtering depends on if you have a static amount of laptops or plan to allow teachers/employees to bring in anything they want (bad idea unless you isolate them from the rest of the network or make sure they are patched with AV).

I can't answer the poll because different solutions warrant different applications. Give me a scenario and I'll go into details.

Wait, I'm an idiot: you did say home network. A small home is so easy to administer that there's no reason to use anything strong than WEP + MAC filtering. Yes, WEP is flawed and crackable, but it takes a large amount of packets to do it. Enterprise wireless networks crank them out in no time, but if someone has to clone a MAC (when it's offline), then sniff packets for a week just to see the Pamela and Tommy Lee video you're downloading: he's going to move on.

Just make sure you copy the hex key in a text file onto a floppy. Typing those things by hand sucks. Also, if you do use Linksys's WEP password: do not set it to your SSID. You'd think this is self-evident, but you'd be wrong.

PM me if you want any other specific info.

EDIT: If you do use WEP only and live in an apartment or other tightly packed living area I strongly recommend you enable MAC filtering. If you need help, PM me.

* Buy Dodge

**Apophis** · 02-17-2005, 12:04 AM

Quote:

Originally Posted by TheFeniX

For your average home/SOHO network: 128+bit encryption + MAC address filtering will do just fine. Also, make sure to disable SSID broadcasts. This alone beats out any "wireless warriors" or neighbors trying to "bogart" your bandwidth.

Disabling SSID broadcasts will not keep your SSID secret. It only disables the active SSID announcement. As long as you're using 802.11x and sending packets, your SSID is still going through the air and very easily picked up.

Quote:

Enterprise applications depend soley on what your needs are. It's like asking what's the best car/truck to buy* without any knowledge on what it's to be used for.

Needless, any enterprised should be using WPA. It's easy to get even people with almost no knowledge to configure them. MAC filtering depends on if you have a static amount of laptops or plan to allow teachers/employees to bring in anything they want (bad idea unless you isolate them from the rest of the network or make sure they are patched with AV).

Personally. I don't think wireless should be used in enterprise applications at all. At least not without WPA encryption with some external form of authentication mechanism and an active 802.11 IDS system.

Quote:

Wait, I'm an idiot: you did say home network. A small home is so easy to administer that there's no reason to use anything strong than WEP + MAC filtering. Yes, WEP is flawed and crackable, but it takes a large amount of packets to do it. Enterprise wireless networks crank them out in no time, but if someone has to clone a MAC (when it's offline), then sniff packets for a week just to see the Pamela and Tommy Lee video you're downloading: he's going to move on.

Give me 5 minutes outside your home while you're playing a game or just surfing around the web and I'll give you your WEP key. Give me 2 more minutes and I'll have your MAC address spoofed and be associated to your access point. :-)

**Wyzcrak** · 02-17-2005, 12:29 AM

Give him another 90 seconds and your dog will be pregnant.

My company is a software vendor for Fedex. They will not allow us to use wireless networking in our facility if we access their network remotely.

**TheFeniX** · 02-17-2005, 01:25 AM

I understand where you're coming from Apo, but you have to look at it realistically.

A person at that skill level is not going to wate his time on the Wireless network "BillyBobsApart." It goes back to the old addage: "Why do you lock your doors at night? To keep honest people out."

Network security follows the same rules. If a determined hacker (with the proper skills)wants in your network: he's going to get in. You can really only slow him down to the point where he gets pissed off and leaves. Some script kiddy sitting on his parents computer is usually not going to have the knowledge to bust WEP and MAC filtering. Not to say it won't happen, but the chances are slim.

I won't even quote a business customer who says he wants WEP ( or god forbid no) security on his wireless network. The risk is too high for us. But if Jim Bob wants a cheap quote on wireless for his home so he can download MP3s from his backyard, I do feel comfortable quoting him a cheap WEP capable router.

I'd like WEP to dissappear, but as long as it's the cheapest implementation of wireless security, some customers are only going to want to pay for it.

**CingularDuality** · 02-17-2005, 03:53 AM

OK, I know nothing about wireless security. I do know that while I was in Arizona, I bought a wireless "G" card for my PC so that I could access my hotel's wireless network.

Since I did nothing to configure any security at all, was I opening my PC up to anyone that wanted to browse my HDD?

**Apophis** · 02-17-2005, 08:34 AM

Quote:

Originally Posted by CingularDuality

OK, I know nothing about wireless security. I do know that while I was in Arizona, I bought a wireless "G" card for my PC so that I could access my hotel's wireless network.

Since I did nothing to configure any security at all, was I opening my PC up to anyone that wanted to browse my HDD?

Well. That's a large concern. You were certainly opening up your network traffic to be captured and viewed by anyone listening in on the air. If you checked your e-mail you transmitted your username/password through the air in plain text, any data you sent would be easily captured and readable.

Most people look at the issue of security from the standpoint that no one would ever want to get into their computer. There's nothing worth going on it for. Truth be told, most people have enough personal information on their computers to have their identities stolen. Identity theft is a rapidly growing crime in the US and it IS just the casual user that is being attacked in these situations. The technology available to break things like WEP is becoming easier and easier to obtain and use, it's putting more power in the hands of non-computer savvy individuals and making it easier for them to engage in identity theft.

**Apophis** · 02-17-2005, 08:39 AM

Quote:

Originally Posted by TheFeniX

I understand where you're coming from Apo, but you have to look at it realistically.

A person at that skill level is not going to wate his time on the Wireless network "BillyBobsApart." It goes back to the old addage: "Why do you lock your doors at night? To keep honest people out."

This is a big part of the concern. Your statement may have been true a year or two ago, but it doesn't take someone with a high skill level to break WEP anymore. The number of individuals interested in gaining access to BillyBobsApart is rapidly growing. BillyBob is on the verge of being a greater target than his local school or university.

Quote:

I won't even quote a business customer who says he wants WEP ( or god forbid no) security on his wireless network. The risk is too high for us. But if Jim Bob wants a cheap quote on wireless for his home so he can download MP3s from his backyard, I do feel comfortable quoting him a cheap WEP capable router.

I'd like WEP to dissappear, but as long as it's the cheapest implementation of wireless security, some customers are only going to want to pay for it.

WPA can be had for the cost of a $70 access point. People should think of it as a simple one-time insurance policy.

=Sarc= · 02-17-2005, 09:20 AM

I voted 48-bit WEP but it was the closest to the 64-bit WEP that I use. I'm in a small one-bedroom apartment and don't have too many neighbours. None of them seem to use wireless and I set the signal strength on my router to 25%.

View Poll Results: Do you use wireless networking? If so, how do you protect it?
I use wireless with no encryption.	5	25.00%
I use wireless with 40/64 bit WEP encryption.	1	5.00%
I use wireless with 128 bit WEP encryption.	3	15.00%
I use wireless with WPA encryption.	0	0%
I use wireless with WEP and MAC address filtering.	4	20.00%
I use wireless with WPA and MAC address filtering.	2	10.00%
I do not use wireless networking.	5	25.00%
Voters: 20. You may not vote on this poll

02-16-2005, 07:36 PM	#1 (permalink)
Apophis Join Date: Oct 2001 Location: Rhode Island, USA Age: 36 Posts: 8,973	Wireless Security I'm writing up a whitepaper to using wireless access points and routers in a home network environment but I wanted to do a quick poll first. If you guys could answer this poll it would be greatly appreciated. Of course, I will be posting this whitepaper to the forums to benefit any of you thinking about, or currently using wireless networking. __________________ Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

02-16-2005, 09:13 PM	#2 (permalink)
Apophis Join Date: Oct 2001 Location: Rhode Island, USA Age: 36 Posts: 8,973	Re: Wireless Security Whoever voted that you use WEP with MAC address filtering, can you send me a PM please so I can get some additional information? Please don't post that publically though, for your own sake.. :-) __________________ Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

02-16-2005, 09:39 PM	#3 (permalink)
Lirix Join Date: May 2003 Location: Aurora, CO Age: 29 Posts: 173	Re: Wireless Security Hmm, my wireless router supports a 64-bit WEP(or at least claims to). I haven't actually used it yet since I'm not the biggest fan of wireless anything, but thought I'd throw it out there.

02-16-2005, 10:26 PM	#4 (permalink)
Sniper Join Date: May 2003 Location: Memphis Age: 20 Posts: 1,724	Re: Wireless Security I think my Dad uses a wireless with 128 bit WEP encryption.. and mac filtering. I'm not sure though __________________ New Server1 IP. Read the stickies!! This is how you check your STEAMID and register it.

02-16-2005, 11:14 PM	#5 (permalink)
TheFeniX Join Date: Jan 2004 Location: Houston, TX Age: 26 Posts: 4,478	Re: Wireless Security For your average home/SOHO network: 128+bit encryption + MAC address filtering will do just fine. Also, make sure to disable SSID broadcasts. This alone beats out any "wireless warriors" or neighbors trying to "bogart" your bandwidth. Enterprise applications depend soley on what your needs are. It's like asking what's the best car/truck to buy* without any knowledge on what it's to be used for. Needless, any enterprised should be using WPA. It's easy to get even people with almost no knowledge to configure them. MAC filtering depends on if you have a static amount of laptops or plan to allow teachers/employees to bring in anything they want (bad idea unless you isolate them from the rest of the network or make sure they are patched with AV). I can't answer the poll because different solutions warrant different applications. Give me a scenario and I'll go into details. Wait, I'm an idiot: you did say home network. A small home is so easy to administer that there's no reason to use anything strong than WEP + MAC filtering. Yes, WEP is flawed and crackable, but it takes a large amount of packets to do it. Enterprise wireless networks crank them out in no time, but if someone has to clone a MAC (when it's offline), then sniff packets for a week just to see the Pamela and Tommy Lee video you're downloading: he's going to move on. Just make sure you copy the hex key in a text file onto a floppy. Typing those things by hand sucks. Also, if you do use Linksys's WEP password: do not set it to your SSID. You'd think this is self-evident, but you'd be wrong. PM me if you want any other specific info. EDIT: If you do use WEP only and live in an apartment or other tightly packed living area I strongly recommend you enable MAC filtering. If you need help, PM me. * Buy Dodge __________________ - - - - - - - - - - - - - - - - - TheFeniX's Steam Profile TG's Team Fortress 2 Steam Group

02-17-2005, 12:29 AM	#7 (permalink)
Wyzcrak Join Date: May 2003 Location: Memphis, TN Posts: 14,148	Re: Wireless Security Give him another 90 seconds and your dog will be pregnant. My company is a software vendor for Fedex. They will not allow us to use wireless networking in our facility if we access their network remotely. __________________ Steam Community? Add me. \| Join #tacticalgamer \| Search Results Legend \| New Posts Forum Filter \| Postbox Toggle \| Live Thread Review \| One Line Results \| Free Remote, Encrypted Backup Darkilla: In short, NS is pretty much really fast chess. With guns. Apophis: I haven't seen anyone say that SM's are better than non-SMs. Nordbomber: This is THE first server I've seen where either side can comeback from out of seemingly nowhere with the right teamwork. en4rcment: I have NEVER experienced the type of gameplay that I have found here. Nightly I am amazed at the personalities and gaming talent. Root: Welcome to TG. Feel free to punctuate your sentences correctly. Monkerz: Its gonna take all my skills to beat those boys off in the future.

02-17-2005, 01:25 AM	#8 (permalink)
TheFeniX Join Date: Jan 2004 Location: Houston, TX Age: 26 Posts: 4,478	Re: Wireless Security I understand where you're coming from Apo, but you have to look at it realistically. A person at that skill level is not going to wate his time on the Wireless network "BillyBobsApart." It goes back to the old addage: "Why do you lock your doors at night? To keep honest people out." Network security follows the same rules. If a determined hacker (with the proper skills)wants in your network: he's going to get in. You can really only slow him down to the point where he gets pissed off and leaves. Some script kiddy sitting on his parents computer is usually not going to have the knowledge to bust WEP and MAC filtering. Not to say it won't happen, but the chances are slim. I won't even quote a business customer who says he wants WEP ( or god forbid no) security on his wireless network. The risk is too high for us. But if Jim Bob wants a cheap quote on wireless for his home so he can download MP3s from his backyard, I do feel comfortable quoting him a cheap WEP capable router. I'd like WEP to dissappear, but as long as it's the cheapest implementation of wireless security, some customers are only going to want to pay for it. __________________ - - - - - - - - - - - - - - - - - TheFeniX's Steam Profile TG's Team Fortress 2 Steam Group

02-17-2005, 03:53 AM	#9 (permalink)
CingularDuality Join Date: May 2003 Location: Dallas/Ft. Worth area of Texas, USA Age: 33 Posts: 17,058	Re: Wireless Security OK, I know nothing about wireless security. I do know that while I was in Arizona, I bought a wireless "G" card for my PC so that I could access my hotel's wireless network. Since I did nothing to configure any security at all, was I opening my PC up to anyone that wanted to browse my HDD? __________________ Become a supporting member! -- Shop at the Tactical Market! Take the world's smallest political quiz! "I was touched by His Noodly Appendage." TacticalGamer TX LAN/BBQ Veteran:

02-17-2005, 09:20 AM	#12 (permalink)
=Sarc= Join Date: May 2003 Location: Ottawa, Canada Posts: 4,597	Re: Wireless Security I voted 48-bit WEP but it was the closest to the 64-bit WEP that I use. I'm in a small one-bedroom apartment and don't have too many neighbours. None of them seem to use wireless and I set the signal strength on my router to 25%. __________________ JO Guides & Tutorials Team Element - It's who you game with.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Time to get real, America!	Magnum50	The Sandbox	81	10-04-2006 11:38 AM
Black Hat 2006 - DEFCON 14	Apophis	General Discussion	16	08-05-2006 12:22 AM
eDimensional Takes Gaming To the Next Level with Introduction of Wireless 3	Apophis	Tactical Gamer News Items	6	11-18-2004 03:40 PM
Security on a hotel's wireless network?	CingularDuality	Hardware & Software Discussion	7	06-30-2004 06:03 PM

Sponsored links

Sponsored links

Sponsored links

Sponsored links