Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
After all the talk about it again in a recent thread I would like to know the best way to run my WiFi local network to minimize security issues and protect my data. While I really doubt there are people waiting for my data, off the start is the best time to put the right practices in motion.
I also figure this can server as a thread for referencing later down the line when others who aren't very security minded/educated ask questions. In my case, I'm networking PC's, PDA's (some with WEP only), and Mac's. Most are wired, other than the laptops and PDA's. So how about those of you who know network security giving someone like me a hand by helping me to configure my network to keep my data safe, along with my passwords. Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Veteran Member
|
Remember, having an unsecured wireless network is the one of the only mitigating factors if the RIAA accuses you of illegal downloading.
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Well some of our admins (one at least) around here use unsecured wireless network but yet keep their data safe. So I figure that must be numbers of ways to do this and I would like to be able to choose from a few of them for what best suits my needs. Seems that WEP is nothing more than using floss to hold your front door shut anyway.
Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Veteran Member
Join Date: Jun 2006
Location: Florida
|
|
quote |
Veteran Member
Join Date: Oct 2005
|
You can claim someone hijacked your connection and used it to download.
|
quote |
Veteran Member
|
That logic also turns round on its self in a number of cases I should imagine though.
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Ok, I'm not one to D/L stuff, so it isn't my plan. I'm just wanting to make sure my network is configured for the best use by me and keeping my data safe.
Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Fishhead Family Reunited
Join Date: May 2004
Location: Slightly Off Center
|
Quote:
|
|
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Quote:
Quote:
Also, turn off SSID broadcast. The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
||
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
I am willing to ditch the PDA access in favor of better security. After thinking about it, I only use the PDA's WiFi out of my house at coffee shops, etc. I have enough laptops and desktops to cover my network use here in the house.
Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Veteran Member
|
Quote:
Quote:
Last edited by Fahrenheit : 2007-01-15 at 19:16. |
||
quote |
I shot the sherrif.
|
Actually I remember reading an article about a specific case that was dropped due to an open wireless network, but I can't find it off-hand.
|
quote |
Member
|
Quote:
1. SSID being off. Won't help you at all, and in fact adds overhead to your wireless setup (it's trivial but it is there). It forces the nodes to use probe request frames to find the access point or controlling node. The SSID is sent in the clear in these responses. It's not hard at all to get the SSID, and it makes your life harder, so why bother? 2. WEP. The problem with WEP is that it uses one key for the entire time two devices are connected. This could be days, weeks, or months. By collecting enough data it is possible to crack the WEP key, and decrypt your network stream. 3. MAC address filtering. If you're only using WEP and someone cracks that, then they have your MAC address as well. Many devices allow you to "clone" a MAC address, which get's you around the filtering. Now the upside. The main benefit of WPA is that it uses keys that expire. So even if you break one of the encryption keys, the network will be using another one by the time you do. I think the default expiration time on Airport using WPA is 60 minutes. The big security hole of WPA personal is what you choose as a passphrase. Guessing your password is the only known (that I know of) way to circumvent WPA encryption. If you are worried about security: people cracking your computer systems and looking for information, getting passwords sent in the clear, or watching what you do on the internet, your only really reliable bet is WPA. If you are confident that your systems are up to snuff, and you don't mind people watching where you go on the net, then open or WEP is an option. "Slow vehicle speeds with frequent stops would signal traffic congestion, for instance." uh... it could also signal that my Mom is at the wheel... |
|
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Quote:
Also, some devices (I'm looking squarely at you, Nintendo DS) still do not support WPA. If all devices on your network do, though, you should indeed absolutely choose WPA with a strong password over WEP. The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
What about if I get something like the AEBS in February and use that for my network and have it secured with strong pass code, etc. Keep my WRT54G and have it open, but not allow network access, only internet access. That way, the few times I'll want to get online with my PDA or other WEP-only device I can access the internet, and FTP or wire connect for file transfers?
I'm guessing I could set the AEBS to channel 12 and WRT54G to 1 or some good distance in there to minimize bleed-over since both use 2.4GHz. Would this work? If so, how would you do it? Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Member
|
Quote:
Something else that hasn't been discussed is lowering your transmit power. If you are forced to use WEP, and your home layout is favorable you could try dropping the power so you can't get a signal outside your house. "Slow vehicle speeds with frequent stops would signal traffic congestion, for instance." uh... it could also signal that my Mom is at the wheel... |
|
quote |
is the next Chiquita
Join Date: Feb 2005
|
I may have to come up with some concrete examples when I return home, but I recall having some difficulty with implementing WPA for my home network consisting of both PC and Mac.
One of difficulty was in different ways PC and Mac handle the passphrases; Mac may need $ in front of the passphrase where PC doesn't. Another thing was that there seemed to be different bits used; I can choose from say, 64 or 128 bit on PC, but only 96 bit on Mac. (this is off the top of my head; I could be wrong about exact number of bits; but I know for sure I didn't have same choice on either computer) Mainly becaue of different bits, I got too confused and settled on WEP. Wonder if anyone could enlighten me on that? |
quote |
Member
|
Quote:
From Microsoft "Slow vehicle speeds with frequent stops would signal traffic congestion, for instance." uh... it could also signal that my Mom is at the wheel... |
|
quote |
is the next Chiquita
Join Date: Feb 2005
|
*bump*
So I have a network that was working OK until I introduced MBP and everything went wrong and the Earth was torn asunder. I had my modem (which comes with wireless access and routing capability) configured to use WPA. It didn't specify WPA2, so I assumed WPA. There are just two user of the wireless network, the iMac and MBP. Since then, there's been a dialog at random interval on either computer saying that wireless network has been compromised and will be disabled for a minute. I don't have the faint idea in hell what was compromised, unless they were trying to tell me in a cryptic way that my neighbor would like to borrow my bandwidth? This is quite annoying as this means there's lapses in connection and it mucked up a pending software update among other things and sometime I find I have to turn the airport on either computer off/back on to get it to restore the connection. Any insights? |
quote |
is the next Chiquita
Join Date: Feb 2005
|
Anyone?
|
quote |
Fishhead Family Reunited
Join Date: May 2004
Location: Slightly Off Center
|
I've never seen a wireless router bundled with a modem that didn't suck.
My preference is to turn off the wireless on the modem, and hook up either a Linksys WRTG54, or an Airport Express or Extreme. |
quote |
is the next Chiquita
Join Date: Feb 2005
|
Quote:
A bit of tangent, but shouldn't a router be a router? I mean, exactly what makes a router suck for certain applications when all they have to do is keep track of packets going to so and so destination? |
|
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Secure file transfer over network | scrouds | Genius Bar | 3 | 2005-08-26 22:09 |
iPod to iTunes | omem | Genius Bar | 5 | 2005-07-16 13:32 |
How to: Set up wireless network b/w OS X and XP? | ezkcdude | Genius Bar | 1 | 2005-02-24 14:06 |
Home Wireless Network: Will This Work? | Chinney | Genius Bar | 6 | 2005-02-12 14:50 |
setting up a password for my wireless network | Cam'Ron | Genius Bar | 2 | 2005-01-03 16:43 |