Wireless security an issue

You can have networks without wires? :confused:

These oaks that don't secure their wireless networks properly are probably the same ones that think Windows Firewall will stop virii. Blerry moegoes.
 
Wireless networks will never be infallible to intrusion. However difficult it may become, it is simply not 100% secure. The best we can do is implement better security installations between the connection and authentication stages and to make use of better security protocols- regular authentication and privilege audits, regular encryption key changes, etc
 
froot said:
Wireless networks will never be infallible to intrusion. However difficult it may become, it is simply not 100% secure. The best we can do is implement better security installations between the connection and authentication stages and to make use of better security protocols- regular authentication and privilege audits, regular encryption key changes, etc
Click to expand...

Quite true. If the signal can be detected someone is bound to try and hack it.

Wireless networks certainly makes life easier to a certain extent because no cable needs to be laid to connect more work stations onto the network. But as usual a bit of common sense with repect to security is essential.
 
Saule said:
Quite true. If the signal can be detected someone is bound to try and hack it.

Wireless networks certainly makes life easier to a certain extent because no cable needs to be laid to connect more work stations onto the network. But as usual a bit of common sense with repect to security is essential.
Click to expand...

Installation +1. Security -10. :( Unfortunately some businesses with high-risk data are very paranoid when it comes to wireless networking, even if all possible precautions are taken.
 
froot said:
Installation +1. Security -10. :( Unfortunately some businesses with high-risk data are very paranoid when it comes to wireless networking, even if all possible precautions are taken.
Click to expand...

Initally my boss didn't even want a network at all (wired or otherwise) because of the potential risks of viruses spreading from an infected machine to all others. But eventually I managed to persuade him and we now have a wireless network. I have stepped up security with the move from WEP to WPA and using the maximum length password (I think it is 64 characters) generated by KeePass Portable using letters/numbers/symbols.

You can't be too careful with security and I am currently working on machine to run Smoothwall on. Hopefully I can get it to do all the things I want:).
 
Personally I think wireless networks are generally more secure than wired ones. Why do I say that? Well firstly I don't know many people that implement MAC address filtering on their wired networks but its quite common to implement it on a wireless network. Sure a wired network requires a physical barrier penetration whereas the wireless network allows for remote attackability. But whats stopping most guests from walking in, plugging in their laptop and snooping around?

I'd be intrigued to hear what measures people in this forum take on both wired and wireless networks.

Personally I use MAC address filtering, statically DHCP assigned addresses, computer certificates, WPA2 encryption using machine generated long keys and some IDS processes running to keep things in check.

I've thought about deploying IPsec for all Windows machines but haven't been brave enough to attempt it yet.

What about you?
 
Saule said:
Initally my boss didn't even want a network at all (wired or otherwise) because of the potential risks of viruses spreading from an infected machine to all others. But eventually I managed to persuade him and we now have a wireless network. I have stepped up security with the move from WEP to WPA and using the maximum length password (I think it is 64 characters) generated by KeePass Portable using letters/numbers/symbols.

You can't be too careful with security and I am currently working on machine to run Smoothwall on. Hopefully I can get it to do all the things I want:).
Click to expand...

The best you can do in terms of keywords is to use symbols such as % @ (shift+number). Using this and the other alphanumeric keys gives a possible 64^94 possibilities (assuming you use 64 characters). Simply using a good antivirus across intranetworks should stop a virus in its tracks before it can do any harm.
 
@EricsON, nice. Wish all devices support WPA2, just about all of mine stop at plain WPA. Better than nothing :)

If you are running Windows, I remember there was a guide that showed you how to lock your machine down very well. Contrary to popular belief (even though I am a Linux fanboi), it is possible to lock down your Windows machine well enough that the risk is reduced to almost nothing. The effort required to do this, however, would reduce even hercules to tears :)
 
EricsON said:
Personally I think wireless networks are generally more secure than wired ones. Why do I say that? Well firstly I don't know many people that implement MAC address filtering on their wired networks but its quite common to implement it on a wireless network. Sure a wired network requires a physical barrier penetration whereas the wireless network allows for remote attackability. But whats stopping most guests from walking in, plugging in their laptop and snooping around?

I'd be intrigued to hear what measures people in this forum take on both wired and wireless networks.

Personally I use MAC address filtering, statically DHCP assigned addresses, computer certificates, WPA2 encryption using machine generated long keys and some IDS processes running to keep things in check.

I've thought about deploying IPsec for all Windows machines but haven't been brave enough to attempt it yet.

What about you?
Click to expand...

On some of the Cisco systems I have worked with I have created MAC filtering as one of the wired networking security systems. Others include certificates, although they take more time to setup. DHCP is a must since network auditing is important and finally, I make use of Novell Clientware as an authentication method. This is close to impossible to crack and without it there is no way to get onto the system (believe me I've tried....).
One thing I like about Linux is the ability to use secured wired networks that makes use of certificates or keywords. A bit of a hassle but no more than wireless would be.
One thing I do like doing when it comes to DHCP addressing is to create a false network. If you are permitted onto the network via MAC filtering or whatever authentication set-up, then you have access according to your requirements and needs. But if there is no record for your node (be it PDA or notebook), the computer is assigned an IP address where packet filtering blocks all packets. This is as bad as not being connected at all. You can't receive any packets, nor can you send any. I just love that.
IPsec is just a pain for me...
 
@BandwidthAddict Yeah I've found support to be limited but a quick update of notebook wireless LAN drivers normally solves the problem. As for devices, all of our Nokia mobile phones support it just fine allowing for wireless SIP extensions on my Asterisk PBX.

@froot Oooh I like the false network idea, sortof like a private honeypot for intruders. :) I could have fun with that. LOL.
 
froot said:
The best you can do in terms of keywords is to use symbols such as % @ (shift+number). Using this and the other alphanumeric keys gives a possible 64^94 possibilities (assuming you use 64 characters). Simply using a good antivirus across intranetworks should stop a virus in its tracks before it can do any harm.
Click to expand...

In addition to symbols I also selected special characters when creating the password in KeePass Portable - much harder to find:D.
 
Ticking Timebomb

I know several WISP's that don't apply ANY security whatsoever on their networks, apart from MAC filtering, which is trivial to bypass. If only their clients know how exposed their vital info are ...
 
Plaasjapie said:
I know several WISP's that don't apply ANY security whatsoever on their networks, apart from MAC filtering, which is trivial to bypass. If only their clients know how exposed their vital info are ...
Click to expand...
same thing with satellite traffic, put the card promiscuous mode and run a filter....very interesting. Implement proper security and key changes every once in a while and it's as safe as it is going to be
 
Tns said:
same thing with satellite traffic, put the card promiscuous mode and run a filter....very interesting. Implement proper security and key changes every once in a while and it's as safe as it is going to be
Click to expand...

For most people that's the best they can do. Even better, use a hidden SSID. Works well for me.
 
froot said:
For most people that's the best they can do. Even better, use a hidden SSID. Works well for me.
Click to expand...

never tried that one . still want to try a pgp vpn sometime
 
IPS and IDS are all good and well but is there someone monitoring and taking action?
eg...great that there are CCTV camera's up but are they working, recording and being monitored?

have to agree with EricsON many people understand that the attack vectors on wireless are far greater so the spend more time securing them and leave their wired LAN "open"

I find it amazing that many WISPs do not run any sort of encryption. lots of email and ftp passwords in the clear.

I think vendors should stop supporting WEP... i guess if that was the case many people would kick up a fuss.

I have found that in the last year more and more people are putting some sort of security on their wireless networks.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X