New
#31
The ABC's link is a couple years old. I provided it for information.
No, not other computers on the network. I meant public folders -- placing music and videos in public folders, and making them accessible but not documents, thereby further protecting any confidential materials.
In fact, if you are only going to use the wireless connection "just for the purpose of giving my secondary computer access to streaming media from the internet," then you don't even need to provide access to the other files.
As I said earlier, it's we can't really make a network 100% secure...
Here's a thought. Here, you, a wifi snooper, sniffing wifi AP in a neighborhood. You found one, unsecured, connect to it... then connected. But when you check your IP, Windows (or whatever your OS) used APIPA addessing (the one that starts with 169.x.y.z) indicating no DHCP server. The first to try is 192.x.y.z network, see if it works, do a scan in the subnet. If nothing shows up, use 10.x.y.z, do another scan, etc... What I propose was for our TS to use, let's say, 180.99.99.x network, with 27 bits subnet (that is 255.255.255.224 subnet mask). This will hinder the hacker's attempt to connect to the network.
In my more advanced suggestion (point 5) is like this:
LAN = 180.99.99.x/255.255.255.224, gateway at 180.99.99.29, and use another DNS server, let's say we use 180.99.99.27 and 180.99.99.28 as DNS servers. That alone will slow the so called hacker down... Unless the hacker use packet sniffer and try to look for packets that are running around... But then again, if the WPA2 key is at least 32 characters long with random chars + symbols, it'll be A LOT harder do "crack". If you use dictionary attack, that attack will only work for words in the "dictionary", 32 random gibberish doesn't count as a "dictionary" word... After the hacker succeed, he then needs to scan the network for another host to connect to... This will be the VPN server, the open port is only the VPN server listen port... connecting to this will engage another authentication dialog. Set the VPN server to black list host that failed upon 3rd try... Once he can connect to the first VPN server, the hacker needs to do the process all over again to connect to the next VPN server... urgh... here's the simple "map":
Internet
|
[public IP]Router[180.99.99.29]-->LAN(180.99.99.x/255.255.255.224)
|
Wifi Network honeypot 1, VPN server + Traffic filtering + SNORT server
[15.1.1.x/255.0.0.0]
|
Wifi Network honeypot 2, VPN server + Traffic filtering + SNORT server
[18.25.4.x/255.224.0.0]
|
Wifi Network honeypot 3, VPN server + Traffic filtering + SNORT server
[12.81.3.x/255.255.128.0]
|
Wifi Access point [12.81.3.8/255.255.128.0 Static assigned IP address]
|
[The hacker starts here...]
There...
zzz2496