Should i secure my wireless network(s)?

[MKE]

well, should i?

ive had it set up for 2 years now, all unprotected. for a little bit, when i was getting disconnected constantly (every 2 min) i had it set up for mac filtering, wich helped with the issue but i got sick of changing it everytime my sister's came over so i disabled that after about a month.

since then, about a year ago, i've had a single linksys 802.1b router set up on the wall against the road all unprotected, with my laptop's any my parents entire C drive shared with full permision.

so, about a month ago i picked up a belkin wireless G+ router, and it supports more security features then the linksys did, like a built in firewall to protect against DoS, PoD, Smurf and stuff like that attacks...(and according to the log, it's been doing it's job)


there's 1 other house around us that has a wireless router, and it's my neighbor, and he has is protected...

but should i? i know it's probably not a good thing leaving it since i have mine and my parents c drives shared, but over the past 2 years, ive never had a problem with anything, except the one time wich i think was a driver issue, becasue once i did a format and windows install it worked fine.

oh, i did just protect both my router's with a WPA-PSK, should that be good enough?

[|darc|]

there have been people stealing in my neighborhood recently. i keep all of my valuables right there on the table next to the front door. should i lock it?

[MKE]

there have been people stealing in my neighborhood recently. i keep all of my valuables right there on the table next to the front door. should i lock it?

yeah, i know what your saying, wich is why i finally 'locked it down', but i live in a small hick town where laptop's and wireless stuff are signs of "gifted ones"...there's 3 people in my town that own laptop's, me, my 1 friend that just got an ibook, and my neighbor...but oh well, it's done now so w/e.

[TheSiggler]

You have the c:\ drive shares wide open? And you need to ask if you should secure it?
I would think that should be obvious.

But then again, what's wrong with people possibly doing illegal stuff using your connection? Browsing your files, reading your IM logs, and emails. Do any online shopping/banking? Just because people aren't deleting your files, doesn't mean they aren't doing anything. Think about it.

Of course, there's still a chance nobody is doing anything. But why give them the option?

[MKE]

lol, i know i should have secured it, especially with the c drives open...but i never had a problem, and i dont really do anything to worry about people seeing (my parents are completly against doing anything online- money/personal wise becasue of that reason)

but anyway, is the wpa key 'enough', assuming i somone was doing something...will that keep them out? ive read ways of cracking wep keys, so i guess that's one reason why i didnt do it...but now that i have wpa-psk support on my wireless card in my laptop ( driver upgrade), i decided to try it again...

[Roofus]

Yeah, I know what you're saying, wich is why I finally 'locked it down', but I live in a small hick town where laptops and wireless stuff are signs of "gifted ones"...there's 3 people in my town that own laptops, me, my 1 friend that just got an ibook, and my neighbor...but oh well, it's done now so w/e.

D-

You should at least do WEP; that'll be enough to keep the neighbors out. Beyond that, you just need to figure out the appropriate balance of paranoia and convenience.

[MKE]

Yeah, I know what you're saying, wich is why I finally 'locked it down', but I live in a small hick town where laptops and wireless stuff are signs of "gifted ones"...there's 3 people in my town that own laptops, me, my 1 friend that just got an ibook, and my neighbor...but oh well, it's done now so w/e.

D-

You should at least do WEP; that'll be enough to keep the neighbors out. Beyond that, you just need to figure out the appropriate balance of paranoia and convenience.

i aint writin' to impress any1....yeah, i make a lot of basic typing mistakes here, but on paper's i do it's perfect, almost.


but wich is easier when i want to add new people to my wireless connection...the way it is now when you try to connect, it asks for the "password" to get on, wich if im not at the house i can just give to whoever need's it. will wep be the same...or will it be more involved then that? i want it to be secured, but still be just typing in a password to get on. thats why i turned off mac filtering.

[|darc|]

Yeah, I know what you're saying, wich is why I finally 'locked it down', but I live in a small hick town where laptops and wireless stuff are signs of "gifted ones"...there's 3 people in my town that own laptops, me, my 1 friend that just got an ibook, and my neighbor...but oh well, it's done now so w/e.

D-

You should at least do WEP; that'll be enough to keep the neighbors out. Beyond that, you just need to figure out the appropriate balance of paranoia and convenience.

i aint writin' to impress any1....yeah, i make a lot of basic typing mistakes here, but on paper's i do it's perfect, almost.


but wich is easier when i want to add new people to my wireless connection...the way it is now when you try to connect, it asks for the "password" to get on, wich if im not at the house i can just give to whoever need's it. will wep be the same...or will it be more involved then that? i want it to be secured, but still be just typing in a password to get on. thats why i turned off mac filtering.

Just keep WPA on there. It should be fine.

[TheSiggler]

Now for me to hijack this!
Having only recently gotten a wireless device(Nintendo DS) and router.. i'm a bit of a newbie when it comes to the security features available for wireless.

What I did, was disable SSID broadcasting, enabled WEP, and set up a MAC filter to allow only my DS access to the thing.

What issues are there with WEP vs WPA, etc? What exactly be the SSID? can it be found if yer not broadcasting? Does it matter?

[|darc|]

Now for me to hijack this!
Having only recently gotten a wireless device(Nintendo DS) and router.. i'm a bit of a newbie when it comes to the security features available for wireless.

What I did, was disable SSID broadcasting, enabled WEP, and set up a MAC filter to allow only my DS access to the thing.

What issues are there with WEP vs WPA, etc? What exactly be the SSID? can it be found if yer not broadcasting? Does it matter?

The network can still be found even if SSID broadcasting is turned off. To make the network much more convenient for you I'd turn it back on, unless you only EVER plan on using it for your DS.

WEP is usually fine to secure a network, although it can be easily cracked. I say it's fine because unless the person trying to get online is knowledgeable on such subjects, he isn't getting in.

WPA isn't crackable, but the DS (and possibly other devices) does not support it, because it requires more processing power to implement.

To me, just using WEP should be fine if you ever plan on having anyone over who would want to use WiFi. Obviously you can't use WPA because of your DS. If you are paranoid about using WEP, then you can also use MAC filtering, although that requires a little more setup if you want to use another wireless device unexpectedly (a friend comes over with a laptop, et cetera).

[someoneElse]

If you are paranoid about using WEP, then you can also use MAC filtering, although that requires a little more setup if you want to use another wireless device unexpectedly (a friend comes over with a laptop, et cetera).

That would require 1) a laptop, 2) a friend, and 3) a friend AND a laptop AT siggy's house.

[Vchat20]

BUUURRN!!

[BlackAura]

MAC filtering is pretty much useless if you're using it with WEP, as is SSID hiding. If someone is sufficiently determined and knowledgable to get around WEP, MAC filtering and SSID hiding aren't going to stop them. At best, you would slightly inconvenience them by requiring them to find out a vaild MAC address and the SSID. Both of those can be deduced from captured packets, which you need to crack the WEP key anyway. Once you have the SSID, and a valid MAC address, getting in is trivial.

Unless you're fairly paranoid about security, just WEP should be fine. SSID hiding and MAC filtering just make things way more inconvenient, without any real security benefits.

If you're only using a DS, or similar, on the wireless network, don't worry about someone cracking the WEP key. The DS isn't going to be sending enough data for them to be able to figure out the WEP key. It can take days wth a couple of laptops sending data at full speed. A DS sending bits of data at 2Mbps maximum would take years.

If someone does break into your network, regardless of whether you're using WEP or not, there are basically three kinds of damage they could do.

First, they could hijack your internet connection. I can't really think of a way to stop this without disabling all internet access from wireless devices (which kind of defeats the point of having a wireless network). If, for example, your next door neighbour gets into your network, that's what he's most likely to do. Especially if your 'net connection is better than his. You may or may not care about this. If you're only ever going to use wireless PCs, you could require VPN connections. It does add an additional step in connecting, and is therefore less convenient, but would prevent people from nicking your internet connection.

Second, they could attack one or more of the systems connected to your network. They could copy files off, delete or modify files, and (possibly) get access to your entire hard drive, even if you don't have it shared. Once in, they could do pretty much anything they wanted, for they will have the same level of access that you do. To prevent this, there are three simple steps you should take.

Firewall all of your internal systems, even if you don't think they need to be. The firewall built in to Windows XP SP2 is more than sufficient. You need to specifically allow services through the firewall, so if you want file sharing you need to enable it.

If you enabled file sharing through the firewall, do not ever share anything without a password. If you do that, anyone could come along and vandalize it. On my systems (at least, the systems that run Windows), I created a hidden user (named "RemoteUser", with a complex, difficult to crack password) which has permission to access the parts of the system I want shared, and nothing more. Same goes with any other services you want to expose (except, maybe, for things like games).

You also need to be careful of the Administrator password. With a default installation of Windows XP, assuming the firewall allows file sharing though, all of your hard drives are shared. These default shares are hidden, but they can still be accessed if you have a valid username and password. Since the Administrator account has full read and write access to nearly everything, it's a tempting target. If your Administrator password is "password", you're screwed. So either set the Administrator password to something long and complex (random sequences of numbers and letters), or leave it blank so Windows disables remote access to it.

The third attack vector is packet sniffing. If they happen to capture an unencrypted packet (say, HTTP) containing your credit card details, or the password for your online banking, or PayPal account, or whatever, they could just steal it and you'd be none the wiser until they cleaned out your bank account. They can't sniff packets that are going through the wired network, only wireless, and they can't sniff packets that are sent over an encrypted connection like HTTPS. Don't ever send your passwords unencrypted, and nobody will be able to steal them. You shouldn't be doing that anyway, because anyone sitting between your PC and the server you're talking to could also intercept that information.

Thus ends BlackAura's guide to attack-proofing your wireless network without unnecessarily getting in your way. Thanks for listening.

If you are paranoid, of course, you can go for WPA, use VPN, don tinfoil hats, or whatever. But if you're that paranoid, you can figure it out for yourself.

[Phantom]

If you use WEP, put it on Open System, not Shared Key. It might seem contradictory, but that's the least insecure way to use WEP. I read that there are now also efficient WEP attacks for networks with low-traffic (only one sniffed packet is required to initiate the attack), so if you're really worried about security you shouldn't be using WEP at all.

[djmihow]

............ so if I have wireless just for my ds, thats the only way they can try to get into my system? My 3 other pcs are wired up. I'm just worried that they could read my info when I go buy stuff online.

[butters]

............ so if I have wireless just for my ds, thats the only way they can try to get into my system? My 3 other pcs are wired up. I'm just worried that they could read my info when I go buy stuff online.

A 128 bit ssl connection is, for the most part, safe. Always look for the lock icon in your browser.