Announcement

Collapse
No announcement yet.

making a secure access point..

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • making a secure access point..

    Any Ideas on how to make an access point secure from intentional or even unintentional misuse?

    Seeing as I can't reach it from my front yard I'm not too concerned, but right now it's sheilded by the basement walls.

    If I move to an apartment or another inoportune locality I may not be so fortunate.
    aka Kumaneko
    "Don't make me moderate your ***!"
    Maxima of Doom - project thread - photo gallery
    mp3car system is currently FUBAR and finances do not allow for a correction of that situation
    Real computer hackers use a rotary cutting tool on their motherboard.

  • #2
    First, enable any WEP that you can use. Yes its not all that secure and people can use AirSnort or equiv to grab keys, but its at least a start. Second, limit access only to MAC addresses of the cards you own. Again, this can be spoofed but there isn't any point of making it easy for anyone.

    That will stop the casual people from accessing it. You will also want to turn off broadcasting of your SSID so that it doesnt show up to Netstumbler, etc. This makes a little more inconvenient to connect to the AP as its not automatic, but its a lot more secure as they have to know the AP is there.

    Finally, if you want to do this properly, setup a 2k/Linux server that you can VPN to from your remote computer. If all traffic on the wireless link is encrypted again you will be fine.
    MP3 Cavalier - http://www.mp3cavalier.com
    MP3 Grand Prix - http://www.mp3gp.com

    Comment


    • #3
      There is no way to secure an access point. Any security features available can be broken in a matter of hours (WEP is a joke, an SSID is not a secret code, and MAC addresses are easy to sniff and spoof). The only way to be truely secure is to use a VPN.
      Player: Pentium 166MMX, Amptron 598LMR MB w/onboard Sound, Video, LAN, 10.2 Gig Fujitsu Laptop HD, Arise 865 DC-DC Converter, Lexan Case, Custom Software w/Voice Interface, MS Access Based Playlists
      Car: 1986 Mazda RX-7 Turbo (highly modded), 1978 RX-7 Beater (Dead, parting out), 2001 Honda Insight
      "If one more body-kitted, cut-spring-lowered, farty-exhausted Civic revs on me at an intersection, I swear I'm going to get out of my car and cram their ridiculous double-decker aluminium wing firmly up their rump."

      Comment


      • #4
        Pringles

        I heard people were going around with Pringle cans on their access points and wireless cards to get better range. I couldnt believe it, but it actually works.


        Instructions on building one
        http://www.oreillynet.com/cs/weblog/view/wlg/448 to aid in its creation


        Wireless hacking story with Pringle cans
        http://news.bbc.co.uk/hi/english/sci...00/1860241.stm


        PoBoy
        I'm a ghost...email me if you have any questions on my old setup

        My way outdated website: http://www.poboytech.net

        FYI: I sold my 96 4Runner and bought a 1985

        Comment


        • #5
          Originally posted by Aaron Cake
          There is no way to secure an access point. Any security features available can be broken in a matter of hours (WEP is a joke, an SSID is not a secret code, and MAC addresses are easy to sniff and spoof). The only way to be truely secure is to use a VPN.
          Just because something is possible does not mean that EVERYONE will be able to do it. What you have said is true for any technology. The only safe computer is the one turned off and at the bottom of the ocean.

          Yes many of the above listed security features can be circumvented, but that does not mean that you shouldn't enable them. Do you not lock your doors because lock picks exist? Do you not put a security system in a car because wire cutters exist?

          Seriously, it simply makes it more of a pain to use your AP, and 9/10 times this means they will use another AP (especially in a populated area where there may be several in range). No thief or attacker wants trouble unless you are worth it. If you are a big corporation, sure maybe they will still try and break in. But if they figure you are just somebody's home network its just not worth the time to sit there and collect gigs and gigs of data to be able to determine the WEP key.
          MP3 Cavalier - http://www.mp3cavalier.com
          MP3 Grand Prix - http://www.mp3gp.com

          Comment


          • #6
            One of the first things to do tho is to disable the SSID broadcast, NetStumbler can't find the access point at all then, if the war driver is using linux programs then they can typically still see the packets with most of the linux programs, but that is a good place to start. I also have mac addy auth on my ap and on my router. VPN is a must also, use it. Disable WEP, it isn't worth the slowdown in network speed.

            1997 Jeep Wrangler Rugged Waves


            Ebay Stuff For Sale

            Comment


            • #7
              Originally posted by freestyler
              One of the first things to do tho is to disable the SSID broadcast, NetStumbler can't find the access point at all then, if the war driver is using linux programs then they can typically still see the packets with most of the linux programs, but that is a good place to start. I also have mac addy auth on my ap and on my router. VPN is a must also, use it. Disable WEP, it isn't worth the slowdown in network speed.
              A decent wireless card and AP shouldn't notice any slow down at all from the encryption. Cheapies will of course yea.
              MP3 Cavalier - http://www.mp3cavalier.com
              MP3 Grand Prix - http://www.mp3gp.com

              Comment


              • #8
                Originally posted by Callahan


                A decent wireless card and AP shouldn't notice any slow down at all from the encryption. Cheapies will of course yea.
                Actually they all do....from the Linksys to the Avaya(Orinoco, Agere,etc)

                1997 Jeep Wrangler Rugged Waves


                Ebay Stuff For Sale

                Comment


                • #9
                  Originally posted by freestyler


                  Actually they all do....from the Linksys to the Avaya(Orinoco, Agere,etc)
                  Actually, No they all don't. It really does depend on the card/AP. Check out http://practicallynetworked.com and their reviews. They test every card for the performance decrease with WEP enabled. Yes, the Orinoco cards look at around a 15-20% decrease in performance, but many (SMC USB for example) have no noticeable decrease.

                  Although, as we both mentioned, a VPN is the solution and should be used over WEP. But having both enabled (if you happen to not be affected by both the WEP and VPN overhead) doesnt hurt.
                  MP3 Cavalier - http://www.mp3cavalier.com
                  MP3 Grand Prix - http://www.mp3gp.com

                  Comment


                  • #10
                    line your house with anti-static bags, i just realized my ez-pass is in one and says to keep it in the bag when not in use......
                    mp4runner.com

                    Comment


                    • #11
                      Originally posted by Callahan


                      Actually, No they all don't. It really does depend on the card/AP. Check out http://practicallynetworked.com and their reviews. They test every card for the performance decrease with WEP enabled. Yes, the Orinoco cards look at around a 15-20% decrease in performance, but many (SMC USB for example) have no noticeable decrease.

                      Although, as we both mentioned, a VPN is the solution and should be used over WEP. But having both enabled (if you happen to not be affected by both the WEP and VPN overhead) doesnt hurt.
                      who wants to use SMC crap? They have the poorest range out of ANY card out there. practicallynetworked has good reviews yes, but usually don't try the cards in a real-life situation, at the University I go to which I also work for doing computer support we have tried all the main brands out there, SMC has the worst range while the Orinoco cards have the best. For WEP slowdown all of them showed a decrease, we just don't use WEP as it isn't worth it, why use resources up for something that doesn't do anything? No matter how small, it adds up when you have a few hundred users. There are 100k+ users at U I go to, of those granted only a few have wireless but we have begun pushing it and have noticed a large increase, using WEP would make it so that you would have to use the same brand as our access points as even though they state WEP will work with anything it doesn't, Linksys does it a proprietary way while Lucent does it another. In all WEP just isn't worth it. Just use VPN + SSID broadcast disable + MAC auth + firewall. You could also easily setup a redirect on your network that if the user doesn't input a username/password that is referenced from a secure databse then they won't get on, granted they can grab packets but they can't steal bandwidth.

                      1997 Jeep Wrangler Rugged Waves


                      Ebay Stuff For Sale

                      Comment


                      • #12
                        Originally posted by freestyler


                        who wants to use SMC crap? They have the poorest range out of ANY card out there. practicallynetworked has good reviews yes, but usually don't try the cards in a real-life situation, at the University I go to which I also work for doing computer support we have tried all the main brands out there, SMC has the worst range while the Orinoco cards have the best. For WEP slowdown all of them showed a decrease, we just don't use WEP as it isn't worth it, why use resources up for something that doesn't do anything? No matter how small, it adds up when you have a few hundred users. There are 100k+ users at U I go to, of those granted only a few have wireless but we have begun pushing it and have noticed a large increase, using WEP would make it so that you would have to use the same brand as our access points as even though they state WEP will work with anything it doesn't, Linksys does it a proprietary way while Lucent does it another. In all WEP just isn't worth it. Just use VPN + SSID broadcast disable + MAC auth + firewall. You could also easily setup a redirect on your network that if the user doesn't input a username/password that is referenced from a secure databse then they won't get on, granted they can grab packets but they can't steal bandwidth.
                        Your real life situation does not equal everyone elses real world situation. I have had pretty good success with SMC cards, as well as Orinoco (both branded and Dell rebadges). The SMCs worked just as well and through some pretty nasty areas and over a pretty good distance.. in ad hoc mode as well.

                        You are in a very different situation as well, you are FAR more succeptible to someone snorting the keys because its easy to sit in the univ and collect the data. With someone's house, unless you are in the same building you probably won't bother getting close long enough to bother with it. I'm not saying that WEP is perfect, its not even close. But its not 'worthless'. It is weak yes if you know what you are doing, but a lot of the time in a busy area people are going to move on and go after an open WAP. Again, I totally agree with you that you should be VPNing across any wireless link, because you just don't know who is listening.

                        My D-link WAP hasn't had a problem with any of the Wireless NICs have I have used, and I haven't noticed any WEP slow down.

                        To me it would be try it with WEP on (if you can get it to work, some people do have a lot of problems) and with it off. If you don't notice the difference whats it hurt to add one more layer, even if its thin?
                        MP3 Cavalier - http://www.mp3cavalier.com
                        MP3 Grand Prix - http://www.mp3gp.com

                        Comment


                        • #13
                          Well I also have a network in my apartment and haven't had luck with Linksys WAP11 using WEP on an orinoco card, smc, dlink, only the linksys one worked. It's a flaky protocol, if you get it to work great, but just doesn't seem worth it to me.

                          1997 Jeep Wrangler Rugged Waves


                          Ebay Stuff For Sale

                          Comment


                          • #14
                            I've been thinkinbg about a wireless addtiion to my network, but i'm hoping it won't need any of the WEP stuff. I think i'm far enough from the main road that I won't have anyone snooping onto my network. though I can always just have my dhcp server not assign addresses to other cards other than mine

                            Comment


                            • #15
                              just unplug it when not being used

                              Comment

                              Working...
                              X