How safe are wireless networks?

[andy257]

Hi Guys

looking into setting one of these up but ive heard alot of stuff that is putting me off.

Is it true people can go around in their cars and use your internet connection without you knowing? or even my neighbours?

i know there is an encription thing with wireless networks but do they work? does it affect the speed of the network?

sorry for all the questions

Andy

[Shambles]

Well I'm no expert, but my wireless lan is set up using 128bit WEP, and when my sis comes with her wifi laptop she can see my network from quite a few yards away.

But, as she don't know the key, or the index number, she's can't tap my resource.

As for speed, I can't prove either way whether WEP reduces the amount of traffic flow, but from what I read it's minimal and worth the extra protection from sniffers.

[Little John]

My WiFi network is visable but also using 128bit WEP no one can get in without knowing all the character set of HEX letters and numbers in the correct order. Speed wise it is dificult to compare as there isnt a wired network of similar speed.

Depending on what your doing as long as you have 54mbps you should be fine. I had 11mbps at first and it would take about 1 hour 30 minutes to copy a dvd image now on 54 it is alot quicker.

[BLUTO141]

mate wireless is a safe or open as you make it, just go onto the home page for your router of whatever you are using and set up encryption etc.. as for speed depends how much you are running but i have never had a problem with either security or speed, and never be sorry for asking questions it's how we all learn

[paxtonda]

all u need mate s a encrption code.

atm i have aol 2mb on a secure wireless connection i use this 4 xbox live. somebody in my street has 4mb on a open network, i know this is mean but atm i just connect 2 there network with my laptop and use there line to downlaod of my uncapped private ftp server at 488kbs.

this shows that if u dont protect yourself little feckers like me can steal your connection lol.

[BLUTO141]

all u need mate s a encrption code.

atm i have aol 2mb on a secure wireless connection i use this 4 xbox live. somebody in my street has 4mb on a open network, i know this is mean but atm i just connect 2 there network with my laptop and use there line to downlaod of my uncapped private ftp server at 488kbs.

this shows that if u dont protect yourself little feckers like me can steal your connection lol.

my first reaction was yeah you are right it is mean, but if they can't be bothered to find out how to protect themselves, tough, we all know wireless is at risk if not protected, the set up manual and online help tells you you are at risk and talks you through protecting your network, so fook em :thumbs

[andy257]

Thanks guys, all the info i need now. One more question though. If you set your wireless network up with encription can it still be hacked into by someone that knows what they are doing? i would love it to be 100% safe but surelty someone will find a way in regardless.

Andy

[pheonixsingh]

well unless any hardcore hackers live close 2 u, your ok

[Zippeyrude]

also stop broadcasting the ssid

[Pyro Steve]

WEP is really a pile of poo poo, even at 128bit its very easy to crack with out much no how as easy to use tools are about on the net for this. WPA would be better to use (new routers come with this option normally) as the only real way to crack this at the moment is using a dictonary attack on logged packets, but if you use a WPA password of a HEX string or alike its going to be pretty hard to break.Just my 2pence.

[sthajong]

WEP is really a pile of poo poo, even at 128bit its very easy to crack with out much no how as easy to use tools are about on the net for this. WPA would be better to use (new routers come with this option normally) as the only real way to crack this at the moment is using a dictonary attack on logged packets, but if you use a WPA password of a HEX string or alike its going to be pretty hard to break.Just my 2pence.

well I guess that there is nobody intressed in hacking a personal network, it ain't a bank or something. But still it takes a lot of time to hack an 128 bits network.

there are +-

5,192,296,858,534,830,000,000,000,000,000,000

combinations with a 112 bits encyption. so my guess is if you use a brute force attack you're busy for 40 ours

[BLUTO141]

well I guess that there is nobody intressed in hacking a personal network, it ain't a bank or something. But still it takes a lot of time to hack an 128 bits network.

there are +-

5,192,296,858,534,830,000,000,000,000,000,000

combinations with a 112 bits encyption. so my guess is if you use a brute force attack you're busy for 40 ours

hmm thanks for the that :whistle

[Rick Sanchez]

The best protection you can use if MAC addressing.... Basically each computer has its own MAC address, just like each pc also has its own I.P or can do.

If you use MAC Addressing as security no one can enter your network or use your resources without that desktop/laptop's MAC address being on the router..

They cant access it to add it either if their not on their The only other way in is to know the MAC address of one of the systems already on their and clone it.. but that means entering your house just to get a MAC address, Lol....

[penguino]

The best protection you can use if MAC addressing.... Basically each computer has its own MAC address, just like each pc also has its own I.P or can do.

If you use MAC Addressing as security no one can enter your network or use your resources without that desktop/laptop's MAC address being on the router..

They cant access it to add it either if their not on their The only other way in is to know the MAC address of one of the systems already on their and clone it.. but that means entering your house just to get a MAC address, Lol....

I beg to differ - it is a common understand that :- once WEP is cracked, all the traffic between the access point / router and the wireless clients can be sniffed and examined - where MAC addresses will be revealed in every packet in air using a packet capturer! Therefore if a intruder can crack the wep, he/she can simply clone the permitted MAC addresses and can surf or listen in, without physically gained access to the wireless interface holding the MAC.

I would tend to agree with Pyro Steve that WEP, even at 128 bits, is inheritantly weak. Again this is well known, documented, tried and tested. This two-parts article will shock most readers here. http://www.securityfocus.com/infocus/1814. It doesnt take too many hours to crack a 128 bit WEP - a bit of patience, luck, many weak IV packets and a few beers/coffee will do nicely

A more secured chain for wireless networking would be more or less like the following (looking at the connection from the wireless client towards the internet)

Wireless Client PC --> VPN --> WEP128/WPA + MAC Filtering + Hidden SSID --> Wireless Access Point --> VPN Server Authenticaion --> DSL Router --> Internet

Most of our (and yours) wireless setup is similar to the above chain, perhaps with one or two parts missing.

[REPAIRMAN]

I currenly use MAC address filtering on my network, How would i Know if someone were using my bandwidth without my knowledge.
I know thier are 4 wireless networks in my immediate area as i can see them on my available connections.?
Regards

[endofdays]

The reality of WiFi is that it is inherently insecure. Anything that is not in a closed system is always going to be a security risk. The object is to limit your exposure to those risk’s, who do you do that? Well it is all up to you. Education and implantation is the key to keeping yourself safe from the bad people of this world. Learning what it takes to operate and configure your Wifi equipment correctly and the self discipline to maintain it i.e. Change your KEY’s and SIDD on a regular bases and implement security to anything behind your wireless point. Given time and something they want a hacker is going to get in. To give you an idea of just what it takes to gain access to a wireless net work: My laptop, home made coffee can Wifi 30Db gain antenna “$30.00” and a couple programs “ airsnort, ethereal and others “ 160 yards away from my home. I collected just over 1 gig of network traffic in just over a ½ hour. Sifting thru that information, 15 minutes later I had my Keys and Sidd. Spoofing a MAC address is very easy thing to do. In just under an hour I had hacked my way into my own network.

For anyone interested in testing there own wireless network for security threats, here is a great tool for the beginner hacker. Every thing to crack, infiltrate and test the security of a wireless network is all compiled in one live distribution. P.H.L.A.K also includes very detailed and compressive documentation on just how to hack networks, websites and so on.



http://www.phlak.org/modules/news/

I make a living in the security business that includes networks. I can’t in good con-chance teach people to be hackers of the bad sort, but I am more then happy to teach people to better secure themselves.

[eolair]

Thanks guys, all the info i need now. One more question though. If you set your wireless network up with encription can it still be hacked into by someone that knows what they are doing? i would love it to be 100% safe but surelty someone will find a way in regardless.

Andy

I'd suggest the following
(1) don't make it visible
(2) change the default name of the network
(3) change the default administration password
(4) turn off DHCP, and for each computer use a fixed address you enter manually (once) . Your router probably uses an IP address of 192.168.1.1, so you can use 192.168.1.2, 192.168.1.3 etc. for your computers. Check the user guide for details. For extra safety, set the router to allow IP address only from a non-obvious range - e.g. 192.168.95.72 - .81 . It'll be a long time before someone stumbles on the right IP address.
(5) a good hardware or software firewall that doesn't expose any Windows shared drives you have
(6) if the router allows filtering by MAC address, get the MAC address for each computer, enter it on the router and enable the filtering. Be careful, MAC addresses are awkward beasts and one wrong keystroke could lock you out, requiring a hardware reset of the router.


* WEP or WPA encryption help, but are useless unless you carry out points 1-5 above

Default network names, passwords and DHCP are probably the biggest reasons wireless networks are not secure.

No network is ever 100% secure. The trick is to make yours more secure than your neighbours' and more effort than it's worth to crack. When John Cracker drives by sniffing for networks, you are not top of the list and he either won't see you or will pick on a less well defended target.

[eolair]

PS the other thing to remember is that you only need to put security in place proportionate to what you are trying to protect.

If this is a home network, you're really only trying to stop casual war-drivers stealing bandwidth, downloading illegal content or browsing your drives. Yes someone can sit outside your house sniffing traffic and eventually crack the system. But if you implement the suggestions here, in all likelihood they won't bother, they'll pick on some other poor schmuck. I wouldn't really get hung up about it once you've taken basic precautions unless you have a reason to suspect someone is willing to spend time and effort against you specifically.

If this is a business network or you have very sensitive info on your computers, you should consider other measures, including asking if wireless is appropriate and separating computers with sensitive data from those with internet access using specially configured firewalls.

PPS another good security measure is to turn the wireless router off when it's not being used. If it's not live, it can't be compromised, and modern broadband connections only take a few seconds to restart.

[-NEO-]

If its for home use, then id say a WIFI network are pretty safe!

With standard WIFI access points, the max range is about the size of a standard house and maybe even your garden with a weak signal.

My network is a Wireless network and ive tryed my laptop outside my house and i get nothing!

Along with Encrypting your network and securing your PC, you should have no problems with security threats! Also, if you bann all MAC addresses, besides your own, it should be almost impossible for a hacker / Network genius to get in, never mind your next door neighbor or a guy crusing around with his laptop or PDA!

[jrh8]

any wireless setup can be hacked, even in multi corpration set ups. its not difficult with proper gear if on is determoned to do it