Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: WIFI Security

11 Apr 2010   #21
devildog93

Windows 7 Professional
 
 

Quote   Quote: Originally Posted by seekermeister View Post
Quote   Quote: Originally Posted by devildog93 View Post
Quote   Quote: Originally Posted by Jonathan_King View Post
It is said that Wireless Security is an oxymoron. In other words, you can never be 100% secure with wireless.

However, you can tighten things down enough that the chance of you getting hacked is virtually nil. I'm sure that the FBI could find a way, if it was important to them, but I doubt you are that suspected.

So do what you can. Block all mac addresses not in your white list, use WPA-2 encryptions, don't broadcast your SSID, but most importantly, if you see a black van by the side of the road near your house, shut down your internet connection.


I like the black van part. lol

I also limited my ip address range to the two devices in the network.

range 192.168.1.64 (being PS3)- 192.168.1.65 (being my PC). Some people might rip on this suggestion, but in my case, with use on LAN limited to pretty much myself, it works well for me, no probs. I will be adding X-Box 360 soon, and just have to allow one more ip allocation ie. 192.168.1.64 to 192.168.1.66

I have dhcp enabled, but have port forwarding setup for a sharing program on the PC and ports forwarded for voice chat and various PS3 required functions, with no worries of ip wandering, AS LONG as I turn the devices on in the proper order, but seeing my PC stays on nearly 24/7 it never loses it's assigned ip and the PS3 automatically takes the only other one available. It has been a few months now and I have not had to mess with my router, or other setting due to ip's not matching, and ports getting screwed up.

This is in a wired setup, but this might be another way to tighten up your security on the wifi as well. If you have many people logging in and out, and need a wider ip range to allow more ip's to be dished out, this might not be for you.

Just a thought, something that is working for me.

Tell me to butt out if I missed the mark here.....lol
No. I'm open to all ideas, but I will have to consider if I can apply them to my situation. I don't have anything that needs to access the network, except two computers, and the router is set to identify them via their MACs. I think that would be equal to their IPs. However, in my first configuration attempt, I did enable DHCP, and it lists IP and MAC for both computers. Perhaps I should disable DHCP...I'm not sure.


My theory on this is that they can spoof this or that, but if only 2 device ip's are available for assignment, and as usual my devices are nearly always on, there's nowhere for an intruder to go, just another roadblock. The can only assign one of the two ip's and seeing they are already taken...dead end. It may not suit your style setup, but just something I kind of tried after doing various experiments with media servers and port forwarding, etc. etc.

It is working for me now but you know how sometimes things can change quickly.....


EDIT: I also just thought, you can also limit the broadcast power of your router, in theory, shrinking the radius of your signal. Apartments, this works to a little effect, but in a home on decent sized land you'd maybe see the benefit more, people would have to park under your front window to get a strong signal. Most wireless routers have some kind of power adjustment.

Watch out for camouflaged painted Accords in the bushes!!!!!!!!!!!!!!!!!!!!!!!


My System SpecsSystem Spec
.
11 Apr 2010   #22
zzz2496

Windows7 Ultimate 64bit
 
 

seekermeister, as said earlier... there is no "absolute" security in computer network. Well... there is, disconnect the computer, then turn it off... Anyways...

If you are paranoid about your wifi network connection, I have several suggestions:

1. Don't use DHCP, disable it, use manual static IP addressing. Use weird IP addresses, there's a lot of private IP subnets that you can use that doesn't start with 192, or 10, or 172... And use classless subnet mask (anything other than 8/16/24 bits).
2. Use obscure wifi standards, preferably 802.11a, though slow, it will most of the time "save" you. The analogy is this, if the thief can't see the house, he can't break into it... If you need speed, then all you can do is use g/n plus WPA2 encryption (preferably AES). Stay away from MAC address access control, if the "hacker" knows how to break into your wifi AP, spoofing a MAC address is child play.
3. If you're comfy, use pre-shared key. This is the "key" so that you can login to your wifi AP. If you're paranoid, use 32 random characters or more as a key, don't forget to use special characters (like *,(,),-,_,+,=, etc). If you're don't feel comfy with it, use RADIUS server to store the key(s) (but you'd need somewhat better access point for this kind of security). By using RADIUS, you can make many keys, and rotate those keys (this depends on the RADIUS server).
4. If you're REALLY paranoid, then put your wifi network on the outside of your LAN, then use router to connect the two, then put a traffic filter between the two. By this I mean once you're connected, you can't just put IP address then all is well, you need to configure gateway(s), custom DNS servers, etc. Much harder to break into.
5. If you are BEYOND PARANOID, put the wifi network outside LAN, and isolate it, put a VPN server in there. So if you want to connect to your LAN, you need to authenticate at least twice (first will be the wifi connection, then set static IP address, then authenticate to the VPN server) and put traffic filtering plus SNORT server, make it to automatically shutdown the network interface if it detects ANY SUSPICIOUS activity. If you're beyond all this, stack the VPN server configuration as I mentioned earlier several layers... that ought to drive the hacker away simply because it's too tedious to break into...

zzz2496
My System SpecsSystem Spec
11 Apr 2010   #23
polarbear

Windows 7 Home Premium 64-bit
 
 

Quote   Quote: Originally Posted by seekermeister View Post
Quote   Quote: Originally Posted by polarbear View Post
There is no 100% but with a strong password without using real words and add other char as well will get you a fairly safe system. For WPA-2 cracking they must run your packets through a dictionary and if the password used is not within, it will not pick it up... To find more info on this visit Back-Track and read a little... GL
It appears that Back Track is simply a distro of Linux, which may be quite good...I don't know. However, my concern is WIFI security in general, regardless of the OS being used. So this is something that I will bookmark for future use, but it doesn't seem to fit what I'm looking for now.
Be worried of programs such as Back-Track as it can be used to gather most passwords used by wifi... It's been one that I have tested and is and can get through many wpa passwords... There is ways you can protect yourself and I suggested a few and posted their site to help you protect yourself the best that you can... GL
My System SpecsSystem Spec
.

11 Apr 2010   #24
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Quote   Quote: Originally Posted by zzz2496 View Post
seekermeister, as said earlier... there is no "absolute" security in computer network. Well... there is, disconnect the computer, then turn it off... Anyways...

If you are paranoid about your wifi network connection, I have several suggestions:

1. Don't use DHCP, disable it, use manual static IP addressing. Use weird IP addresses, there's a lot of private IP subnets that you can use that doesn't start with 192, or 10, or 172... And use classless subnet mask (anything other than 8/16/24 bits).
2. Use obscure wifi standards, preferably 802.11a, though slow, it will most of the time "save" you. The analogy is this, if the thief can't see the house, he can't break into it... If you need speed, then all you can do is use g/n plus WPA2 encryption (preferably AES). Stay away from MAC address access control, if the "hacker" knows how to break into your wifi AP, spoofing a MAC address is child play.
3. If you're comfy, use pre-shared key. This is the "key" so that you can login to your wifi AP. If you're paranoid, use 32 random characters or more as a key, don't forget to use special characters (like *,(,),-,_,+,=, etc). If you're don't feel comfy with it, use RADIUS server to store the key(s) (but you'd need somewhat better access point for this kind of security). By using RADIUS, you can make many keys, and rotate those keys (this depends on the RADIUS server).
4. If you're REALLY paranoid, then put your wifi network on the outside of your LAN, then use router to connect the two, then put a traffic filter between the two. By this I mean once you're connected, you can't just put IP address then all is well, you need to configure gateway(s), custom DNS servers, etc. Much harder to break into.
5. If you are BEYOND PARANOID, put the wifi network outside LAN, and isolate it, put a VPN server in there. So if you want to connect to your LAN, you need to authenticate at least twice (first will be the wifi connection, then set static IP address, then authenticate to the VPN server) and put traffic filtering plus SNORT server, make it to automatically shutdown the network interface if it detects ANY SUSPICIOUS activity. If you're beyond all this, stack the VPN server configuration as I mentioned earlier several layers... that ought to drive the hacker away simply because it's too tedious to break into...

zzz2496
I sort of fit into item 5, but I have to balance that with what I think that I'm capable of managing. I'll start at item 1 and progress as I can.
My System SpecsSystem Spec
11 Apr 2010   #25
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Quote   Quote: Originally Posted by polarbear View Post
Quote   Quote: Originally Posted by seekermeister View Post
Quote   Quote: Originally Posted by polarbear View Post
There is no 100% but with a strong password without using real words and add other char as well will get you a fairly safe system. For WPA-2 cracking they must run your packets through a dictionary and if the password used is not within, it will not pick it up... To find more info on this visit Back-Track and read a little... GL
It appears that Back Track is simply a distro of Linux, which may be quite good...I don't know. However, my concern is WIFI security in general, regardless of the OS being used. So this is something that I will bookmark for future use, but it doesn't seem to fit what I'm looking for now.
Be worried of programs such as Back-Track as it can be used to gather most passwords used by wifi... It's been one that I have tested and is and can get through many wpa passwords... There is ways you can protect yourself and I suggested a few and posted their site to help you protect yourself the best that you can... GL
Ahh, originally I thought that you linked to it as something to use, rather than something guard against. I will look it over again with that in mind.
My System SpecsSystem Spec
11 Apr 2010   #26
zzz2496

Windows7 Ultimate 64bit
 
 

By the way, have a look at my favorite router, Mikrotik RB-450G router board, google it...

zzz2496
My System SpecsSystem Spec
11 Apr 2010   #27
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

That looks like a good one, but it appears to not have WIFI. Doesn't make any difference though, because my router is barely out of the box, and the adapter for the remote computer is still on it's way. So far, I'm happy with it.
My System SpecsSystem Spec
11 Apr 2010   #28
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You could always try Network Magic to cut down on the paranoia
Cisco - Network Magic Essentials Features
My System SpecsSystem Spec
11 Apr 2010   #29
zzz2496

Windows7 Ultimate 64bit
 
 

If you read carefully, each of RB-450G's port is an independent interface, meaning you can assign an IP address to EACH and route between interfaces. Plus I haven't seen ANY consumer grade router that has at least one fourth what Mikrotik's software can do... (by the way, fire up virtualbox or Virtual PC, download Mikrotik RouterOS for x86, and try it ro find out).

zzz2496

edit: forgot to add, there are other routerboards that has mini pci slots, so you can add a wifi card in the router if need be, some come with one slot, others have more than one...
My System SpecsSystem Spec
11 Apr 2010   #30
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Quote   Quote: Originally Posted by seekermeister View Post
I sort of fit into item 5, but I have to balance that with what I think that I'm capable of managing. I'll start at item 1 and progress as I can.
Quote:
Disable DHCP

Switching DHCP off and using static IP addressing is no defense against hacking. Anyone snooping the network can usually figure out the pattern that has been used to assign the IP addresses in question and then make a specific request accordingly.
The ABCs of securing your wireless network
My System SpecsSystem Spec
Reply

 WIFI Security




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
wifi icon is red cross, also wifi light on laptop does not show up
from device manager network controller is yellow this is windows 7 64 bit dell latitude e6410 tried to install below drivers , all of them did not install need help Network_Driver_WD35F_WN_5.100.235.12_A37.exe Network_Driver_3MNPT_WN_15.10.0.10_A06.exe NIC_DRVR_WIN_R254689.exe
Network & Sharing
Wifi over Powerline - security - e.g. Devolo dLAN 500 Mbps WiFi
I am considering using a powerline system to give me additional wifi cover, but I am unclear how the available wifi connection is protected. They make a great deal of encrypting the traffic over the power circuit, but no mention is made of protecting the wifi connection. Surely, the risk with...
Network & Sharing
Gigabyte UD3H Wifi doesn't detect WiFi or second screen
Hello, i just received my new PC with a brand new Gigabyte UD3H Wifi motherboard and a HD7950 GPU. I installed all the drivers available from the Gigabyte website for some reason the wifi function simply does not work. Also, the screen plugged into the 7950 works fine but the other screen...
Hardware & Devices
Ralink RT61 WiFi Lan card, windows 7 not receiving any wifi signals
Hello, I have recently bought a new pci wifi lan card (Ralink rt61 turbo) and have plugged in and installed drivers. Initially the drivers the company I bought it from told me to install didn't work, but after some googling found the correct drivers and downloaded from Ralinks website. However...
Hardware & Devices
Connecting 3 (or 2) PCs via WiFi + security question
Hi. I live in an apartment here in Bangkok and have my own wireless router, provided by the apartment block. The management have changed things recently though and I have a few questions - some probably a bit basic: wifi and networking is not one of the areas of IT in which I have much know-how......
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:39.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App