WAP security

[Toytown]

Just a quickie for some of you that understand wireless networks etc.

 

I have a Belkin wireless router / modem connected (RJ45) to my main computer.

 

i have set the MAC Address Filtering to allow access only from the main computer and my carputer - all seems ok.

 

Is this sufficient for a small home system ?? Bearing in mind:

 

1. Only 3 houses within half a mile (we are in the middle of a row of 3) & neither of my neighbours would use a PC

 

2. We are 20 yards off a main road

 

3. We are 50 yards from a busy garage forecourt.

 

i'm not that worried if the odd drive by connected to the internet at my expense - but do worry about my system being inspected by allsorts & hacked ?

 

Sorry if I sound dumb - I am !!! Don't really understand security issues enough to know if I am over reacting to a threat that probably doesn't exist !

 

the other question is ...... when I turn my PC off, the router must stay connected to the net (so I can access it from the car at any time - does this mean my connection is live 24/7 or does it connect only on demand ??

 

Sorry for being a lame brain

[caliAl]

Your internet conection is connected 27/7.

 

I would advise you use some encryption. You don't want some to connect to the internet with your IP address. Anyone could browse or upload anything under your IP which will be assigned by your isp.

[Dash Rendar]

MAC address filtering is good, but MAC addresses can be spoofed. I.e. someone trying to access your router pretends to have your MAC address.

 

Why would they bother? Dunno, but if you leave a connection open and unsecured 24-7, that's a good reason for a would-be hacker to have a go.

 

Also, because you're not encrypting communication between your router and your wireless stations, traffic going to and from your router could easily be intercepted, e.g. by a packet analysis tool. This kind of 'sniffing' is not so easy on a wired network (especially a switched one), because you have to plug into the medium. With wireless, the medium is the air, so it's quite easy to be 'plugged in'. Not good if you're sending any data you wouldn't want anyone else to know about. (Not an issue for stuff like online banking, since HTTPS connections are encrypted anyway over 128-bit SSL.)

[Toytown]

Cheers Cali & Dash

 

So it looks like I need to enable some form of encryption, no doubt I will have fun with the home PC not beign able to see the car or the other way round

 

Any information sent between the base (rj45 wired to router) & car is completely harmless, like mp3 & video files. that doesn't worry me, my only concern is somebody getting into the base system via the router. Seems i need to learn more about security !

 

Thanks guys

[TLicense]

I use 128bit WEP security. Then I created a random hex code and use that as my passcode.

There's someone else in my block of flats that has a wireless connection with no WEP security. Must admit I did use it when my connection was down. Pity it's only a 512kb connection. Wonder if I convince them that they need to upgrade!

[Whitesupraboy2]

I have no security on my network. I like for them to join. I have on the other hand high security on my PC's so they cant look at them.

 

But then i watch what they do as i get told when a new computer joins the network. i just browse on to their PC and look at their hidden shares, if they start doing naughty things on my connection i delete their boot.ini,config.sys and autoexec.bat and then restart their machine...or should that be attempt too.

 

Im happy for people to use my connection as long as they aint doing anything too dodgy...thats when i get mean

[Toytown]

But then i watch what they do as i get told when a new computer joins the network.

 

Sounds good to me, is there a prog I can download that will run hidden & alert me if anybody joins my network ??

[MaveriK]

WEP encryption is a must but can still be hacked. I would hope that your access point has the ability to turn off SSID broadcast. If you do this your network will still function but people will not be able to see it unless they aggressively look for it.

 

Oh, and DONT forget to change the standard admin password.

[Toytown]

Cheers Maverick

 

Yes I did change the password (router access)

 

I thought did also turn off the SSID, but it was still enabled. I have now turned it off, so I suppose the bloody car will never find it now !

 

Sounds as if I am *probably* safe enuf doesn't it ???

[SteveR]

WEP secuirity is hackable now, as Maverick says. You're much better off using WPA-PSK, and it's as easy to set up - decide a password (make it a 5Tr0Ng_0n3) and put in into both the router and anything that needs to join it, job done, no-one will break that.

MAC filtering and auditing what happens is a good idea too, ut you've got that sussed.

I work in Secure Wireless LANs for a living, the company I work for do a lot more than I've just said but that is for enterprise level security with thousands of machines joining the network - WPA-PSK is more than adeqate for your purposes

 

The main thing is to put some level of security on it, there will be someone else easier to hack within a few miles,- they'll get the unwanted attention instead

[Toytown]

using WPA-PSK, and it's as easy to set up - decide a password (make it a 5Tr0Ng_0n3) and put in into both the router and anything that needs to join it, job done, no-one will break that.

 

Many thanks for that Steve

 

I had a look at the password options, but have not tried it yet. I presume when I try to connect from the car or a laptop, it will popup a box asking for the password ? Or can I set a pass in the other PC's to save the hassle (it's tricky with the carputer cos it means I have to get the KB out from under the seat every time I want to use it

[Toytown]

thanks again Steve

 

i enabled the WPA-PSK & the carputer has given me an option to store the password

 

Looking good at the mo - intil it all goes pear shaped

 

Thanks again to all of you that helped

 

This forum is brilliant - so many computer wizzies here willing to help us muppets

[SteveR]

thanks again Steve

 

i enabled the WPA-PSK & the carputer has given me an option to store the password

 

Looking good at the mo - intil it all goes pear shaped

 

No probs mate, if you do have any probs just drop me a PM and I'll see what I can do to help - you should be fine and dandy though as PSK is nice ad easy (and secure)

[Toytown]

Cheers SteveR