PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: blocking users from using your internet resources
From:
David Gillett <[log in to unmask]>
Reply To:
Personal Computer Hardware discussion List <[log in to unmask]>
Date:
Tue, 18 Apr 2006 18:49:53 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (70 lines) 
On 17 Apr 2006 at 21:21, Jacqueline MacWhirter wrote:

> How to stop someone from using your  internet resource how can you block 
> them --I was asked this tonight  for an example suppose someone had a 
> wireless laptop and tapped into your internet resources - you have high 
> speed cable how could you block them ? Thank you Jacqueline MacWhirter 

  In order for this scenario to occur, you would need to have not only high 
speed cable, but *also* some way of sharing that resource (a router or a 
machine with ICS enabled) and wireless access to your LAN (via the router, 
or ICS on a machine with a wireless NIC, or a wireless AP (access point)).

  So then the question becomes:  If I allow wireless access to my LAN, how 
do I make sure that it's only used by the people I want to allow to use it?  
(The fact that one of your LAN resources is fast Internet access is a reason 
why others might want to, but it's not the point of vulnerability.)

  There are three major approaches -- which can all be undertaken at once, 
if you like:

1.  SSID
  Wireless networks are identified by an ID string, or SSID.  Specifically, 
if two wireless "base stations" are using the same SSID, a wireless client 
will assume that it can move from one to the other and remain connected to 
the same network.
  By default, the base station will broadcast its SSID periodically; this is 
how clients identify nearby networks.  There's usually an option to turn off 
this broadcast.
  BUT
    (a) turning off the broadcasts may not stop the base station from 
answering "Is anybody out there?" probes, and
    (b) the SSID will be used to identify traffic when the wireless is 
actually being used.

Conclusion:  Not broadcasting the SSID doesn't buy you much security.  It 
was never designed to.

2.  MAC address
  Most wireless base stations can accept a list of MAC addresses of wireless 
adapters that they will accept connections from.  Not all of them make it 
easy to find and manage this list; the default is to be willing to talk to 
anybody.
  This means finding out the MAC address of each new wireless client you 
want to be able to use.  If you buy a new wireless NIC, you have to add it 
to the list, and decide whether to remove the old one.
  And since the MAC addresses of source and destination appear in every 
packet, there's very little to stop an intruder from copying the MAC address 
of a legitimate client.

3.  WEP key
  Virtually all current wireless gear supports at least WEP.  WEP is 
designed primarily as a mechanism to encrypt packets over wireless, so that 
others cannot simply "listen in" on the conversation.  [This is intended to 
protect the Confidentiality of the wireless traffic.]  However, it's usually 
fairly easy to configure the base station to accept connections only from 
clients who already have the WEP key being used, so that it functions like a 
resource access password.
  Cracking the WEP key is not as hard as most security professionals would 
really like, but if all an intruder is after is fast Internet access, 
they'll likely go to a neighbor's unprotected wireless network rather than 
invest the time and effort in cracking your key.  And that's good enough for 
home and small business use.

David Gillett
CISSP CCNP CCSE

                         PCBUILD's List Owners:
                      Bob Wright<[log in to unmask]>
                       Drew Dunn<[log in to unmask]>

ATOM RSS1 RSS2