Quote:
Originally posted by Peetster
I'll answer your second question first. You can't.
|
That's simply not true.
It is entirely possible to secure a WLAN so it's impossible to crack by using a VPN overlay.
Having said that, most "home users" would not have the experience (or in fact the need) to do this.
To secure your WLAN for home use, follow these simple steps.
1)
Buy an Access Point that supports WPA
This introduces key management system and TKIP (Temporal Key Integrity Protocol), which effectively "rehashes" each packet. Without getting too technical, this makes it much more difficult to carry out the normal "Airsnort" or Flueher style attacks. Make sure to use a decent length key-phrase though.
Check this link for WPA certified Access Points:
http://www.wifialliance.org/OpenSect...ucts.asp?TID=2
2)
Change the default SSID
The SSID is like a network name. It's very important that you change it from the default, as otherwise hackers could "guess" what it is. This is critical. All APs will come with a standard "out of the box" SSID (typhoon for Cisco, Linksys for Linksys boxes etc). Change this to something that is personal to you; your nickname, favourit band... whatever. Just make sure you change it.
3)
Turn off SSID Broadcast
Most Access Points "broadcast" their SSID to make associating with the AP easier. This is fine if you want visitors to use your WLAN or are running a public hotspot, but not a great idea if you only want a personal home WLAN. You will know what your SSID is anyway, and can configure your laptops and PCs accordingly. Therefore, turn SSID broadcast off.
4)
Turn down your transmit power
Many people erroneously think the stronger the signal, the better. Think about it for a second. You don't want to go transmitting your WLAN across the street, or around the neighbourhood, do you? Turn it down as much as possible, whilst obviously maintaining coverage in the room(s) you need.
5
Enable MAC filtering
This is a feature (in many APs) that allow you to restrict what computers associate (ie "link") with your Access Point. It may be a slight pain in the ass, but it's worth it. You will obviously need to ascertain the MAC addresses of your computers, but this should be easy enough. If the AP supports this feature then you can enter these MAC addresses and configure the Access Point to [i]only[/] allow these to associate. After all, as I said above, you only want
your computers using your WLAN, right?
Following these five simple steps will secure your WLAN against all but the most obsessive hackers. Home WLANs generally attract what are called "opportunistic hacking attempts"; no one is going to sit outside your window for hours on end, trying to capture packets for an offline WEP attack and then come back to spy on your Doom3 games.
Even a minimum level of security will mitigate the vast majority of attacks. If you follow all the 5 steps above, you will address even more professional or dedicated hackers. I strongly doubt your security will be compromised.
Buying a WPA certified AP is the recommended minimum. If you can't stretch for that extra cash, make sure you
at least enable a 128bit WEP key (preferably longer, but this is not standard) and change it
regularly. I would buy a WPA access point myself though...
Finally, feel free to check out the Wireless Networking 101 thread I posted a couple of months back. You can find that here:
http://www.tfproject.org/tfp/showthr...threadid=20727
If you have any more questions on WLAN networking, feel free to ping me. I work in this area and shall most likely be able to assist.
Mr Mephisto