How To Protect Yourself!?

Archived from groups: alt.internet.wireless (More info?)

Wow, thanks guys.
Jamal, do u change your password every day? If so, do u write it down
on a paper or you simply copy paste it? It's impossible to remember a
pass like that. I don't usually leave my passwords as autofills when I
access mail, nor any other accounts.

I'm not sure what I'm using ... I know I bought the wireless card, and
I know the internet works, and I know it says for public use, so there
are about 10-15 people on it every day. I just hope no hackers though,
oh yeah, and there are no passkeys or any thing. I just hook up my
11g and off I go.

Let me know if i'm in danger ::)


--
CoolMeEddY
brought to you by http://www.wifi-forum.com/
7 answers Last reply
More about protect yourself
  1. Archived from groups: alt.internet.wireless (More info?)

    Even though I use WPA-PSK (AES), I still change my encryption key once a
    week. It's just a habit I picked up from the early days of using WEP.
    As for writing it down....No. I simply create it when I'm accessing
    the AP's menu then copy and paste it into the card's utility. If by
    chance something happens to where I need to retrieve it, I simply log
    into the AP's menu and re-copy it or create a new key. The idea is to
    not create a key that can be easily guessed by a casual snooper. I
    want secure traffic to and from the AP and my wireless device(s). By
    the way, most of my keys have 63 characters. Take care.


    --
    doug Jamal
    brought to you by http://www.wifi-forum.com/
  2. Archived from groups: alt.internet.wireless (More info?)

    From what ? Radiation ? Wear a tin hat ?
    (hint: it would help if you made the subject self explanatory)
    Martin
  3. Archived from groups: alt.internet.wireless (More info?)

    Hello,

    <quote>
    Whatever. I have some doubts that adding more and more layers of
    software to the security puzzle is an effective answer. If anything,
    even the most secure firewalls seem to have holes. For example,
    Windoze XP SP2 firewall had a rather nasty problem:
    http://www.pcflank.com/news201204.htm
    </quote>

    I would hardly call the windows firewall "one of the most secure
    firewalls". It is not meant as a full blown firewall but rather as a
    minimal firewall implementation.
    Besides that, what do you think WEP (already found to be flawed) and
    WPA (has it's own share of weaknesses) are? They are implementations
    that are programmed, so how you think that they are any more secure
    than any given firewall when the insecurity lies in the implementation
    and code?
    Your reasoning is beyond me.

    Let's sum up some of the weakness of wifi:
    1. WEP is flawed and easy to crack
    Can't help this, only fix is an additional layer of encryption.
    If someone uses a passive Wifi sniffer you won't even realize someone
    is attempting to access your network
    2. Broadcasting SSID
    Turn this off, saying that, even then it is flawed as it is broadcasted
    in traffic so it is accessible once WEP has been cracked
    3. MAC address spoofing
    Yupp, easy as pie changing your mac address and passive sniffing even
    tells you what to change it too

    General security precautions for wireless if you want a pretty tight
    system:

    1. Wifi subnet is in a DMZ
    2. Access to internal LAN allowed via VPN authentication or SSH tunnel
    or any other encrypted AND authenticated protocol
    3. ACL's
    Firewall your wfi clients access. If it is to surf, allow access to
    http/https or your proxy only.
    4. Use WEP properly, like many people here have suggested, use a long,
    mixed character string/code and change it in between.
    5. Do stop ssid broadcast turned off
    6. Do use MAC address restrictions
    7. Do use WPA if available

    Basically, what I am saying is consider the whole picture, every avenue
    of escape etc.

    Restricting the wifi clients to a dmz and with a firewall also helps
    against buggy wifi AP implementations etc.
    Security is multilayered.

    regards

    dc
  4. Archived from groups: alt.internet.wireless (More info?)

    datacide <datacide@gmail.com> wrote:
    > General security precautions for wireless if you want a pretty tight
    > system:

    > 1. Wifi subnet is in a DMZ

    I agree WiFi should be outside the firewall. Maybe further than a DMZ.

    > 2. Access to internal LAN allowed via VPN authentication or SSH tunnel
    > or any other encrypted AND authenticated protocol

    Everybody should already have VPN access from home, wireless in the office
    looks just like it.

    > 5. Do stop ssid broadcast turned off

    I'm not sure I understand the double negative.
    We have a few WAPs with SSID turned off. They are used by only a few
    people who already have the SSID programmed for use. This is done so that
    casual users don't even see that the WAP is available and ask how to get
    onto it. These are generally in a restricted lab or training room, where
    connecting to that WAP wouldn't get you anywhere anyway.
    In this case, turning SSID off is being used to make the general purpose
    SSID-broadcasting WAPs more visible and accessible.

    I think SSID-off is a pain to legitimate users of WinXP-SP2, and does little
    to stop hackers. In our environment it is actually an ease-of-use feature,
    but it is a pain for me to connect to the lab with my multiple-profile
    laptop.

    > 6. Do use MAC address restrictions

    There is some of that, but it seems to give misleading messages in an area
    where there are both MAC-restricted and open WAPs. I am just as concerned
    with ease of use for legitimate users as I am with stopping hackers.
    I don't know if I like MAC-listing. It's not that effective against
    hackers, and is annoying for legitimate casual users. If you have no
    casual users, then it is an administrative task for someone.

    A splash screen with free registration might be good for the lobby. That
    would put some piece of control in place, or it could be WEP with the WEP
    key on a sign in the lobby ;-)
    Maybe a splash screen that says to ask the receptionist for the key.

    --
    ---
    Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8-122.5
  5. Archived from groups: alt.internet.wireless (More info?)

    <quote Clarence A Dold>
    I'm not sure I understand the double negative.
    We have a few WAPs with SSID turned off. They are used by only a few
    people who already have the SSID programmed for use. This is done so
    that
    casual users don't even see that the WAP is available and ask how to
    get
    onto it. These are generally in a restricted lab or training room,
    where
    connecting to that WAP wouldn't get you anywhere anyway.
    In this case, turning SSID off is being used to make the general
    purpose
    SSID-broadcasting WAPs more visible and accessible.

    I think SSID-off is a pain to legitimate users of WinXP-SP2, and does
    little
    to stop hackers. In our environment it is actually an ease-of-use
    feature,
    but it is a pain for me to connect to the lab with my multiple-profile
    laptop
    > 6. Do use MAC address restrictions

    There is some of that, but it seems to give misleading messages in an
    area
    where there are both MAC-restricted and open WAPs. I am just as
    concerned
    with ease of use for legitimate users as I am with stopping hackers.
    I don't know if I like MAC-listing. It's not that effective against
    hackers, and is annoying for legitimate casual users. If you have no
    casual users, then it is an administrative task for someone.

    A splash screen with free registration might be good for the lobby.
    That
    would put some piece of control in place, or it could be WEP with the
    WEP
    key on a sign in the lobby ;-)
    Maybe a splash screen that says to ask the receptionist for the key.
    </quote>

    I agree to an extent. In a corporate environment it may be difficult to
    preconfigure the setup so that MAC address limitations and frequently
    changing WEP keys due to a large amount of users, but the initial
    question seemed more like SOHO usage.
    Also, while I agree that those limitations won't keep a dedicated
    hacker out, they will however thwart most of the "casual" wardrivers
    and any extra security for a business is good if used properly.
    Security is always a tradeoff between usability and security. To
    identify thsoe needs in a business is what risk management is for.

    Basically, the jist of this for me is not to rely on any one security
    mechanism, but to add layered security, as only this ensures a high
    level of access control.

    regards
    dc
  6. Archived from groups: alt.internet.wireless (More info?)

    <quote mhicaoidh>
    Actually, you can detect a non-broadcasted SSID without cracking WEP.
    Like the MAC address, the SSID is included in every packet,
    unencrypted.
    This is why disabling SSID broadcast is worthless as a security
    measure.
    Those who can crack WEP can easily detect the SSID.
    </quote>
    You are of course correct (just checked it in kismet), the ssid is
    broadcast and can be obtained via a passive sniffer.
  7. Archived from groups: alt.internet.wireless (More info?)

    Taking a moment's reflection, datacide mused:
    |
    | 2. Broadcasting SSID
    | Turn this off, saying that, even then it is flawed as it is broadcasted
    | in traffic so it is accessible once WEP has been cracked

    Actually, you can detect a non-broadcasted SSID without cracking WEP.
    Like the MAC address, the SSID is included in every packet, unencrypted.
    This is why disabling SSID broadcast is worthless as a security measure.
    Those who can crack WEP can easily detect the SSID.
Ask a new question

Read More

Wireless World Of Warcraft Internet Wireless Networking