LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Wireless security
From:	Mark Rode <[log in to unmask]>
Reply To:	PCBUILD - Personal Computer Hardware discussion List <[log in to unmask]>
Date:	Tue, 11 Jan 2005 19:43:11 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (66 lines)

He probably has broadcast enabled, and default settings on everything, and
your daughter probably is using the same brand of NIC, as his WAP, so your
daughter could see the connection, and connect to it. It is very common for
people to use their WAP at defaults, which is the reason that people can
log into them so easily.

I assume you have it turned off "broadcast" on your WLAN. Kind of hard to
connect to something you can't see, not impossible, but you have to know
what to connect to. Second, I know David Gillett dismisses using MAC
addresses authorization as easily hackable. However, I agree with PCMAG's
security evaluation article, which stated that using MAC address
authorization is a pretty effective way to secure a WLAN, because it takes
a higher level of sophistication, to spoof a MAC address. It can be done,
but people have to have the expertise, the tools, the knowledge and the
desire to do this.

It is like the locks on your house. You can install all the security you
want, but if somebody who knows what he is doing wants to get in.... he will.

I only turn on my WAP when I need to use it with my laptop. Here is how I
have mine set up,

Change the administrative password from the default
Change the access point name from the default to something really obscure
Turn OFF Broadcast which means you have to know what the name of the access
point is to connect to it
Enable Encryption which I create .. I don't use a default ....WAP is better
then WEP if your can run it.... WAP works with XP
Enable MAC address authorization

So I have a WAP that will not respond, unless you go looking for the exact
"obscure" name, if you discover that you will need to have the correct
encryption setup which I have made up, and finally, you need to know what
MAC addresses ( the one I have put in there) the AP will accept, so you can
use very sophisticated tools to spoof it.

That is not a easy combination to overcome. Not impossible, but somebody
who really knows what they are doing  would have to park outside of my
house and really work at it. And since my reception sucks beyond 50 feet
they would be lucky to stay connected long enough to accomplish a hack. In
addition once in, all they would get is my Internet connection. They would
have to know the right user names, and  passwords to log into my Server, or
workstation, and get at any shared resources.

Rode
The NOSPIN Group
http://www.freepctech.com/rode/

At 05:31 PM 1/11/2005, you wrote:
>don't understand is why my daughter was able to connect even though he had
>encryption enabled?
>
>This does not do much for my confidence in wireless, and supports my
>position to avoid wireless unless you really need it.
>
>Any input and experiences would be appreciated. In particular, if anyone may
>have some suggestions for the SBC system in particular. I am sure that many
>others on the list may benefit from a revisit to this security issue. TIA.
>
>Peter

                         PCBUILD's List Owners:
                      Bob Wright<[log in to unmask]>
                       Drew Dunn<[log in to unmask]>

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG