|
Topic: How to SECURE a Wireless DSL Connection ?
|
|
dannyk
Member
Subscribe to Author
Member Profile
Total Posts: 6
Joined:
|
 How to SECURE a Wireless DSL Connection ?
Posted: January 12 2005 6:02 AM
|
Post Reply
|
Hello Everybody. I have a small network of only two computers sharing internet access. I have a DSL 3.0Mps connection in one PC with the router and the other PC is hooked up to this PC via Wireless PCI Adapter (Interoperates with 802.11b Compliant Devices). My both computers work fine. Now here is the important question:
Just yesterday I had a friend who came over with his new Labtop computer that has a WiFi Connection built in. He turned his Labtop on and immediately was able to log on to my DSL connection and surf the web. He told me that I have a unsecured connection. How can I make my connection secured so no one can have access to it except my two computers.
Any help of advice would be very much appreciated.
Danny K
Miami, FL
|
ZacMutrux
Member
Subscribe to Author
E-mail ZacMutrux
Send a Private Message to ZacMutrux
Send an AIM message to this user
Member Profile
Total Posts: 493
Joined:
|
 RE: How to SECURE a Wireless DSL Connection ?
Posted: January 12 2005 10:18 AM
|
Post Reply
|
Your wireless access point has encryption software built in. In order to turn it on, you'll need to configure the software on the router. This is usually done through a Web-based control panel. Then you have to configure your wireless adapter on your PC with the correct password (WEP key or WPA passphrase).
Honestly, the best place to get information about this is from the manual for your device. I hate to tell you to read the manual, but routers are all so different that it's hard for anyone to give advice on all of them.
If you don't have the manual for your router, you can download it from the manufacturer's Web site.
Best of luck,
Zac
------------------
Zac Mutrux Consulting
zac@mutrux.com
|
efpav
Member
Subscribe to Author
Member Profile
Total Posts: 10
Joined: July 2002
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: January 12 2005 5:30 PM
|
Post Reply
|
It's important to note that even secure wireless connections are inherently insecure, but taking the following steps can make it extremely difficult to connect to a wireless network.
Make sure you have a patch cable handy to get into the router setup, because if you mess up, you won't be able to get back in without it.
First, MAC filtering will allow you to specify which network cards are allowed on your network. Start with your own, and any others that might need to connect. The MAC address is a unique serial number, usually on the card itself, but can also be displayed by typing 'ipconfig /all' at the command prompt.
Turning off the SSID broadcast will also help obscure the router, but does little to prevent users from getting on.
Lastly, enabling encryption will help lock down your network. WEP and WPA are both current technologies, with WPA being a bit better. If you consider yourself at high risk, change the encryption key periodically.
Check this out for more in-depth info:
http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
[This message was last edited by efpav on Jan 12, 2005]
|
ZacMutrux
Member
Subscribe to Author
E-mail ZacMutrux
Send a Private Message to ZacMutrux
Send an AIM message to this user
Member Profile
Total Posts: 493
Joined:
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: January 12 2005 7:41 PM
|
Post Reply
|
Your statement that even a "secure" network still has vulnerabilities is very true. So instead of seeking to "secure" a system, we should look at how to make it "secure enough". If we take more measures than are necessary, the system becomes more difficult to use, without improving security.
For a home or small office network, just turning on WPA or WEP encryption is enough. I discourage anyone from disabling SSID broadcast or using a MAC filter. Using those features reduces the usability of a wireless network without increasing security (MAC addresses are trivial to spoof).
WEP encryption is good enough for the average home. If WEP isn't good enough, then use WPA. If WPA isn't good enough, don't bother with MAC address filters. Step up to a more robust solution.
Zac
------------------
Zac Mutrux Consulting
zac@mutrux.com
|
efpav
Member
Subscribe to Author
Member Profile
Total Posts: 10
Joined: July 2002
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: January 14 2005 6:06 AM
|
Post Reply
|
What is 'Secure enough'? That highly subjective term could mean 5 different things to 5 different users.
If the goal here is to educate, then you should not abridge your post for the sake of brevity.
What may be 'secure enough' for you may not be for someone else. I find it ludicrous you would suggest to anyone to only take half-measures because that's what you think is adequate for them.
Educate them, and let them decide...
|
aalbert
Member
Subscribe to Author
E-mail aalbert
Send a Private Message to aalbert
Member Profile
Total Posts: 33
Joined:
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: January 15 2005 1:33 PM
|
Post Reply
|
Whenever I install a wireless network, I try to also ensure that the machines inside the network are secure by their own right, so if somebody gains access through the wireless, you minimize their potential access.
The concept of how secure is enough, is very subjective... For ultimate security you need to disconnect from any network, and encase your computer in a lead lined room..... Somewhere in the middle lies a happy medium.
------------------
--
Andrew Albert
MCSE, CCNA, Unix/Linux Engineer
Chief Information Officers, LLC - Miami, FL
305-613-6532
|
ZacMutrux
Member
Subscribe to Author
E-mail ZacMutrux
Send a Private Message to ZacMutrux
Send an AIM message to this user
Member Profile
Total Posts: 493
Joined:
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: January 18 2005 1:01 PM
|
Post Reply
|
efpav, I am not suggesting half-measures. I'm suggesting that some security measures are useful and worthwhile, and others are just a waste of time.
Diabling SSID broadcast does not improve security because this action does not hide the access point from attackers bent on mischief. It only hides the access point from the casual observer--who does not pose a threat.
Using MAC address filtering is an administrative hassle that provides no benefit since MAC addresses are easily spoofed.
Follow my logic: if an attacker can penetrate WEP or WPA encryption and has the desire to do so, he will not be deterred by such trivial matters as a MAC address ACL.
When describing this subject to the unsophisticated home office user, I try to make it as uncomplicated as possible. Which is why I was not more forthcoming in my earlier post.
Zac
------------------
Zac Mutrux Consulting
zac@mutrux.com
|
dcrooke
Member
Subscribe to Author
Member Profile
Total Posts: 1
Joined:
|
 RE: How to SECURE a Wireless DSL Connection ?
Posted: February 01 2005 12:47 PM
|
Post Reply
|
I agree with both posters "efpav" and Zac....
WEP or WPA is adequate for most personal home network use, which it seems is the case in point here, and to prevent "wardrivers" from bootlegging free internet access from you and e.g. using your DSL connection to send spam.
However, wireless encryption schemes are weak and relatively easy to crack, so are absolutely not suitable for protecting access to (e.g.) constituent's personal data on a non-profit's office LAN.
If you want to extend an office LAN with wireless technology, put the wireless device in a DMZ outside the firewall, and by all means use WEP to prevent freeloaders, but also use strong encryption, e.g. IPSec-based VPN technology, layered on top of the wireless interface.
An added benefit to this setup is you can freely extend wireless access to guests in your office, without compromising security of your LAN - use a short WEP key, and put it on the whiteboard.
In other words, wireless is about as insecure than the public internet, treat it as such.
|
terribleted
TechSoup Star
Subscribe to Author
E-mail terribleted
Send a Private Message to terribleted
Member Profile
Total Posts: 65
Joined:
|
 RE: How to SECURE a Wireless DSL Connection ?
Posted: February 23 2007 6:52 AM
|
Post Reply
|
Folks, many thanks for great depictions of wireless security. Very useful stuff and most appreciated.
I finally ran a test of our network (6 machines) using one wired console on Server 2003 with 5 wireless nodes.
Hardware Netgear WPN834 with WPNT511 cards.
I chose WPA (TPIK) and MAC with no SSID broadcast in an environment at our apartment complex that has many wireless networks.
I am always astounded at the number of unsecured networks that are visible.
I plan to implement the Server 2003 Group Policy as described in previous posts here.
|
toeknee
Member
Subscribe to Author
E-mail toeknee
Send a Private Message to toeknee
Member Profile
Total Posts: 35
Joined: December 2006
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: February 23 2007 9:27 AM
|
Post Reply
|
quote:
I chose WPA (TPIK) and MAC with no SSID broadcast in an environment at our apartment complex that has many wireless networks.
You were probably able to choose a relatively free channel because your neighbors do not hide their SSID broadcast. I think it is courteous in such close living situations to show the SSID and channel so that people setting up wireless networks or experiencing interference can do site surveys to find better channels without having to get special equipment.
Anyone who has the ability to break your WPA encryption (not many, and if you choose a strong password, even fewer) is not going to be deterred in the least by MAC address filtering or hidden SSID. The scanners they employ can capture that data in a jiffy.
Most amateur hackers are just looking for free Internet access anyway, so the fact there are open networks in the building is even more reason to not worry about broadcasting the SSID. It may just keep your neighbor from setting up an AP on the other side of the wall from yours on the same channel and making your wifi dodgy until you figure out what happened and fix it.
Just my opinion.
|
ssoc
Member
Subscribe to Author
Send a Private Message to ssoc
Member Profile
Total Posts: 3
Joined:
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: February 28 2007 2:59 PM
|
Post Reply
|
Like they said in prior posts, the standard wireless encryption systems can be cracked. We have client personal information on our system, so all of our computers and printers are hardwired. However, we have case managers who need to access the information remotely from laptops at wifi hotspots. We got a Cisco PIX506E and a Cisco 24 port switch from Tech Soup Stock. The PIX is connected between the DSL modem and the switch. With the free Cisco client VPN software on the laptops, they can communicate securely with our server over the Internet through the PIX.
Our DSL modem has has several wired ports and a wireless port. If we enabled the wireless port we might be able to use the laptops wirelessly in the office. I haven't thought it through fully, but it might be the answer. I would appreciate comments from the network engineers out there.
Thanks
Jim
|
kfh099
Member
Subscribe to Author
Member Profile
Total Posts: 14
Joined: January 2007
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: March 06 2007 3:52 PM
|
Post Reply
|
Secure enough? A network is always "secure enough" until it gets broken into. You can leave it as is and most likely no real harm will happen. Just like you can leave your wallet in your grocery cart as you walk away and nothing bad will happen. But the moment something does happen it's no longer "secure enough."
If you have a bunch of comics on your system then WEP is fine.
If you have data such as account numbers, SSN and anything that can be used to profit from then it's not.
WPA is better but it's also been broken.
Use WPA2 if you have it, if you want to be really secure look into WPA2 in a combination with a Radius server.
I personally will not use WEP knowing thats it's been compromised for years now.
|
kfh099
Member
Subscribe to Author
Member Profile
Total Posts: 14
Joined: January 2007
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: March 06 2007 3:58 PM
|
Post Reply
|
Enabling should make the laptops work. One thing you can do is firewall or route the wireless port so it only has access to the internet and not your internal servers. That way if you do get compromised the most they get is free internet access.
|
dman
Member
Subscribe to Author
Member Profile
Total Posts: 2
Joined: October 2006
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: March 06 2007 4:06 PM
|
Post Reply
|
My preference is always for wired over wireless.
Wired networks generally have fewer trouble spots. It's much easier to troubleshoot all the cables going from your wired network card to the network switch/hub. For the most part, if you have blinking lights, you have a connection. Wired networks are generally more secure. It's much more difficult to eavesdrop on a network cable than on a wireless radio transmission.
With wireless networks, troubleshooting becomes more difficult: Do you have the right WEP/WPA/2 key (assuming you change keys periodically)? Do you have a good signal from the wireless access point? Are you experiencing any interference from other wireless/radio devices?
In our office environment, our users work pretty much at their desks. Only a meeting in the conference room might benefit from wireless, but even then a laptop usually is more of a distraction from the meeting than a boon to it.
The only other benefit I would see with wireless over wired is not needing to run cables in the walls and ceiling. That's usually a one-time cost though, and can save many hours of wireless troubleshooting headaches.
Lastly, most wired network cards are backwards compatible. Most gigabit Ethernet cards will talk to 100 megabit and 10 megabit cards (100baseT and 10baseT). This is great for us, as it means our ancient HP JetDirect cards are still viable. But with wireless standards 802.11a/b/g and now n, with differing security capabilities, you have some devices that don't play well with others.
(I'm also someone who won't give up my land-line at home. Wireless/cell/VoIP phones are all great, but I don't want to worry about a dying battery or flaky net connection when I need to call 911.)
|
terribleted
TechSoup Star
Subscribe to Author
E-mail terribleted
Send a Private Message to terribleted
Member Profile
Total Posts: 65
Joined:
|
 RE: How to SECURE a Wireless DSL Connection ?
Posted: March 14 2007 10:49 AM
|
Post Reply
|
Excellent comment. I must admit I had not thought of that. I did a site survey myself and chose a channel not used.
Will amend my setup accordingly to ensure I am a good Wireless neigbhbor. Will also implement same for any person I install wireless for in our community.
Ted
|
terribleted
TechSoup Star
Subscribe to Author
E-mail terribleted
Send a Private Message to terribleted
Member Profile
Total Posts: 65
Joined:
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: March 14 2007 10:51 AM
|
Post Reply
|
Excellent comment. I must admit I had not thought of that. I did a site survey myself and chose a channel not used.
Will amend my setup accordingly to ensure I am a good Wireless neigbhbor. Will also implement same for any person I install wireless for in our community.
Ted
|
tom100
Member
Subscribe to Author
Member Profile
Total Posts: 1
Joined: March 2007
|
RE: How to SECURE a Wireless DSL Connection ?
Posted: March 19 2007 8:53 AM
|
Post Reply
|
dcrooke said:
quote:
However, wireless encryption schemes are weak and relatively easy to crack, so are absolutely not suitable for protecting access to (e.g.) constituent's personal data on a non-profit's office LAN.
What is the basis for this statement? 64-bit encryption may not be suitable for state secrets, but brute force cracking is no trivial task. 128-bit WPA should be quite secure to any reasonable attack, to my knowledge.
|
