Windows 7: WIFI Security

I thought that with WPA, SSID, MAC, encryption, etc. that WIFI would be fairly secure, but after reading some pages such as this:

Getting Phished: Why SSID Spoofing (Still) Matters - www.wi-fiplanet.com

I'm beginning to have doubts. I'm still waiting on a WIFI adapter to arrive, to complete my WIFI network, but my intent was to have an always on LAN, just for the purpose of giving my secondary computer access to streaming media from the internet, since the location where it shall be does not have a cable outlet. Now, I'm wondering if it is worth the risk?



While I shall continue to use only my primary for online banking and financial transactions, I am wondering if the WIFI needs to be disabled while that is being done? I intend to use RDP or an equivalent program to access the primary from the secondary, but only within the LAN, since I blocked port 3389 to prevent someone on the internet from using it, but that wouldn't stop someone on the WIFI from doing so...would it?

Is it possible to create a truly private ironclad secure WIFI LAN? If so, how?

It is said that Wireless Security is an oxymoron. In other words, you can never be 100% secure with wireless.

However, you can tighten things down enough that the chance of you getting hacked is virtually nil. I'm sure that the FBI could find a way, if it was important to them, but I doubt you are that suspected.

So do what you can. Block all mac addresses not in your white list, use WPA-2 encryptions, don't broadcast your SSID, but most importantly, if you see a black van by the side of the road near your house, shut down your internet connection.

Actually, I know that nothing with a computer is totally failsafe, including a hardwired LAN, but considering the fact that I know so little about WIFI, I really don't know what precautions to take. I think that I understand the ones that you mentioned (doubt that I have to worry about vans...but who knows), but the article that I linked above left me feeling that they would be inadequate. Commercials on TV about people who drive around looking for an insecure WIFI to do their dirty work on reinforces that feeling.

It took me a long time to become relatively comfortable with a regular connection to the internet, but over time I have acquired a degree of confidence with it. I think that the fact that I'm uncertain exactly what gets broadcast and under what circumstances is a large part of my uneasiness. Especially when RDP is involved.

Let's saying that I'm using RDP to watch a movie via the WIFI, does that mean that everything on my primary computer is being broadcast in a fashion that leaves the system vulnerable to a hacker? Even with RDP shutdown, wouldn't a hacker still be able to use his own RDP to do the same thing, even with SSID not being broadcast, only my own computer's MAC addresses being white listed, etc.?

I got the impression from that article, that the most important security aspect is not to be conspicuous or draw attention, by creating an appearance of being too secured. But that doesn't make a lot of sense to me.

He could always use his own RDC to log in, but he'd be faced with your Windows password.

While in theory, as long as your signal is in the air, you can be hacked, you are not one of the "unsecured" ones, like my neighbor, who doesn't use encryption at all, or my other one, who uses WEP.

I don't think you have much to worry about. Don't do stuff that would make the Feds come after you, and as always, it's a good idea to keep an eye on your bank account for unusual activity.

There is no 100% but with a strong password without using real words and add other char as well will get you a fairly safe system. For WPA-2 cracking they must run your packets through a dictionary and if the password used is not within, it will not pick it up... To find more info on this visit Back-Track and read a little... GL

Your last statement touches on one of my main concerns. Am I right in thinking that banking and financial transactions should only be done with WIFI totally disabled?

I would prefer to do banking and other financial transactions over a wired (Ethernet) link, with the wireless part disabled. If you have no choice but to use the wireless connection, ensure that you are using the maximum possible security. This means using WPA2 and the other features available to you.

The article referenced, seekermeister, is talking about connecting to public hotspots. You are setting up a home network so will not be accessing "Phony access points (APs) that use spoofed service set identifiers."

Although a couple years old, you may want to read The ABCs of securing your wireless network. Also be sure to use a strong password for your wireless network. Set up a security key for a wireless network. Then, as Jonathan said, any hacker still has to get past the Windows logon. In Network and Sharing, limit any files being shared to public and require a password for access.

I like the black van part. lol

I also limited my ip address range to the two devices in the network.

range 192.168.1.64 (being PS3)- 192.168.1.65 (being my PC). Some people might rip on this suggestion, but in my case, with use on LAN limited to pretty much myself, it works well for me, no probs. I will be adding X-Box 360 soon, and just have to allow one more ip allocation ie. 192.168.1.64 to 192.168.1.66

I have dhcp enabled, but have port forwarding setup for a sharing program on the PC and ports forwarded for voice chat and various PS3 required functions, with no worries of ip wandering, AS LONG as I turn the devices on in the proper order, but seeing my PC stays on nearly 24/7 it never loses it's assigned ip and the PS3 automatically takes the only other one available. It has been a few months now and I have not had to mess with my router, or other setting due to ip's not matching, and ports getting screwed up.

This is in a wired setup, but this might be another way to tighten up your security on the wifi as well. If you have many people logging in and out, and need a wider ip range to allow more ip's to be dished out, this might not be for you.

Just a thought, something that is working for me.

Tell me to butt out if I missed the mark here.....lol

Even though there is a dropdown window for choosing the encryption method, the only option that it contains is TKIP + AES. How strong is that?