Securing my network

[Euph0ria]

Hi folks, hope everyone is having a smashing easter

I just got my wireless connection up and running with the help of Rob and just wanted to know the best way to check that it is secure without messing with any settings that I am unsure of.

Now, when I set it up I created a passkey which I had to input when using the linksys software monitor in the taskbar to connect to my router, so i'm guessing some sort of security is enabled. I also chose WPA personal on the setup but can't find anywhere in the settings were I can see it enabled.

I just want to make sure that everything is secure

Cheers

- Paul

[Gareth]

You could also restrict the MAC addresses allowed to connect to your router, so that only those that you know and have specified, can successfully connect. However, this is not a foolproof method - it can be easily bypassed.

You may want to consider disabling broadcasting your SSID, but personally I don't advocate this. The theory is that if you don't broadcast it, people won't stumble on your WLAN by accident. However, it is trivially easy to find a WLAN - even with the SSID disabled - if you're in the vicinity of the router by using a tool such as netstumbler. As your SSID is leaked out constantly in any case, hiding the SSID is imo pretty pointless.

Also, if your SSID is hidden, then it could mean that your neighbours are unaware that you've got a WLAN setup, and there is the potential for you to both be broadcasting on the same channel - if you can't see any other WLANs in your vicinity, then you're not necessarily going to think that you're sharing a channel, but if you can see that there is another WLAN that you can pick-up, then you're more likiely to consider switching channels.

[Euph0ria]

Quote:

Originally Posted by Gareth

You could also restrict the MAC addresses allowed to connect to your router, so that only those that you know and have specified, can successfully connect. However, this is not a foolproof method - it can be easily bypassed.

You may want to consider disabling broadcasting your SSID, but personally I don't advocate this. The theory is that if you don't broadcast it, people won't stumble on your WLAN by accident. However, it is trivially easy to find a WLAN - even with the SSID disabled - if you're in the vicinity of the router by using a tool such as netstumbler. As your SSID is leaked out constantly in any case, hiding the SSID is imo pretty pointless.

Also, if your SSID is hidden, then it could mean that your neighbours are unaware that you've got a WLAN setup, and there is the potential for you to both be broadcasting on the same channel - if you can't see any other WLANs in your vicinity, then you're not necessarily going to think that you're sharing a channel, but if you can see that there is another WLAN that you can pick-up, then you're more likiely to consider switching channels.

Ok, got that in theory all I need to do now is know were to check if I have the WPA active.

Will the passkey I setup stop others accessing my network?

[Gareth]

If it's set-up on the router as being required, then you'd not be able to connect on the laptop if it wasn't configured. So, if the router is showing it OK, then you're fine

---------- Post added at 15:07 ---------- Previous post was at 15:07 ----------

As for the passkey question, yep.

[Druchii]

Quote:

You could also restrict the MAC addresses allowed to connect to your router, so that only those that you know and have specified, can successfully connect. However, this is not a foolproof method - it can be easily bypassed.

After hearin that i want to know how ? I have my router set up like this and am now sort of worried.

[Euph0ria]

Quote:

Originally Posted by Gareth

---------- Post added at 15:07 ---------- Previous post was at 15:07 ----------

As for the passkey question, yep.

That's what I wanted to hear

[Gareth]

Quote:

Originally Posted by Druchii

Quote:

After hearin that i want to know how ? I have my router set up like this and am now sort of worried.

Sorry, didn't mean to worry anyone

If you're interested in learning more about this, I would strongly recommend downloading a copy of BackTrack (www.remote-exploit.org) and reading up about the various tools found in the Wireless section of BackTrack.

Briefly, to exploit a WLAN using MAC filtering, you'd sit and catch packets being broadcast legitimatly between the AP and the clients, and once you'd determined that a MAC address had been successfully authenticated with the AP, you'd change the MAC of your wireless card to spoof the one you grabbed. Using something such as wellenreiter and either ethereal or tcpdump, or kismet, or netstumbler, etc... this kinda thing is pretty trivial.

It's also possible to set up a laptop with a wireless card to pretend to be a wireless AP, at which point any PCs with a wireless card will try connecting to it to get the details, which is another way of obtaining MAC addresses, amongst other things.

However, just to put this into perspective, chances are people who know how to do this are not going to go to the effort just to access your home WLAN - this is mostly reserved for corporate WLAN access. So, don't have nightmares... sleep tight

[Druchii]

Quote:

Originally Posted by Gareth

Sorry, didn't mean to worry anyone If you're interested in learning more about this, I would strongly recommend downloading a copy of BackTrack (www.remote-exploit.org) and reading up about the various tools found in the Wireless section of BackTrack. Briefly, to exploit a WLAN using MAC filtering, you'd sit and catch packets being broadcast legitimatly between the AP and the clients, and once you'd determined that a MAC address had been successfully authenticated with the AP, you'd change the MAC of your wireless card to spoof the one you grabbed. Using something such as wellenreiter and either ethereal or tcpdump, or kismet, or netstumbler, etc... this kinda thing is pretty trivial. It's also possible to set up a laptop with a wireless card to pretend to be a wireless AP, at which point any PCs with a wireless card will try connecting to it to get the details, which is another way of obtaining MAC addresses, amongst other things. However, just to put this into perspective, chances are people who know how to do this are not going to go to the effort just to access your home WLAN - this is mostly reserved for corporate WLAN access. So, don't have nightmares... sleep tight

Haha, nice ending.

I get how this works, and yeah, i think i can put up with kicking someone off my network if they tried so hard to get in.. haha.

[Euph0ria]

One thing I notice is that the network monitor icon and wireless connection icon disappear from the tray after a while, so I can't really tell how good a signal I am getting unless I relaunch the program.

Is this normal?