STEP BY STEP guide to secure wireless?? - Page 2

dlweston · 04-05-05, 12:08 AM

Actually the articles I prefer are: http://www.securityfocus.com/infocus/1814 and http://www.securityfocus.com/infocus/1824. I don't want to know that it has been hacked, but how they did it. I do networking for a living, so I want all the gory details. I would never use WEP and/or MAC address authentication on any production company wireless system. It would be okay for a lab that did not connect to the company network though.

I will also state again that WEP is most likely good enough for most home users. This is particularly true if they use a firewall on their computer/s. I have shares. Each time I get add a new device, I have to allow it to access the shares in the other computers in the firewall on that computer.

I also have an old Linksys that does not have WPA. I would strongly recommend that anyone that has a device with WPA use it. Keep in mind the the only real attack against a WPA system is a dictionary attack. That means that making a phrase that only contains words from the dictionary is suseptable. Be sure to include some numbers and some special characters (!@#$%^&*;:'").

dlweston · 04-05-05, 01:00 AM

Oh and to get back on subject, to do a step by step guide, we would need to know what you are using for your wireless access point, leebrendalee. Me? I use a Linksys. I also support Linksys at work, so I could help you with most of their models. If it is another brand, then I am sure some one else on the forum is familiar with it.

If you are good at poking around, here are the steps I recommend (Please note the terms I use are in the Linksys, but other brands should use similar terms.):

1. Change the default password for the device!!!

2. Change the SSID from the default. (You got that one.)

3. Set SSID Broadcast to disable or off. (This is how you find Access Points when scanning. Disabling the SSID broadcast means you will have to enter the SSID when connecting a new device. A second choice is to turn the broadcast back on and then disable it once the new device is setup. The second is my preferred method.)

4. Enable WEP or WPA and make it mandatory. The bigger the key the better provided all devices on the network support the longer key. I recommend using the passphase to generate the key on the router. Copy the key, key one if there is more that one. This is the key you will need to use to setup the other devices. I recommend you create a text file with the SSID and key in it. Sometimes you will have to delete the setup and recreate it. Copy and paste works better than trying to type by hand. I wish paste would work in the Odyssee client. WPA sets up similar, but I only have WEP at home. (I really need to quit spending money on my Axim and get a new router.)

5. If you really want to add mac address filtering, let me know. I personally do not mess with it, because it is very easy to get around.

If your Linksys does not look the same as mine, then just go to www.linksys.com (or the web site for any other brand). You can download the user manual which has very good instructions for the device you are using.

leebrendalee · 04-05-05, 01:14 AM

Originally Posted by Howard2k

http://blogs.zdnet.com/Ou/index.php?p=41

Thanks everyone...I now have all my computers web enabled..will be putting the SIMPLE instructions here....I couldn't understand everything else..so I just guessed.....as ususal..and got luckie after a few tries....I have four computers all web enabled so far..a couple more to go...questions to follow..brenda

DaLabrador · 09-22-06, 08:42 AM

I've never heard of a WEP implementation that takes 5 minutes to crack, and newer implementations are more secure than the first ones, but it's certainly less secure than WPA (if the WPA is implemented in a safe fashion - WPA-PSK should for example have keys longer than 20 characters - And DON'T USE WORDS. Use random characters/numbers). Depending on the traffic on the wlan it might take days or even weeks to crack WEP nowadays. Less traffic = longer time.
There are other attack vectors to gain access to a wlan, though.

MAC filtering is crap.
First and foremost - Don't think it's extra security. It's ridiculously easy to spoof.
Second - If you use WEP or WPA you don't really need MAC filtering. If an intruder knows how to crack WEP/WPA the security provided by MAC filtering amounts to absolutely nothing.

It might be good practice to enable all possible "security" measures though, but do understand that it's only encryption (WEP/WPA) that works.

Edit: Oooops! Old thread... :)

dougsnell · 09-22-06, 03:04 PM

Agreed it's an old thread, but it's worth a short step-by-step guide:

1. Understand there is no security in wireless. Your signal can be picked up well over a hundred miles away, and any security you put on it can be cracked wide open. You can make it take time, but anyone who's going to seriously attempt to crack WEP is going to get the info because you won't even know it. I'd suggest anyone with those ambitions look at social cracking instead, but you get my point.

2. Turn off security and leave an open connection. If some nuisance uses it and it affects you, do some simple method like MAC filtering or a passkey to bump them off. Otherwise, be happy you've given some poor schlep a free ride on the Internet. Chances are if you ever find someone's using and they're not bothering you ... they'll thank you profusely or apologize.

3. Enjoy the time you've saved with your open connection.