Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: Getback on May 16, 2009, 01:34:06 PM
-
Just discovered my router has a wireless component. Then discovered it was wide open. So I'm exploring 2 things right now. Setting it up for my iphone and security.
-
Quick suggestion GetBack - do not use wep, use wpa-psk (it lets you choose a password/key yourself). For your key, use numbers in some places to enhance the security of it ie b1ngb0ng etc - and enable mac filtering on your wireless endpoint (you'll have to input the mac addresses of any laptops/desktops wireless cards - which can be found by typing run, cmd, ipconfig /all, look for the wireless card, use that mac address and you should be golden)
HTH,
Wurzel
-
Quick suggestion GetBack - do not use wep, use wpa-psk (it lets you choose a password/key yourself). For your key, use numbers in some places to enhance the security of it ie b1ngb0ng etc - and enable mac filtering on your wireless endpoint (you'll have to input the mac addresses of any laptops/desktops wireless cards - which can be found by typing run, cmd, ipconfig /all, look for the wireless card, use that mac address and you should be golden)
HTH,
Wurzel
Excellent Gpwurzel. Thanks!
-
And BTW, if your router was using the default configuration password for the past few years (Hint: if it's a linksys router, then the login was blank and the password was "admin") then you should change those too. There's no telling who was able to wirelessly use your router and potentially change settings if you were using the default password.
-Llama
-
And BTW, if your router was using the default configuration password for the past few years (Hint: if it's a linksys router, then the login was blank and the password was "admin") then you should change those too. There's no telling who was able to wirelessly use your router and potentially change settings if you were using the default password.
-Llama
It's not Linksys thank goodness. For some unknown reason I changed the pw at an earlier date. Had a darn hard time remembering it.
-
For the WPA key, the more random and it is the better. I took all of my family's passwords and interpolated them. Say they were "bear23," "6tree," and "johhny." The resulting password would be "b6jetoarhreh2en3y". With that level of encryption, it would take a supercomputer innumerable years to decipher it without clues.
Being a real nut with too much time on my hands, I copied it all down in a text file and encrypted it with three algorithms and a random hash with TrueCrypt. :lol
-
For the WPA key, the more random and it is the better. I took all of my family's passwords and interpolated them. Say they were "bear23," "6tree," and "johhny." The resulting password would be "b6jetoarhreh2en3y". With that level of encryption, it would take a supercomputer innumerable years to decipher it without clues.
Being a real nut with too much time on my hands, I copied it all down in a text file and encrypted it with three algorithms and a random hash with TrueCrypt. :lol
:rofl :rofl :rofl :rofl I think we need you on the power grid.
-
WPA2 with a complex password, as above, but don't worry about mac address filtering.
-
Like other said, just don't use WEP. Being circa 1998 or so I believe it's far past its due date. Being flawed just by how it works people have found out how to hack it far to easily now, hell a bit of Googleing and Linux and anyone in this thread could likely do it.
-
Okay, I set it to WPA PSK and set a pass phrase instead of the default encryption. Is that correct?
-
Try reading these:
https://www.grc.com/passwords.htm (https://www.grc.com/passwords.htm)
I use this a lot for random strong passwords
http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm (http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm)
Just scanned through this site and it looks like it might be useful
-
https://www.grc.com/passwords.htm (https://www.grc.com/passwords.htm)
I use this a lot for random strong passwords
beat me to it.... grc has several nice password generators there which are nearly impossible to crack
I personally use the 63 random characters......... works perfectly :)
-
WPA2 with a complex password, as above, but don't worry about mac address filtering.
:aok
-
One thing to remember is also that unless you live in a very populated area, chances are the neighbours that are within range don't even know how to open a computer let alone start hacking wireless passwords.
Security is good but 63 keys will be only a PITA unless you have a real danger of someone intruding. My parents for example don't need any encryption they don't have neighbours within wireless range.
-
Vulcan, curious as to why you said not to use the mac filtering? Not a biggie, merely curious as I said fella.
Wurzel
-
I believe spoofing a MAC address is fairly simple. Better to have a highly strong key. While it's true that most residential folks don't need elaborately sophisticated encryption and other high-security features, I'd rather be safe than sorry.
-
I believe spoofing a MAC address is fairly simple. Better to have a highly strong key. While it's true that most residential folks don't need elaborately sophisticated encryption and other high-security features, I'd rather be safe than sorry.
Spoofing a mac is very simple but then again you'd have to know the correct mac to be spoofed.
-
Vulcan, curious as to why you said not to use the mac filtering? Not a biggie, merely curious as I said fella.
Wurzel
As above, spoofing (copying or emulating) a mac address is very simple these days. There are a number of things that a well documented in 'wireless hacking for dummies' type guides... mac spoofing, hidden ssid scanning, and wep key breaking. Any kid thats gonna play silly buggers with wireless will run through this stuff. Plus the one thing most people seem to ignore is it's not necessary to join a network to cause trouble, some people will just sniff your traffic for passwords/users (which you probably send a lot of in clear text that you don't realize).
So, at the end of the day good encryption (WPA2) with a good complex password is whats going to stop them. All the rest are minor speed bumps, all you're doing is creating more work for yourself. WPA (as opposed to WPA2) has been broken as well, but the stronger your password the longer it takes to break, so WPA is ok, but WPA2 is best.
-
Can you change the default network name?
I changed to WPA PSK. I'm not so sure my pass phrase is solid by comparison to those posted in a previous link.
-
Can you change the default network name?
The name being broadcast wirelessly is called the SSID, if that's what you mean. That's meant to be changed.
-
Good points on mac spoofing - guess I do the mac filtering outta habit more than anything else :D
GB, yes, you can change the ssid name, should be in the set up. You can also change the channel it transmits on, if you are getting any interference from a nearby network etc.
Wurzel
-
Let's not overlook the fact that even just the basic "locked down" settings is more than enough to keep the casual "neighborhood wireless surfer" out of your network. If someone really has an interest in getting into your wireless network, they will. Having a complex WPA key will just slow them down a bit--like decades worth brute-force or lots of packet-sniffing.
If you see a car or van parked near your house that hasn't moved for weeks at a time, either your neighborhood is full of rednecks or someone thinks you have something they want and they're sniffing around. :D
-
Dot, you, you, you unspeakable cad, thats just cost me coke outta me nose. Point taken tho :D
Wurzel
-
Uhm, just a question here. If your wireless signal is encrypted, wouldn't that make sniffing useless unless you have the encryption key?
-
I'm no expert - far from it. Just a 5 second search found this short article (http://news.cnet.com/8301-10789_3-10083861-57.html) which explains a little about it.
-
That's how to crack the encryption, not how to sniff the network traffic without first connecting to it.
From the sound of it, you were suggesting that people could sniff your network traffic without first connecting to the network. I was asking if that's even possible as so far I've never heard of it working without first having the encryption key.
-
That's how to crack the encryption, not how to sniff the network traffic without first connecting to it.
From the sound of it, you were suggesting that people could sniff your network traffic without first connecting to the network. I was asking if that's even possible as so far I've never heard of it working without first having the encryption key.
Yes you need an encryption key to decode encrypted network traffic. No you don't need to connect to the network to sniff it.
Take for example WEP, it is possible to get a WEP key in around 5 minutes now I think - without connecting to the network. Then you can capture traffic (sniff) and decode it. IMHO far more can be gained from sniffing wireless traffic than using their network for leeching.
When I'm out and about on a public wifi connection or even a hotel ethernet connection first thing I do is run up an SSL VPN tunnel to work and route all my traffic that way, so if someone IS sniffing all they see is my encrypted SSL traffic.
-
I don't want to post anything regarding how to sniff packets - although there are many legitimate reasons to do it. Do a web search for wireless network sniffing and you can read about how easy it is to get the SSID, MAC addresses, spoofing, probing, etc., etc.
Like I said before, all you need is the rudimentary security settings to keep your neighbor out of your network. If you feel generous, you can keep your wireless network open, and hook another NAT router to it and have all your computer equipment safe behind that while allowing anyone to leech onto your open Wi-Fi. Visit this site (https://www.grc.com/nat/nat.htm) to learn more about NAT routers and how they work.
-
Well, I suppose that answers my question. I'm quite aware of how to crack a WEP and WPA key. Was simply curious if sniffing a wireless network's signal for packets was at all possible without first connecting to the network.
Vulcan, I've always been interested in setting up a VPN. Is this a simple SSL VPN you yourself set up. Or is it something more elaborate the IT department worked on at the place you work?
-
I set it up, but I'm network/security engineer. So it's something an IT department would setup, or try to :D