Wireless Threat ? 4

[quickturtle]

Hello,

I was wondering something about wireless access. If a person was in their home and was able to get internet connection from a signal nearby because of the wifi card in their laptop, does their info become easily seen if he is using Norton Internet Security ? Also, is wireless easier to hack than a wired setup ? Thanks.............

 

[AndrewTait]

In theory, someone running Norton Internet Security should be protected against people viewing their files over a wireless connection, assuming that they have it configured correctly. However, as in so many situations, this is very rare. Out of the box installs in my opinion do not offer the best level of protection.

By it's nature, wireless networks are more easily available than wired networks, where physical access is often needed to the network. A wireless network can be hacked from someone sat in a car with a PDA, laptop or other wireless device.



So often times it happens that we live our lives in chains
And we never even know we have the key

 

[quickturtle]

Thanks for the post..... is there anyother software that would protect me wirelessly when I'm go my laptop that you may know about ? Maybe something to even trace a hacker ?

 

[rkolva]

I may be overly paranoid about wireless but in my mind if it's transmitted through the air it ain't never going to be secure enough to make me comfortable. I occaisionaly turn on wireless on my home network for guests but always use the MAC filter and then turn it off immediately when they leave. And my home network doesn't have any shared drives so it's not like I would be losing anything other than bandwidth.

My father was into radio communications in the Air Force and after retiring from the military. He once showed me a fancy reciever that could pick up any broadcast single regardless of wavelength. That really hit home with me that anything broadcast isn't safe. The botched WEP key generation doesn't leave me feeling any better and I'm going to trust WPA until all the miscreants have had a really good shot at hacking it. And then you still have to worry about some little turd with a Pringles can antenna taking shots at your network from miles away.

I've used power line bridges in the past and they seem to work pretty well if you're pluggin in your laptop anyhow.
Take a look at the Fred Langa page:

http://www.informationweek.com/story/IWK20030108S0003

If you stay with wireless I would turn on WPA and MAC filtering. Both should be already available though your router or modem (my Qwest modem is basically a one port router)

Ralph Kolva

 

[airbourne]

When you go wireless, anyone within range of your wireless router, whether it's 50 ft. or 500 ft. can see your network. You can't stop that. You can use strong encryption (WPA) and use the longest hardest possible phrase (case sensitive alpha numeric + symbols) and that will deter people from accessing your network.

If they break that, they have to get at your PC. If you aren't doing any filesharing, any good firewall should put you in a stealth mode. Zone Alarm Pro is a good one. Norton Internet Security I haven't had much experience with. You want to get something that detects registry changes as well as asks you permission everytime something goes out to the internet.

Given enough time and knowledge, anything is hackable. Check out grc.com if you want to test to see if your computer is stealthed or not. Run his Shield's Up! program against your computer. Other than being proactive and suspicious of just about everything that happens on your computer, you'll never be 100%, but you can get pretty close if you are carefull.

 

[rliebsch]

Well, you can make things difficult, and any step taken as a precaution is a good step.

What I would advise, is having your employee/friend/self get their own DSL. Then purchase a wireless device which allows for WPA and MAC filtering. Change the default password of your networking device (so few people do) to a strong password. Use a strong key for WPA. Then close the network to disable the beacon broadcast. Those 3 steps, closed net, WPA, and MAC filtering will discourage a great number of passers by. And we haven't even gotten to the computer's security yet.

At this point all traffic between the computer and the wireless access point is encrypted. But, a good firewall, thorougly configured will be a good step to keeping people from getting access to IPC$ and C$. Strong passwords will keep people from getting access if they manage to get to the administratively shared pipes and disks.

Robert Liebsch
Stone Yamashita Partners

http://www.stoneyamashita.com/

 

[dglienna]

XP doesn't like to connect to a WIFI network that it can't see. Just change the Broadcast ID so that people can't figure out where you are, and make sure that it isn't the same as anyone else in the area. My laptop couldn't connect to a Linksys router with no password, because it was trying to log on to another Linksys that was encrypted. They both happened to have the default SSID.

-David
2006 Microsoft Valueable Professional (MVP)
2006 Dell Certified System Professional (CSP)

 

[voltron1011]

Get Atheros client for your PC's. Atheros gives you MUCH more control over your wireless card than XP does. This tool is especially good if you have multiple wireless networks that you will be accessing (home, work, etc). This is good because then you can disable the router's beacon.

 

[iownroot]

I would have to disagree with dglienna. First, yes you should turn off ssid broadcasting. Secondly, you shouldn't be using Windows Wireless Zero Config anyway. It's pretty much garbage and gives you NO control over anything. Turn it off and use a client utility from your card vendor. If you have an integrated card, see the vendor's website for client utility software.

CISSP,ISC2 Affiliate & Instructor, MCT, MCSE2K/2K3, MCSA, CEH, Security+, Network+, CTT+, A+

 

[Stevehewitt]

I diagree - I hate the client tools on most cards and advise against them.
Every single one is different, and only the very expensive enterprise ones give more control. Plus I can't think of many other options you want other than connect, disconnect, entering WEP key and editing standard TCP/IP details. (Which you'd do in Windows anyway...!)

Only other options I've found on manufacture software has been power to the card to boost the signal. And of course the dirty cheap ones won't even run as a integrated service - so you can't logon to the domain with it either.




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[cmeagan656]

Unless I'm behind my own hardware firewall at home I use a Kensington Personal Firewall for Notebooks. Its a small (flash drive size & weight) USB device that when plugged in provides industrial strength firewall security. It doesn't interfere with corporate firewalls (I actually use it in conjunction with our corporate firewall if I take my personal notebook into the office) or anti-virus software. You can also configure up to 3 profiles (home, office, remote) for it. There is no software to install. Its strictly Plug-and-Play.

http://us.kensington.com/html/6500.html

Specs available as a Word doc here:

http://files.acco.com/KENSINGTON/K64183/K64183-1414.doc

Cheers.

 

[MarvinM]

Quickturtle,

Since most people who purchase wireless routers have little knowledge of networking, the answer is yes, a network with weak protection is easy to hack. If you connect to an open wireless network, the data you send and receive is easily visable. However, if the connection you are accessing uses WPA with a 128 bit key, then it becomes highly unlikely that a person can get into your the network.

Those that do not broadcast their SSID or use MAC filtering are invisable only to casual wireless users, i.e people who accidently connect to the network. People with tools available on the Internet, and require little skill to use, will be able to determine the SSID and see MAC addresses of computers on the network. Once the SSID is seen, and a MAC address on the network is known, all one has to do is spoof the MAC address and use the SSID and they're on the network. A firewall will not prevent interception of a signal that is sent in the clear, i.e. without strong encryption.

The bottom line is, using a strong encryption algorithm, WPA, with a 128 bit key, is how one can keep people out of their network and keep their transmissions secure. And, use open wireless connections only if you don't care that other people are seeing your transmission and you have take precautions to keep data on your computer from being accessed by other people.

Hope this helps with your decision on how to use your connection.

 

[bpinning]

Hey,

If you have a wireless network setup with WPA2, WPA-PSK it is theroeticaly imppossible to have the network. The amount of data that needs to be collected to find out the key and IP range etc would be hundreds of Gb's. If you are moving that much data in 2 weeks, get a Cisco Aironet and use their security, then it will never be hacked.

You have to move over 1Gb of data over a wireless network to get enough good packets to retrieve a WEP key and a MAC address. This can take days, no hacker is going to sit outside your house for that long without you noticing.

Brett.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.eyetstore.com

NSW, Australia
(Unless you want to pay for our trip?)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Grenage]

then it will never be hacked

Christ, that's a statement and a half.

I agree that it's unlikely for any hacker to bother sitting outside someone's home just for a WEP key, but they wouldn't have to sit there and be watching the screen.

I know I'm being pedantic, but there is no such thing as unbreakable network security. It's just a personal choice of what you think is 'enough'.


Carlsberg don't run I.T departments, but if they did they'd probably be more fun.

 

[paintballer]

As everyone here has said, wireless is less secure than wired.
We use it because it's easier to install into the house / building, and most computers that you buy new have it built in. (laptops anyways) So it's easy to flip the wireless on, which it is by default, and hook up to your unsecured wireless.
So it all depends on your balance of paranoia and convenience.
How hard do you want to make the setup for yourself?
How many devices are you going to be hooking up on the wireless?
There have also been cases where residential users have fought off RIAA lawsuits because their home wireless was UNsecured, and there was no proof that it was the home users that had been the ones downloading the content. (Just an example of why someone might want to be unsecured.)
Also, some people just want their network to be open so people can get on the internet if their within range.
How sensitive is your data? Do you have credit information on your pc? SS numbers? Or are you just sending email and gaming?

As you can see by my post, I'm on the fence about this issue.
If DO you have an open wireless security model, naturally you're going to want to make sure every computer has a software firewall, good anti-virus, and gets all the updates for all software.

My setup at home was open, as I live on a peninsula with one road in front of our house, so it would be hard for someone to be on without me noticing. Then I did notice my neighbor's son's laptop on my network. I trusted him to not be hacking my stuff, but he was home from college, and I did not trust the college networks to be secure from viruses and such, so I then secured my network with wpa-psk settings.

P

 

[bpinning]

Hey,

ok, never be hacked is a little overkill....

But you need a lot of data to do it.

You should always implement a level of security and I suggest that wpa is a minimum. (Unless you are like paintballer and have no-one near by.)

Brett

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.eyetstore.com

NSW, Australia
(Unless you want to pay for our trip?)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[tfg13]

Being in the security field myself, I always like to see what the latest tools are that are out there. Just happens that there are a few that might be of interest to all here:

http://packetstormsecurity.org/filedesc/aircrack-ng-0.6.2.tar-gz.html

http://packetstormsecurity.org/filedesc/wifi-advanced-stealth-patches.tar.html

These are tools and utilities from a reputable organization that looks at trying to get your network more secure. I didn't even start looking at the "non-ethical" sites for tools. Basically, you need to make a choice. If you want to be secure, try turning off your PC, place it in a safe, then drop it into a block of cement. That includes wired networks. The point I think that someone above was trying to make was you have to do everything you can to be secure to the level that you feel secure. If someone wants in bad enough, there are tools, that will help. If there are no tools, and they want in bad enough, they will create the tools needed to get the information they are looking for.....

 

[rkolva]

Even though paintballer is on a peninsula with a single road in front of his home doesn't mean he would physically 'see' a potential eavesdropper. For $10 and a few hours of effort you can turn a tin can into an antennae that is capable of picking up a wireless network from about 5 miles away.

http://www.oreillynet.com/cs/weblog/view/wlg/448

http://www.turnpoint.net/wireless/has.html

As several posters have noted all this is an exercise in risk analysis. How safe do you need or want to be? I'm a programmer, not a network or radio guy. Heck even as a programmer I'm not foolish enough to think that I'm among the sharpest tools in the shed. I know that no matter what I do there is somebody out there clever and smart enough to get past whatever I could do to try and keep them out of my network. That's ok with me, I'm a small fish with nothing of real value on my systems (what is of value is encrypted), if somebody really wants to spend that much effort to hack my network then they must be pretty bored.

Ralph

 

[needcoffee]

Just to weigh in, WEP and WPA-PSK are not that hard to break. A 128-bit WEP key can be broken in under 3 minutes. See this article The Feds Can Own Your WLAN Too at Tom's Hardware. A weak passphrase is also the death of WPA-PSK. I recommend a passphrase of 25 characters or more for my SOHO clients. If you really want WPA that is hard to crak you'll nead a RADIUS solution. tinyPEAP looked like a promising project until it was taken down. FreeRADIUS might meet your needs but requires a box to act as the server.

needcoffee

 

[tfg13]

rkolva,
You must live in a more expensive area, as Greg (from turnpoint.net) said you could build a cantenna for $5....Interesting read though.....

needcoffee,
You also provided a pretty good read. Seems I'm not the only one that sees the tools....