PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: blocking users from using your internet resources
From:
Jacqueline MacWhirter <[log in to unmask]>
Reply To:
Personal Computer Hardware discussion List <[log in to unmask]>
Date:
Wed, 19 Apr 2006 11:18:40 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (114 lines) 
 Hello David: Thank you so much for replying your information is a keeper I 
am printing it out.  I just bought a wireless laptop around $4000 .  Just 
for a test  I went about 4 long blocks  away from where I live  I had no 
trouble logging on the internet-  I powered down quickly .  I have high 
speed business cable. I was just very curious how this worked I was 
certainly very  surprised.   The reason I had asked this question this 
person does have a wireless laptop has to make frequent trips out of town 
she was saying the connection  of the internet stays on most of the time. 
She thinks its her own internet connection <G> I  am retired but actively 
build my own computers except for laptops- I am not familiar at all with 
networks, wireless as much as the hardware end.  The information you 
presented is a real eye opener indeed. I was in a meeting taking notes in a 
building  I noticed I had internet connection in this instance it was okay 
but  I just disabled it until I got home. I did not realize how powerful 
wireless really is.  I have wireless here- in my office also - Dlink router 
with antenna  and Dlink card antenna -  I am not at all interested in 
acquiring internet  at someone else expense but I would like to know how to 
protect my own internet access- and information  since this question has 
been brought up .  Most of the people  around here have cable not too many 
have the high speed cable for business.  Thanks again for your wealth of 
useful information ---  Jackie MacWhirter

----- Original Message ----- 
From: "David Gillett" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, April 18, 2006 9:49 PM
Subject: Re: [PCBUILD] blocking users from using your internet resources


> On 17 Apr 2006 at 21:21, Jacqueline MacWhirter wrote:
>
>> How to stop someone from using your  internet resource how can you block
>> them --I was asked this tonight  for an example suppose someone had a
>> wireless laptop and tapped into your internet resources - you have high
>> speed cable how could you block them ? Thank you Jacqueline MacWhirter
>
>  In order for this scenario to occur, you would need to have not only high
> speed cable, but *also* some way of sharing that resource (a router or a
> machine with ICS enabled) and wireless access to your LAN (via the router,
> or ICS on a machine with a wireless NIC, or a wireless AP (access point)).
>
>  So then the question becomes:  If I allow wireless access to my LAN, how
> do I make sure that it's only used by the people I want to allow to use 
> it?
> (The fact that one of your LAN resources is fast Internet access is a 
> reason
> why others might want to, but it's not the point of vulnerability.)
>
>  There are three major approaches -- which can all be undertaken at once,
> if you like:
>
> 1.  SSID
>  Wireless networks are identified by an ID string, or SSID.  Specifically,
> if two wireless "base stations" are using the same SSID, a wireless client
> will assume that it can move from one to the other and remain connected to
> the same network.
>  By default, the base station will broadcast its SSID periodically; this 
> is
> how clients identify nearby networks.  There's usually an option to turn 
> off
> this broadcast.
>  BUT
>    (a) turning off the broadcasts may not stop the base station from
> answering "Is anybody out there?" probes, and
>    (b) the SSID will be used to identify traffic when the wireless is
> actually being used.
>
> Conclusion:  Not broadcasting the SSID doesn't buy you much security.  It
> was never designed to.
>
> 2.  MAC address
>  Most wireless base stations can accept a list of MAC addresses of 
> wireless
> adapters that they will accept connections from.  Not all of them make it
> easy to find and manage this list; the default is to be willing to talk to
> anybody.
>  This means finding out the MAC address of each new wireless client you
> want to be able to use.  If you buy a new wireless NIC, you have to add it
> to the list, and decide whether to remove the old one.
>  And since the MAC addresses of source and destination appear in every
> packet, there's very little to stop an intruder from copying the MAC 
> address
> of a legitimate client.
>
> 3.  WEP key
>  Virtually all current wireless gear supports at least WEP.  WEP is
> designed primarily as a mechanism to encrypt packets over wireless, so 
> that
> others cannot simply "listen in" on the conversation.  [This is intended 
> to
> protect the Confidentiality of the wireless traffic.]  However, it's 
> usually
> fairly easy to configure the base station to accept connections only from
> clients who already have the WEP key being used, so that it functions like 
> a
> resource access password.
>  Cracking the WEP key is not as hard as most security professionals would
> really like, but if all an intruder is after is fast Internet access,
> they'll likely go to a neighbor's unprotected wireless network rather than
> invest the time and effort in cracking your key.  And that's good enough 
> for
> home and small business use.
>
> David Gillett
> CISSP CCNP CCSE
>
>                         PCBUILD's List Owners:
>                      Bob Wright<[log in to unmask]>
>                       Drew Dunn<[log in to unmask]> 

                  Visit our website regularly for FAQs,
               articles, how-to's, tech tips and much more
                          http://freepctech.com

ATOM RSS1 RSS2