|
08-23-2004, 08:05 PM
|
#1 (permalink) |
|
Upright
Location: Katy, TX
|
Wireless internet question.
Hi, I just got a wireless router, which transmits my cable connection wirelessly, I also have a reciever(adapter) or whatever you want to call it, which takes that internet connection. So basically now I can have internet on my laptop without any wires. What I don't know is how to set password or some form of protection so that only my particular laptop can get that wireless internet, and not anyone else.
Thank you.
__________________
Things you own, end up owning you. |
|
|
08-23-2004, 08:46 PM
|
#4 (permalink) | |
|
Tilted Cat Head
Administrator
Location: Manhattan, NY
|
Quote:
of course...Tiki Tiki Tembo No Sa rembo Cherri Berry Ruchi Pip Berry Pembo is a good password 
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. |
|
|
|
|
08-23-2004, 08:51 PM
|
#6 (permalink) | |
|
Tilted F*ckhead
Location: New Jersey
|
Quote:
__________________
Through counter-intelligence, it should be possible to pinpoint potential trouble makers, and neutralize them. |
|
|
|
|
08-23-2004, 08:55 PM
|
#7 (permalink) |
|
Junkie
|
Change the default SSID name
Disable SSID Broadcasting Enable Mac Filtering -->Start--->Run--->cmd--->ipconfig /all Select to filter either by, a class devices, b class devices, or g class devices, depending on what you have. Use WEP Encryption, remember to choose a strong password, that isn't found in the dictionary. Use both letters and numbers when coming up with a password. |
|
|
|
08-24-2004, 12:16 PM
|
#9 (permalink) |
|
Guest
|
another tip, go to the farthest point in your house away from the router and then check what speed your connection speed is.
now for example, if your connection speed was 6mb turn off all the lower speeds from 5mb-1mb. This way you can only connect at 6mb and up and far away jackers wont be able to get on your network. and another tip. just turn off your router when your not using it. |
|
08-24-2004, 03:32 PM
|
#10 (permalink) |
|
Junkie
|
This topic comes up again and again. I have posted regularly on this. I work specificially in the wireless networking industry, so let me offer you some advice.
Carry out the following steps... 1 - Enable WPA if at all possible Background WPA (WiFi Protected Access) greatly increases WLAN security. It introduces several new enhancements, including TKIP (Temporal Key Integrity Protocol) that mitigates against so-called AirSnort or Wardriving attacks, and MIC (Message Integrity Check) that protects against Man in the Middle attacks. It also increases the WEP Initialization Vector from 24bits to 48bits, which is a huge improvement, as this makes the statistical likelihood of a weak IV being captured much lower. Finally, WPA introduces a dynamic key management feature, which allows for regular and automatic regeneration of WEP keys. Implementation WPA for most home wireless kit will run in WPA-PSK mode. The PSK stands for Pre Shared Key. This is effectively a password that you enter in your Access Point and your client that is used to independently generate new WEP keys on a regular basis. Ensure your passphrase is at least 20 characters long! Caveats Not all Access Points support WPA. This is unfortunate, but is not the end of the world. See below... 2 - Change default SSID Background SSID (Service Set Identifier) can be considered analogous to a network name. All Access Points come "out of the box" with a default SSID. Every hacker worth his salt will know the most common SSIDs. Common examples are "Linksys" (for Linksys kit), "Netgear" (for Netgear kit), "Tsunami" (for Cisco kit) etc. Implementation Change the SSID to something more appropriate to you. Your name, favourite band, pet... whatever. Just don't use the default. Caveats None. There is no reason this should not be done. 3 - Disable SSID Broadcast Background SSID (Service Set Identifier) can be considered analogous to a network name. Most Access Points "broadcast" this by default. That is, they advertise the SSID to any listening client devices. This is fine for enterprise networks or "hotspots", but there is no reason to advertise your network to your neighbours. You will know the SSID anyway (see above), so you don't need to broadcast it. Implementation Different for all manufactures, but it should be pretty obvious. Just look for "SSID Broadcast" and disable it. Caveats This should not be considered a security improvement, as it's still possible to ascertain the SSID of a network that is not broadcasting, but it IS best practice. Just do it. 4 - Enable MAC filtering Background All Ethernet devices, including WLAN interfaces, have a MAC address. This is a 6-byte hexadecimal address that a manufacturer assigns to the Ethernet controller for a port. MAC addresses are "lower level" that IP addresses and are used on the Data layer. You can setup your Access Point to only allow certain MAC addresses (ie, certain devices) use your WLAN. In other words, you configure it to only allow your computer (laptop, sister/brother's etc) to associate to the WLAN. This will prevent unwanted visitors from hitching a free ride... Implementation Search for MAC Filter in your Access Point config guide. You will have to go to each computer you will use on your WLAN and note down their MAC address. Make sure you note down the WIRELESS adaptor, and not the wired network card! It's a bit tedious (as a MAC address is a long sting of hex), but it's worth it. Caveats Not entirely foolproof, as experienced hackers can spoof MAC addresses. But it certainly adds greatly to security. 5 - Turn down transmit power Background Most Access Points can transmit at up to 100mW; some even more. Why bother covering more area that you need? There's no point is offering temptation to the people across the street, so you should turn down your transmit power to the lowest level that sufficiently covers your house/apartment. Implementation Different for every manufacturer. Check your user guide. Caveats You may need some tweaking to get it right. If you do, then congratulations. You just carried out what is called a "Site Survey" in the industry. Soon, you'll be doing this for a living! 6 - Change the admin password Background All Access Points come with an Admin account and password. You would be surprised at how many people leave these as the default ("Admin" and "Admin" for Linksys kit for example). You should change the password to something only you know as soon as you can. Implementation There shouldn't be any problem doing this. Just look for the Admin or Account Management section on your configuration page. Caveats Make sure you note down what you change the Admin password to!! What happens if my Access Point doesn't support WPA?!!! Well, you can still follow steps 2 to 6 above. But you will have to manually setup a WEP key on your Access Point and your client devices. This is a pain, but ABSOLUTELY NECESSARY. You should also change this regularly; at least once every few months. Any more questions, feel free to ask. Mr Mephisto Last edited by Mephisto2; 08-24-2004 at 07:03 PM.. Reason: Formating |
|
|
|
08-24-2004, 05:00 PM
|
#11 (permalink) |
|
beauty in the breakdown
Location: Chapel Hill, NC
|
Man, I bet Mephisto has that on cut-and-paste. Every time a wireless discussion comes up, in goes Mephisto
__________________
"Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." --Plato |
|
|
|
08-24-2004, 07:01 PM
|
#13 (permalink) | |
|
Junkie
|
Quote:
I spent 30 mins typing that up (5 mins typing, 25 formating) But nice idea. I'm going to save a copy this time... Mr Mephisto |
|
|
|
|
08-24-2004, 07:27 PM
|
#14 (permalink) | |
|
Junkie
|
Quote:
WEP stands for Wired Equivalent Privacy and was the original encryption technique defined in the 802.11 standards. It was supposed to offer good security but has proven to be fundamentally flawed. Initially, only 40bit keys were required, but that has since risen to 128bit. However, based upon the fact that WEP relies on RC4 (not the strongest encryption standard), and uses 24bit IV (Initialization Vectors) to generate the WEP key itself, a good hacker can "listen in" and when they have captured enough packets can decode your WEP key. In other words, they can break your encryption. This is often called the Airsnort attack, after the first popular tool designed to exploit it, but it was originally described as the Fluhrer style attack, after one of the authors who wrote a white-paper describing the vulnerability. Some people also call this WarDriving (or WarWalking). However, WarDriving is simply the process of driving around with a laptop and a wireless NIC, trying to find wireless networks. You would be appalled at how many are not secured properly and the WarDriver simply has to associate to get access to the network. That is what WarDriving is, not the specific cracking of the WEP encryption. As a matter of historical (and geeky) interest, the term WarDriving is an evolution of the older hacker term WarDialing. WarDialing is the process of setting up a modem to systematically dial phone numbers, on the off chance you will eventually get a modem to respond. In the old days, most modems were simply configured to accept an incoming call and if you were lucky enough hit upon a number with a modem attached, more times than not you got inside that computer system. Remember, this is back in the 80's when most large computer systems still used modems for Sys Admins to do remote management, or even send email etc. This is the way the hacker got into the Pentagon in the movie "War Games". Remember that movie? Well, WarGames.... WarDialing... WarDriving.... get it? Basically, the process is the same. Keep searching until you find an unsecured entry point and bingo... you're in. Now, back to WEP. The big problem with WEP used to be the fact that if a hacker collected enough packets, they could break your encryption. Originally the only way to address this was with enterprise class authentication protocols (based on something called EAP, or Extensible Authentication Protocol) that dynamically assigned a different WEP key to the user each time they logged on. When they logged on the next day, or when they roamed from Access Point to Access Point (remember large companies are generally going to have several APs on a floor), they would get a new WEP key. You could even configure the system to automatically create a new WEP key every few minutes, even if the user didn't roam. The most famous and popular EAP mechanism that provided dynamic key management (as it was called) was and still is Cisco LEAP. By changing the WEP key every few minutes, every time the user logged on, and every time the user moved around the building, it made it very difficult for the hacker to collect enough packets using the same WEP key to successfully crack it. But home users were still left in the dark. The only way they could avoid this kind of attack was to manually change the WEP key as often as possible. This is a pain, but you must remember that 90%+ of wireless hacking attacks are "opportunistic"; in other words they are WarDriving attacks. If someone has to dick around capturing packets and trying to decode WEP keys, they will probably move on to somewhere less secure. But dedicated or geeky hackers do exist and they do use Airsnort. That' why it's a good idea to change your WEP key as regularly as possible. The good news is that WPA does all this automatically for you in the background. It effectively uses a different WEP key for every single packet. In other words, no way a hacker can decrypt your WEP key in a WPA environment. It also allows you to setup a "timer" that means both the Access Point and the client regularly agree a brand new WEP key on a regular basis. This is handled by entering what's called a shared secret (or sometimes passphrase) on both devices. When the timer runs out, they both run the passphrase through an encryption algorithm and come up with a new WEP key independently. But because they both have the same passphrase, the new WEP key is identical for the Access Point and the client. Voila! You have a new WEP key and you never transmitted it over the air. The problem lies with the length of the passphrase. Originally the specification called for a 20 character passphrase, but the equipment manufactures whined that this was too long for their dumb customers. The standard was revised to allow for passphrases of 8 characters minimum, instead of 20. The real problem is that with a short passphrase, you can actually be more vulnerable to attack!!! In other words, if you use WPA, make sure your passphrase is at least 20 characters long. It's worth it. So, in summary WEP = bad, old, vulnerable. WPA = good, new(ish), secure if you use long passphrases 802.11i = excellent, new, rock solid Pentagon class security WPA2 = same as 802.11i, just a different name I haven't touched on 802.11i or WPA2 (or RSN, Robust Security Network) standards here, as they are mostly enterprise class solutions, but if anyone is interested please just ask. Mr Mephisto |
|
|
|
|
08-24-2004, 09:44 PM
|
#15 (permalink) |
|
Crazy
Location: Onett, EagleLand
|
Some ones snooping in my network!
I got a problem i just noticed today. There is someone i dont know in my netowrk! I want him out of there. I have a wireless network in my house. 2 out of three comps are wireless. I saw this program the other day on the screen savers that monitors people using your connection. And you can allow or kick people using it.
I normaly keep my firewall down for sharing with my household. So I know the risk in that. I want this guy off my computer. So if anyone knows of such programs for monitoring your network easily. Or if theres a way to kick him out. Witch im pretty sure there is. please help. I fear for my computers safety. 
__________________
"If you stay here too long, you'll end up frying your brain. Yes, you will. No, you will...not. Yesno, you will won't." -Guy in Moonside |
|
|
|
08-24-2004, 09:58 PM
|
#16 (permalink) |
|
Junkie
|
Starman, are you saying someone is associating with, and using your home wireless network?
Or has someone planted a Trojan on your actual PC and is snooping that? I just posted a number of lengthy posts on how to secure your wlan. Check them out... Mr Mephisto |
|
|
|
08-24-2004, 11:57 PM
|
#17 (permalink) |
|
Crazy
Location: Onett, EagleLand
|
Cool, thanks for the info, i didnt see the thread before.
The guy is using our connection. I see his sharefolder, and some items. There are no viruses I did a scan for those. I just noticed him today so i dont know how long hes been there. So basicaly to keep safe i enable WEP, and make my SSID invisable? I read the above, but i get kinda confused with this network thing. Another thing too. Do i need to do all this from the computer that has the router is at it. I have 3 networked. And its a linksys system if that helps any. I'll read the above again... thanks for the info.
__________________
"If you stay here too long, you'll end up frying your brain. Yes, you will. No, you will...not. Yesno, you will won't." -Guy in Moonside |
|
|
|
08-25-2004, 11:23 AM
|
#19 (permalink) |
|
Crazy
Location: Onett, EagleLand
|
Linksys Wireless - G <---Link
And Wireles - G PCI Adapters <--- Link I figured it just eaiser to link you to its product page. I didn't know what to tell you from the box. Thanks for this help.
__________________
"If you stay here too long, you'll end up frying your brain. Yes, you will. No, you will...not. Yesno, you will won't." -Guy in Moonside Last edited by Starman Deluxe; 09-19-2004 at 11:54 AM.. |
|
|
|
09-20-2004, 09:49 PM
|
#24 (permalink) |
|
Junkie
|
OK, well I'm heading off to San Fran on business for two weeks, so I won't be able to get to this before then.
Have you downloaded the manual off the CD and read it? Linksys documentation tends to be very good. It gives good instructions on how to configure all these options. Basically you need to logon to the access point using Internet Browser (or equivalent). You simply type the IP address into the internet address bar. So, where you normally type "www.tfproject.org" into IE to come here, type the IP address. The default IP address is 192.168.1.1 This might be different if someone has configured the router, but it sounds like you've never logged onto it before. The default userID and password for Linksys devices is "admin" for userID and "admin" for password (don't enter the quote marks). that will bring you to the Main Screen. Let me know if that helps so far. If not, you'll have to wait until I come back! Mr Mephisto |
|
|
| Tags |
| internet, question, wireless |
|
|
