WIFI Security

[seekermeister]

I thought that with WPA, SSID, MAC, encryption, etc. that WIFI would be fairly secure, but after reading some pages such as this:

Getting Phished: Why SSID Spoofing (Still) Matters - www.wi-fiplanet.com

I'm beginning to have doubts. I'm still waiting on a WIFI adapter to arrive, to complete my WIFI network, but my intent was to have an always on LAN, just for the purpose of giving my secondary computer access to streaming media from the internet, since the location where it shall be does not have a cable outlet. Now, I'm wondering if it is worth the risk?

While I shall continue to use only my primary for online banking and financial transactions, I am wondering if the WIFI needs to be disabled while that is being done? I intend to use RDP or an equivalent program to access the primary from the secondary, but only within the LAN, since I blocked port 3389 to prevent someone on the internet from using it, but that wouldn't stop someone on the WIFI from doing so...would it?

Is it possible to create a truly private ironclad secure WIFI LAN? If so, how?

 

[Jonathan_King]

It is said that Wireless Security is an oxymoron. In other words, you can never be 100% secure with wireless.

However, you can tighten things down enough that the chance of you getting hacked is virtually nil. I'm sure that the FBI could find a way, if it was important to them, but I doubt you are that suspected.

So do what you can. Block all mac addresses not in your white list, use WPA-2 encryptions, don't broadcast your SSID, but most importantly, if you see a black van by the side of the road near your house, shut down your internet connection.

 

[seekermeister]

Actually, I know that nothing with a computer is totally failsafe, including a hardwired LAN, but considering the fact that I know so little about WIFI, I really don't know what precautions to take. I think that I understand the ones that you mentioned (doubt that I have to worry about vans...but who knows), but the article that I linked above left me feeling that they would be inadequate. Commercials on TV about people who drive around looking for an insecure WIFI to do their dirty work on reinforces that feeling.

It took me a long time to become relatively comfortable with a regular connection to the internet, but over time I have acquired a degree of confidence with it. I think that the fact that I'm uncertain exactly what gets broadcast and under what circumstances is a large part of my uneasiness. Especially when RDP is involved.

Let's saying that I'm using RDP to watch a movie via the WIFI, does that mean that everything on my primary computer is being broadcast in a fashion that leaves the system vulnerable to a hacker? Even with RDP shutdown, wouldn't a hacker still be able to use his own RDP to do the same thing, even with SSID not being broadcast, only my own computer's MAC addresses being white listed, etc.?

I got the impression from that article, that the most important security aspect is not to be conspicuous or draw attention, by creating an appearance of being too secured. But that doesn't make a lot of sense to me.

 

[Jonathan_King]

He could always use his own RDC to log in, but he'd be faced with your Windows password.

While in theory, as long as your signal is in the air, you can be hacked, you are not one of the "unsecured" ones, like my neighbor, who doesn't use encryption at all, or my other one, who uses WEP.

I don't think you have much to worry about. Don't do stuff that would make the Feds come after you, and as always, it's a good idea to keep an eye on your bank account for unusual activity.

 

[polarbear]

There is no 100% but with a strong password without using real words and add other char as well will get you a fairly safe system. For WPA-2 cracking they must run your packets through a dictionary and if the password used is not within, it will not pick it up... To find more info on this visit Back-Track and read a little... GL

 

[seekermeister]

He could always use his own RDC to log in, but he'd be faced with your Windows password.

While in theory, as long as your signal is in the air, you can be hacked, you are not one of the "unsecured" ones, like my neighbor, who doesn't use encryption at all, or my other one, who uses WEP.

I don't think you have much to worry about. Don't do stuff that would make the Feds come after you, and as always, it's a good idea to keep an eye on your bank account for unusual activity.

Your last statement touches on one of my main concerns. Am I right in thinking that banking and financial transactions should only be done with WIFI totally disabled?

 

[Dwarf]

I would prefer to do banking and other financial transactions over a wired (Ethernet) link, with the wireless part disabled. If you have no choice but to use the wireless connection, ensure that you are using the maximum possible security. This means using WPA2 and the other features available to you.

 

[Corrine]

The article referenced, seekermeister, is talking about connecting to public hotspots. You are setting up a home network so will not be accessing "Phony access points (APs) that use spoofed service set identifiers."

Although a couple years old, you may want to read The ABCs of securing your wireless network. Also be sure to use a strong password for your wireless network. Set up a security key for a wireless network. Then, as Jonathan said, any hacker still has to get past the Windows logon. In Network and Sharing, limit any files being shared to public and require a password for access.




http://www.sevenforums.com/member.php?u=11653

 

[devildog93]

It is said that Wireless Security is an oxymoron. In other words, you can never be 100% secure with wireless.

However, you can tighten things down enough that the chance of you getting hacked is virtually nil. I'm sure that the FBI could find a way, if it was important to them, but I doubt you are that suspected.

So do what you can. Block all mac addresses not in your white list, use WPA-2 encryptions, don't broadcast your SSID, but most importantly, if you see a black van by the side of the road near your house, shut down your internet connection.

I like the black van part. lol

I also limited my ip address range to the two devices in the network.

range 192.168.1.64 (being PS3)- 192.168.1.65 (being my PC). Some people might rip on this suggestion, but in my case, with use on LAN limited to pretty much myself, it works well for me, no probs. I will be adding X-Box 360 soon, and just have to allow one more ip allocation ie. 192.168.1.64 to 192.168.1.66

I have dhcp enabled, but have port forwarding setup for a sharing program on the PC and ports forwarded for voice chat and various PS3 required functions, with no worries of ip wandering, AS LONG as I turn the devices on in the proper order, but seeing my PC stays on nearly 24/7 it never loses it's assigned ip and the PS3 automatically takes the only other one available. It has been a few months now and I have not had to mess with my router, or other setting due to ip's not matching, and ports getting screwed up.

This is in a wired setup, but this might be another way to tighten up your security on the wifi as well. If you have many people logging in and out, and need a wider ip range to allow more ip's to be dished out, this might not be for you.

Just a thought, something that is working for me.

Tell me to butt out if I missed the mark here.....lol

 

[seekermeister]

Even though there is a dropdown window for choosing the encryption method, the only option that it contains is TKIP + AES. How strong is that?

 

[Jonathan_King]

Look in your router for the encryption type, if you're not already.

Even though there is a dropdown window for choosing the encryption method, the only option that it contains is TKIP + AES. How strong is that?

Strong enough.

 

[seekermeister]

It is said that Wireless Security is an oxymoron. In other words, you can never be 100% secure with wireless.

However, you can tighten things down enough that the chance of you getting hacked is virtually nil. I'm sure that the FBI could find a way, if it was important to them, but I doubt you are that suspected.

So do what you can. Block all mac addresses not in your white list, use WPA-2 encryptions, don't broadcast your SSID, but most importantly, if you see a black van by the side of the road near your house, shut down your internet connection.

I like the black van part. lol

I also limited my ip address range to the two devices in the network.

range 192.168.1.64 (being PS3)- 192.168.1.65 (being my PC). Some people might rip on this suggestion, but in my case, with use on LAN limited to pretty much myself, it works well for me, no probs. I will be adding X-Box 360 soon, and just have to allow one more ip allocation ie. 192.168.1.64 to 192.168.1.66

I have dhcp enabled, but have port forwarding setup for a sharing program on the PC and ports forwarded for voice chat and various PS3 required functions, with no worries of ip wandering, AS LONG as I turn the devices on in the proper order, but seeing my PC stays on nearly 24/7 it never loses it's assigned ip and the PS3 automatically takes the only other one available. It has been a few months now and I have not had to mess with my router, or other setting due to ip's not matching, and ports getting screwed up.

This is in a wired setup, but this might be another way to tighten up your security on the wifi as well. If you have many people logging in and out, and need a wider ip range to allow more ip's to be dished out, this might not be for you.

Just a thought, something that is working for me.

Tell me to butt out if I missed the mark here.....lol

No. I'm open to all ideas, but I will have to consider if I can apply them to my situation. I don't have anything that needs to access the network, except two computers, and the router is set to identify them via their MACs. I think that would be equal to their IPs. However, in my first configuration attempt, I did enable DHCP, and it lists IP and MAC for both computers. Perhaps I should disable DHCP...I'm not sure.

 

[Corrine]

Just as I moved away from this thread, this link came up on Twitter by @MSWindows: Selecting a wireless router or another wireless network device. It seems appropriate to backtrack and add it to the mix here as it may be helpful to someone else looking at wireless.

 

[CarlTR6]

He could always use his own RDC to log in, but he'd be faced with your Windows password.

While in theory, as long as your signal is in the air, you can be hacked, you are not one of the "unsecured" ones, like my neighbor, who doesn't use encryption at all, or my other one, who uses WEP.

I don't think you have much to worry about. Don't do stuff that would make the Feds come after you, and as always, it's a good idea to keep an eye on your bank account for unusual activity.

Your last statement touches on one of my main concerns. Am I right in thinking that banking and financial transactions should only be done with WIFI totally disabled?

I do my banking over wireless. I have a strong password on the router and a strong password to login to my bank account.

 

[seekermeister]

The article referenced, seekermeister, is talking about connecting to public hotspots. You are setting up a home network so will not be accessing "Phony access points (APs) that use spoofed service set identifiers."

Although a couple years old, you may want to read The ABCs of securing your wireless network. Also be sure to use a strong password for your wireless network. Set up a security key for a wireless network. Then, as Jonathan said, any hacker still has to get past the Windows logon. In Network and Sharing, limit any files being shared to public and require a password for access.




http://www.sevenforums.com/member.php?u=11653

Curiously, your first link seems to discount the benefit of most settings, other than encryption method. Perhaps I'm making this harder than need be...don't know.

In Network and Sharing, limit any files being shared to public and require a password for access.

This idea throws me somewhat, because I wanted to be able to access any file from either computer. Unless I misunderstand, sharing with the "public" includes other computers on the network...yes/no? I was hoping that within my network access would be simple, but with a hard shell to outside access.

 

[seekermeister]

Look in your router for the encryption type, if you're not already.

Even though there is a dropdown window for choosing the encryption method, the only option that it contains is TKIP + AES. How strong is that?

Strong enough.

I suppose, but since Opera uses 256 bit AES, 128 AES sounds weak. Of course, direct internet access does provide greater time and opportunity for a hacker to focus on one computer.

 

[whs]

Watch this in this context - really funny:

 

[CarlTR6]

I had seen this and it is hilarious!

 

[devildog93]

:roflmao:

What a ditzy chick. That kind of made my day.

 

[seekermeister]

There is no 100% but with a strong password without using real words and add other char as well will get you a fairly safe system. For WPA-2 cracking they must run your packets through a dictionary and if the password used is not within, it will not pick it up... To find more info on this visit Back-Track and read a little... GL

It appears that Back Track is simply a distro of Linux, which may be quite good...I don't know. However, my concern is WIFI security in general, regardless of the OS being used. So this is something that I will bookmark for future use, but it doesn't seem to fit what I'm looking for now.