User Name
Password
AppleNova Forums » Genius Bar »

How do I set up the most secure wireless network?


Register Members List Calendar Search FAQ Posting Guidelines
How do I set up the most secure wireless network?
Thread Tools
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Tidewater Virginia
 
2007-01-15, 17:47

After all the talk about it again in a recent thread I would like to know the best way to run my WiFi local network to minimize security issues and protect my data. While I really doubt there are people waiting for my data, off the start is the best time to put the right practices in motion.

I also figure this can server as a thread for referencing later down the line when others who aren't very security minded/educated ask questions.

In my case, I'm networking PC's, PDA's (some with WEP only), and Mac's. Most are wired, other than the laptops and PDA's. So how about those of you who know network security giving someone like me a hand by helping me to configure my network to keep my data safe, along with my passwords.

Louis L'Amour, “To make democracy work, we must be a notion of participants, not simply observers. One who does not vote has no right to complain.”
MineCraft? mc.applenova.com | Visit us! | Maybe someday I'll proof read, until then deal with it.
  quote
Fahrenheit
Veteran Member
 
Join Date: Sep 2005
Send a message via ICQ to Fahrenheit  
2007-01-15, 17:50

Remember, having an unsecured wireless network is the one of the only mitigating factors if the RIAA accuses you of illegal downloading.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Tidewater Virginia
 
2007-01-15, 17:57

Quote:
Originally Posted by Rob Dobbs View Post
Remember, having an unsecured wireless network is the one of the only mitigating factors if the RIAA accuses you of illegal downloading.
Well some of our admins (one at least) around here use unsecured wireless network but yet keep their data safe. So I figure that must be numbers of ways to do this and I would like to be able to choose from a few of them for what best suits my needs. Seems that WEP is nothing more than using floss to hold your front door shut anyway.

Louis L'Amour, “To make democracy work, we must be a notion of participants, not simply observers. One who does not vote has no right to complain.”
MineCraft? mc.applenova.com | Visit us! | Maybe someday I'll proof read, until then deal with it.
  quote
jdcfsu
Veteran Member
 
Join Date: Jun 2006
Location: Florida
 
2007-01-15, 18:11

Quote:
Originally Posted by Rob Dobbs View Post
Remember, having an unsecured wireless network is the one of the only mitigating factors if the RIAA accuses you of illegal downloading.
I don't think I follow what you mean.
  quote
PKIDelirium
Nobody bumps my lock
 
Join Date: Oct 2005
Location: Xenia, Ohio
 
2007-01-15, 18:20

You can claim someone hijacked your connection and used it to download.
  quote
Fahrenheit
Veteran Member
 
Join Date: Sep 2005
Send a message via ICQ to Fahrenheit  
2007-01-15, 18:26

That logic also turns round on its self in a number of cases I should imagine though.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Tidewater Virginia
 
2007-01-15, 18:42

Ok, I'm not one to D/L stuff, so it isn't my plan. I'm just wanting to make sure my network is configured for the best use by me and keeping my data safe.

Louis L'Amour, “To make democracy work, we must be a notion of participants, not simply observers. One who does not vote has no right to complain.”
MineCraft? mc.applenova.com | Visit us! | Maybe someday I'll proof read, until then deal with it.
  quote
FFL
Fishhead Family Reunited
 
Join Date: May 2004
Location: Slightly Off Center
 
2007-01-15, 18:48

Quote:
In my case, I'm networking PC's, PDA's (some with WEP only), and Mac's.
It sounds like your most secure method would be the strongest possible WEP password protection (ie, random letters and numbers), combined with Access Control to limit connections to specific MAC addresses.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2007-01-15, 18:48

Quote:
Originally Posted by Rob Dobbs View Post
Remember, having an unsecured wireless network is the one of the only mitigating factors if the RIAA accuses you of illegal downloading.
Are you aware of any lawsuit in which this has actually been a factor in favor of the defense?

Quote:
Originally Posted by FFL View Post
It sounds like your most secure method would be the strongest possible WEP password protection (ie, random letters and numbers), combined with Access Control to limit connections to specific MAC addresses.
Don't forget that non-alphanumeric characters like !, @, #, $, and so forth can be used too.

Also, turn off SSID broadcast.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
FFL
Fishhead Family Reunited
 
Join Date: May 2004
Location: Slightly Off Center
 
2007-01-15, 18:53

Quote:
Also, turn off SSID broadcast.
Oops - yeah, I didn't mean to leave that one out.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Tidewater Virginia
 
2007-01-15, 18:53

Quote:
Originally Posted by FFL View Post
It sounds like your most secure method would be the strongest possible WEP password protection (ie, random letters and numbers), combined with Access Control to limit connections to specific MAC addresses.
I am willing to ditch the PDA access in favor of better security. After thinking about it, I only use the PDA's WiFi out of my house at coffee shops, etc. I have enough laptops and desktops to cover my network use here in the house.

Louis L'Amour, “To make democracy work, we must be a notion of participants, not simply observers. One who does not vote has no right to complain.”
MineCraft? mc.applenova.com | Visit us! | Maybe someday I'll proof read, until then deal with it.
  quote
Fahrenheit
Veteran Member
 
Join Date: Sep 2005
Send a message via ICQ to Fahrenheit  
2007-01-15, 18:54

Quote:
Originally Posted by Brad
Are you aware of any lawsuit in which this has actually been a factor in favor of the defense?
Yep:
Quote:
RIAA Discontinued Case in California, Virgin v. Marson

We have recently learned of a case in California, Virgin Records v. Marson, where earlier this year, after 6 months of litigation, the RIAA dropped the case.

As in all of the RIAA cases, the only basis the RIAA had for its claim against Mrs. Marson was that she paid for the internet access and owned the computer on which the shared files folder resided.

Faced with evidence that numerous other people had access to the Internet connection and/or the computer and that any of those people could have engaged in the allegedly infringing conduct, the RIAA agreed to dismiss.

Last edited by Fahrenheit : 2007-01-15 at 19:16.
  quote
alcimedes
I shot the sherrif.
 
Join Date: May 2004
Send a message via ICQ to alcimedes  
2007-01-15, 19:12

Actually I remember reading an article about a specific case that was dropped due to an open wireless network, but I can't find it off-hand.
  quote
Mr Beardsley
Member
 
Join Date: Jul 2004
Location: Colorado Springs
Send a message via AIM to Mr Beardsley  
2007-01-19, 14:08

Quote:
Originally Posted by FFL View Post
It sounds like your most secure method would be the strongest possible WEP password protection (ie, random letters and numbers), combined with Access Control to limit connections to specific MAC addresses.
The WEP encryption, MAC address filtering, and SSID being off will certainly make it harder to access your network, but ultimately if someone does want to crack your network it would not be that hard.

1. SSID being off. Won't help you at all, and in fact adds overhead to your wireless setup (it's trivial but it is there). It forces the nodes to use probe request frames to find the access point or controlling node. The SSID is sent in the clear in these responses. It's not hard at all to get the SSID, and it makes your life harder, so why bother?

2. WEP. The problem with WEP is that it uses one key for the entire time two devices are connected. This could be days, weeks, or months. By collecting enough data it is possible to crack the WEP key, and decrypt your network stream.

3. MAC address filtering. If you're only using WEP and someone cracks that, then they have your MAC address as well. Many devices allow you to "clone" a MAC address, which get's you around the filtering.

Now the upside. The main benefit of WPA is that it uses keys that expire. So even if you break one of the encryption keys, the network will be using another one by the time you do. I think the default expiration time on Airport using WPA is 60 minutes. The big security hole of WPA personal is what you choose as a passphrase. Guessing your password is the only known (that I know of) way to circumvent WPA encryption.

If you are worried about security: people cracking your computer systems and looking for information, getting passwords sent in the clear, or watching what you do on the internet, your only really reliable bet is WPA. If you are confident that your systems are up to snuff, and you don't mind people watching where you go on the net, then open or WEP is an option.

"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2007-01-19, 14:24

Quote:
Originally Posted by Mr Beardsley View Post
1. SSID being off. Won't help you at all...so why bother?

2. WEP. The problem with WEP is that it uses one key for the entire time two devices are connected.
I think the point of these two is to keep out casual wireless-stealers: the ill-educated folks in the next apartment who aren't going to actively try to sniff packets and crack encryption.

Also, some devices (I'm looking squarely at you, Nintendo DS) still do not support WPA. If all devices on your network do, though, you should indeed absolutely choose WPA with a strong password over WEP.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Tidewater Virginia
 
2007-01-19, 14:33

What about if I get something like the AEBS in February and use that for my network and have it secured with strong pass code, etc. Keep my WRT54G and have it open, but not allow network access, only internet access. That way, the few times I'll want to get online with my PDA or other WEP-only device I can access the internet, and FTP or wire connect for file transfers?

I'm guessing I could set the AEBS to channel 12 and WRT54G to 1 or some good distance in there to minimize bleed-over since both use 2.4GHz. Would this work? If so, how would you do it?

Louis L'Amour, “To make democracy work, we must be a notion of participants, not simply observers. One who does not vote has no right to complain.”
MineCraft? mc.applenova.com | Visit us! | Maybe someday I'll proof read, until then deal with it.
  quote
danielsza
Senior Member
 
Join Date: Oct 2005
Location: Hamilton, On
Send a message via AIM to danielsza Send a message via MSN to danielsza  
2007-01-19, 14:59

It's been done before... often using Linux as a router and iptables with a separate network card.

*edit*

If you change the firmware on your linksys router you could do it...

here's a link
  quote
Mr Beardsley
Member
 
Join Date: Jul 2004
Location: Colorado Springs
Send a message via AIM to Mr Beardsley  
2007-01-19, 15:29

Quote:
Originally Posted by Brad View Post
I think the point of these two is to keep out casual wireless-stealers: the ill-educated folks in the next apartment who aren't going to actively try to sniff packets and crack encryption.

Also, some devices (I'm looking squarely at you, Nintendo DS) still do not support WPA. If all devices on your network do, though, you should indeed absolutely choose WPA with a strong password over WEP.
Oh I agree with you, it adds a barrier to just connecting. My point is that anybody who would try to crack your WEP could get your SSID. I'd recommend WEP if you have devices that don't support WPA. Some encryption is better than nothing. However, I'd still leave the SSID on.

Something else that hasn't been discussed is lowering your transmit power. If you are forced to use WEP, and your home layout is favorable you could try dropping the power so you can't get a signal outside your house.

"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2007-01-19, 15:44

I may have to come up with some concrete examples when I return home, but I recall having some difficulty with implementing WPA for my home network consisting of both PC and Mac.

One of difficulty was in different ways PC and Mac handle the passphrases; Mac may need $ in front of the passphrase where PC doesn't. Another thing was that there seemed to be different bits used; I can choose from say, 64 or 128 bit on PC, but only 96 bit on Mac. (this is off the top of my head; I could be wrong about exact number of bits; but I know for sure I didn't have same choice on either computer)

Mainly becaue of different bits, I got too confused and settled on WEP. Wonder if anyone could enlighten me on that?
  quote
Mr Beardsley
Member
 
Join Date: Jul 2004
Location: Colorado Springs
Send a message via AIM to Mr Beardsley  
2007-01-19, 15:51

Quote:
Originally Posted by COPACABANANA View Post
I may have to come up with some concrete examples when I return home, but I recall having some difficulty with implementing WPA for my home network consisting of both PC and Mac.

One of difficulty was in different ways PC and Mac handle the passphrases; Mac may need $ in front of the passphrase where PC doesn't. Another thing was that there seemed to be different bits used; I can choose from say, 64 or 128 bit on PC, but only 96 bit on Mac. (this is off the top of my head; I could be wrong about exact number of bits; but I know for sure I didn't have same choice on either computer)

Mainly becaue of different bits, I got too confused and settled on WEP. Wonder if anyone could enlighten me on that?
I don't know about the passphrase, but it might be that you didn't have the WPA2 patch for XP. WPA2 is somewhat recent, and I think Airport defaults to it now even though it might not tell you specifically that it is version 2.

From Microsoft

"Slow vehicle speeds with frequent stops would signal traffic congestion, for instance."

uh... it could also signal that my Mom is at the wheel...
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2008-04-25, 20:52

*bump*

So I have a network that was working OK until I introduced MBP and everything went wrong and the Earth was torn asunder.

I had my modem (which comes with wireless access and routing capability) configured to use WPA. It didn't specify WPA2, so I assumed WPA. There are just two user of the wireless network, the iMac and MBP. Since then, there's been a dialog at random interval on either computer saying that wireless network has been compromised and will be disabled for a minute. I don't have the faint idea in hell what was compromised, unless they were trying to tell me in a cryptic way that my neighbor would like to borrow my bandwidth?

This is quite annoying as this means there's lapses in connection and it mucked up a pending software update among other things and sometime I find I have to turn the airport on either computer off/back on to get it to restore the connection.

Any insights?
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2008-04-27, 12:41

Anyone?
  quote
FFL
Fishhead Family Reunited
 
Join Date: May 2004
Location: Slightly Off Center
 
2008-04-27, 15:09

I've never seen a wireless router bundled with a modem that didn't suck.

My preference is to turn off the wireless on the modem, and hook up either a Linksys WRTG54, or an Airport Express or Extreme.
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2008-04-28, 13:57

Quote:
Originally Posted by FFL View Post
I've never seen a wireless router bundled with a modem that didn't suck.

My preference is to turn off the wireless on the modem, and hook up either a Linksys WRTG54, or an Airport Express or Extreme.
Hmm, interesting. I have a Netgear wireless router- could try that....


A bit of tangent, but shouldn't a router be a router? I mean, exactly what makes a router suck for certain applications when all they have to do is keep track of packets going to so and so destination?
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure file transfer over network scrouds Genius Bar 3 2005-08-26 22:09
iPod to iTunes omem Genius Bar 5 2005-07-16 13:32
How to: Set up wireless network b/w OS X and XP? ezkcdude Genius Bar 1 2005-02-24 14:06
Home Wireless Network: Will This Work? Chinney Genius Bar 6 2005-02-12 14:50
setting up a password for my wireless network Cam'Ron Genius Bar 2 2005-01-03 16:43


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 21:15.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2019, AppleNova