Is the wireless CLIENT secure?

[blurworld]

Hi,

This may be a daft question.... I cant get my head around the fact that other users cant "plugin" and access my wireless connection directly

I have everything set-up with WPA2 and i believe the "network" is secure....the "network" at the moment really only consists of a cable modem and a Wireless Access Point w/ inbuilt Broadband Router, however i dont think thats that relevant. The client is the laptop that connects to the "network".
I understand that the access point *should* be secure from connections other than those that know the pre-shared key. However Can any other client stations (e.g. neighbours,etc.) connect directly to my client station and form a *new* network (i.e. peer-to-peer or ad-hoq) ?

If so how can these be blocked by the CLIENT station (laptop)?

 

[brd24gor]

Nobody can connect to your laptop unless your laptop connection is set to ad-hoc. If you have it setup to connect to your access point (infrastructure mode), then anything your laptop wants to send goes directly to your wireless point. Also, your laptop won't accept any other packets that don't come from the access point.

Imagine the same situation with wires instead. Lets say you had two ethernet cards and a regular wired router. If you plug one of your cards into that router, everything your computer sends goes through that port and into that router. If someone were to just come up and plug into the other ethernet card in your computer, it wouldn't do them much good as your computer doesn't know what to do with that connection.

Make any more sense?

--Brad

 

[blurworld]

Thank you, That eases my mind but only a little.

In the Advanced Tab of the wireless connection I have set the connection to "networks to access:" "access point networks only",
but then this still doesnt *stipulate* that any wireless networks cant access me! - but maybe its meant to mean that. Im happy that the transmission is being encrypted however im not happy that the client is *actually* being locked from wireless access *from* other clients stations. That is effectively what i want to do.

If you plugged a cable that was connected to a broadband modem into my ethernet port it would connect to the internet without asking me if i wished to do so ?! there is nothing stopping a connection being made to the "internet" network. doesnt the same apply to wireless networks?
My understanding is that you require some sort of authentisation system to prevent anyone making a connection to your computer without a password?
The wireless only seems to authenticate at the access point and *not* at the client side????

And does the firewall fit into all this. Apart from the wireless adapter itself, Theres a new network thats just appeared in zone alarm - i have no idea what it is! The firewall is only allowing internet programs access through all connections, so that is giving me some ease of mind.

Besides Even if i am secure, I still think things need to made clearer and "realer" in these settings and in the advice on how to set these things up - so that you are certain that it is secure.

 

[brd24gor]

Please don't take offense, but I think you are being a bit paranoid

As long as you have WPA going, you are as secure as you are going to get right now. Fact of the matter is, NO ONE can connect to your laptop through the wireless connection unless you give them permission to, not even another wireless access point. Your laptop can only be connected to one point at a time. Your wireless card in the laptop doesn't act the same as an access point in that someone can't just connect to it. In fact, no one will be able to even see you are using wireless! If people are looking for something to connect to, they won't see your laptop, they will see your access point.

Be at peace. The only way someone could get into your laptop would be through the access point. Since you have that locked down with WPA, chances are extremely slim that will happen. If you really want to lock it down tightly, use MAC filtering so your laptop is the only machine that can access it. To get your MAC, get to a command line and run ipconfig /all.

 

[rn4it]

Blurworld,
brd24gor is correct, the worst thing that could happen is if someone was able to capture the transmission between your laptop and the Access Point, they could spoof your wireless cards MAC addres and posibly crack the WAP security. This is not easy, but is possible. This would only effect the APs network.

 

[RussellMcL]

Actually, it's not overly difficult to crack WEP keys, and spoofing MAC's is easy as well. Best bet is o set your router to a - hide the SSID, b - WEP kep, and c - MAC filtered. Althought this is not impossible to crack, it shouldnt be too much of a problem if you couple it with some security on your PC, ie not sharing drives / folders, and having a password (and disabling guest accounts.)

 

[blurworld]

thanks Russell, but im not using WEP - im using WPA2 Personal settings.

 

[RookThis]

WPA2/AES