Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: Wireless Networking Security  (Read 10994 times)

Floydoid

  • Addicted Kitizen
  • *****
  • Posts: 9640
  • Prog Rock Fan
Wireless Networking Security
« on: March 06, 2008, 01:02:46 PM »

Just a quick query here... now I have my wireless BB network - master PC connected to the router via ethernet, and the secondary one via a USB wireless adapter - the signal to the latter is encrypted using WPA-PSK - is there any possibility of anyone else piggybacking onto my network?  And if so, how would I find out?

Is there any more that can be done to improve the network security?
Logged
"We're going to need a bigger swear jar."

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: Wireless Networking Security
« Reply #1 on: March 06, 2008, 02:04:05 PM »

WPA-PSK is very secure, so long as you're using a difficult-to-guess pass phrase. Some say that you should turn off the broadcasting of your SSID, but that hardly seems necessary in a domestic situation, and keeping it switched on does have some operational benefits.
Logged
  Eric

mr_chris

  • Kitizen
  • ****
  • Posts: 3774
Re: Wireless Networking Security
« Reply #2 on: March 06, 2008, 05:58:08 PM »

Turning off the SSID is absolutely useless in my opinion, as anyone with NetStumbler or loads of other wi-fi tools can still see there's a wireless network there, just not what it's called.

I prefer to set the SSID to a non-descript name, which doesn't identify me in the slightest. That way, I really don't see a problem with keeping it on.
Logged
Chris

Floydoid

  • Addicted Kitizen
  • *****
  • Posts: 9640
  • Prog Rock Fan
Re: Wireless Networking Security
« Reply #3 on: March 06, 2008, 06:39:12 PM »

My mind is a bit easier now.  I do tend to leave the router on 24/7, maybe rebooting it every 2nd or 3rd week.
Logged
"We're going to need a bigger swear jar."

mr_chris

  • Kitizen
  • ****
  • Posts: 3774
Re: Wireless Networking Security
« Reply #4 on: March 06, 2008, 06:45:51 PM »

Yeah. Most people tend to nowadays.

Also, to put your mind even more at ease, unless someone has a particular (personal perhaps?) reason to try and attack your particular wifi network, chances are they will see it's encrypted with WPA and won't be bothered to try and crack it, instead preferring to move onto one that's easier (WEP or even totally unencrypted!)

I do like the slant that the Speedtouch routers take on it - you can choose a setting "New stations are allowed (via registration)". This means you have to specifically put the router into registration mode, otherwise it will not accept any new wifi connections, even if the security key is correct, or even if there is no encryption at all!

I haven't tried that with MAC address spoofing though, to see if that's how it identifies which are new and which aren't. I suspect it does. However it does make the usually laborious task of entering MAC addresses into the router that much easier!
Logged
Chris

guest

  • Guest
Re: Wireless Networking Security
« Reply #5 on: March 06, 2008, 08:30:24 PM »

There is an offline attack which works with WPA-PSK - basically record the negotiation session between the AP and the wireless node (e.g. a laptop) and then run a dictionary attack against it. If the chosen key (passphrase) is too short then its usually fairly quick to obtain. Even with good passphrases PSK has to be viewed as a serious weakness and being able to crack WPA "offline" means that the "target" is unlikely to ever get any warning that an attack is imminent. Make sure you have a very good passphrase - the full 63 characters preferably.

A couple of techie articles for those interested in this sort of thing :

Cracking WEP - http://www.informit.com/articles/article.aspx?p=27666
Cracking WPA Part 1 - http://www.informit.com/articles/article.aspx?p=369221
Cracking WPA Part 2 - http://www.informit.com/articles/article.aspx?p=370636

Do note the date of the articles when they refer to the time taken to crack as newer techniques, hardware and software speed things up :)

I use WPA-PSK and I don't lose any sleep :)
Logged

Floydoid

  • Addicted Kitizen
  • *****
  • Posts: 9640
  • Prog Rock Fan
Re: Wireless Networking Security
« Reply #6 on: March 07, 2008, 05:48:26 AM »

I do like the slant that the Speedtouch routers take on it - you can choose a setting "New stations are allowed (via registration)". This means you have to specifically put the router into registration mode, otherwise it will not accept any new wifi connections, even if the security key is correct, or even if there is no encryption at all!

I tried use registration mode but couldn't work out how to do it.  The pdf manual reads like gobbledegook, so I gave up trying to work it out.
Logged
"We're going to need a bigger swear jar."

Floydoid

  • Addicted Kitizen
  • *****
  • Posts: 9640
  • Prog Rock Fan
Re: Wireless Networking Security
« Reply #7 on: March 07, 2008, 06:07:33 AM »

OK, I'll explain that a bit better.  The manual tells me, on the speedtouch web pages to go to home network / devices, then pick the task 'search for wireless devices'... the problem is, I don't have the task on my list.  I've enclosed a couple of screenshots to try and explain (although knowing me I'm probably doing something incredibly stupid).

[attachment deleted by admin]

[attachment deleted by admin]
Logged
"We're going to need a bigger swear jar."

Floydoid

  • Addicted Kitizen
  • *****
  • Posts: 9640
  • Prog Rock Fan
Re: Wireless Networking Security
« Reply #8 on: March 07, 2008, 07:17:35 PM »

Hmmm, I guess there's no solution on this one then?
Logged
"We're going to need a bigger swear jar."

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43467
  • Penguins CAN fly
    • DSLstats
Re: Wireless Networking Security
« Reply #9 on: March 07, 2008, 07:30:31 PM »

On my ST576 I get to that option as follows:

Click on 'Home Network'
Click on 'Wireless - WLAN...'
Click on 'Configure'
The option is in the Security section


Logged
  Eric

grumpy old man

  • Kitizen
  • ****
  • Posts: 3763
Re: Wireless Networking Security
« Reply #10 on: March 07, 2008, 09:23:46 PM »

I do tend to leave the router on 24/7, maybe rebooting it every 2nd or 3rd week.

what is the benefit of rebooting 2 to 3 weeks and by rebooting is this just disconnecting and reconnecting or turning router off and back on again?

gom
Logged

soms

  • Reg Member
  • ***
  • Posts: 537
Re: Wireless Networking Security
« Reply #11 on: March 08, 2008, 01:23:23 AM »

We leave the routers on all the time with no problems...

They get reset every now and again anyway by the mains ring tripping off  :D

Its up to you when it comes to forcing reboots, but in most cases it proves unnecessary.
Logged

Floydoid

  • Addicted Kitizen
  • *****
  • Posts: 9640
  • Prog Rock Fan
Re: Wireless Networking Security
« Reply #12 on: March 08, 2008, 05:26:03 AM »

On my ST576 I get to that option as follows:

Click on 'Home Network'
Click on 'Wireless - WLAN...'
Click on 'Configure'
The option is in the Security section

Yes I know that Roseway, but I can't figure out how to register the wireless devices like I tried to explain above.
Logged
"We're going to need a bigger swear jar."

guest

  • Guest
Re: Wireless Networking Security
« Reply #13 on: March 08, 2008, 10:34:10 AM »

I leave the router on 24/7 - its currently been up for 109 days.

The Speedtouch "registration" business is simply a MAC-based access control list - the user interface is just a bit more polished than most routers.

The only additional feature I've ever found useful on most wireless routers is "Wireless Isolation" (or similarly named setting) which basically blocks any communications* between any wireless clients. Not that useful for most home users I suspect.....

*some routers only block SMB - Windows File & Printer Sharing, some block everything.
Logged

Floydoid

  • Addicted Kitizen
  • *****
  • Posts: 9640
  • Prog Rock Fan
Re: Wireless Networking Security
« Reply #14 on: March 08, 2008, 11:07:09 AM »

The Speedtouch "registration" business is simply a MAC-based access control list - the user interface is just a bit more polished than most routers.

That's what I'm trying to access, but without success... as explained by my screenshots above.
Logged
"We're going to need a bigger swear jar."
Pages: [1] 2