making a secure access point..

**ShinkunoNamida** · 06-08-2002, 11:07 AM

Any Ideas on how to make an access point secure from intentional or even unintentional misuse?

Seeing as I can't reach it from my front yard I'm not too concerned, but right now it's sheilded by the basement walls.

If I move to an apartment or another inoportune locality I may not be so fortunate.

**Callahan** · 06-08-2002, 12:17 PM

First, enable any WEP that you can use. Yes its not all that secure and people can use AirSnort or equiv to grab keys, but its at least a start. Second, limit access only to MAC addresses of the cards you own. Again, this can be spoofed but there isn't any point of making it easy for anyone.

That will stop the casual people from accessing it. You will also want to turn off broadcasting of your SSID so that it doesnt show up to Netstumbler, etc. This makes a little more inconvenient to connect to the AP as its not automatic, but its a lot more secure as they have to know the AP is there.

Finally, if you want to do this properly, setup a 2k/Linux server that you can VPN to from your remote computer. If all traffic on the wireless link is encrypted again you will be fine.

**Aaron Cake** · 06-08-2002, 10:26 PM

There is no way to secure an access point. Any security features available can be broken in a matter of hours (WEP is a joke, an SSID is not a secret code, and MAC addresses are easy to sniff and spoof). The only way to be truely secure is to use a VPN.

**PoBoy** · 06-08-2002, 11:06 PM

I heard people were going around with Pringle cans on their access points and wireless cards to get better range. I couldnt believe it, but it actually works.

Instructions on building one
http://www.oreillynet.com/cs/weblog/view/wlg/448 to aid in its creation

Wireless hacking story with Pringle cans
http://news.bbc.co.uk/hi/english/sci...00/1860241.stm

PoBoy

**Callahan** · 06-09-2002, 01:26 AM

Originally posted by Aaron Cake
There is no way to secure an access point. Any security features available can be broken in a matter of hours (WEP is a joke, an SSID is not a secret code, and MAC addresses are easy to sniff and spoof). The only way to be truely secure is to use a VPN.

Just because something is possible does not mean that EVERYONE will be able to do it. What you have said is true for any technology. The only safe computer is the one turned off and at the bottom of the ocean.

Yes many of the above listed security features can be circumvented, but that does not mean that you shouldn't enable them. Do you not lock your doors because lock picks exist? Do you not put a security system in a car because wire cutters exist?

Seriously, it simply makes it more of a pain to use your AP, and 9/10 times this means they will use another AP (especially in a populated area where there may be several in range). No thief or attacker wants trouble unless you are worth it. If you are a big corporation, sure maybe they will still try and break in. But if they figure you are just somebody's home network its just not worth the time to sit there and collect gigs and gigs of data to be able to determine the WEP key.

**freestyler** · 06-09-2002, 06:00 PM

One of the first things to do tho is to disable the SSID broadcast, NetStumbler can't find the access point at all then, if the war driver is using linux programs then they can typically still see the packets with most of the linux programs, but that is a good place to start. I also have mac addy auth on my ap and on my router. VPN is a must also, use it. Disable WEP, it isn't worth the slowdown in network speed.

**Callahan** · 06-09-2002, 07:08 PM

Originally posted by freestyler
One of the first things to do tho is to disable the SSID broadcast, NetStumbler can't find the access point at all then, if the war driver is using linux programs then they can typically still see the packets with most of the linux programs, but that is a good place to start. I also have mac addy auth on my ap and on my router. VPN is a must also, use it. Disable WEP, it isn't worth the slowdown in network speed.

A decent wireless card and AP shouldn't notice any slow down at all from the encryption. Cheapies will of course yea.

**freestyler** · 06-09-2002, 07:42 PM

Originally posted by Callahan

A decent wireless card and AP shouldn't notice any slow down at all from the encryption. Cheapies will of course yea.

Actually they all do....from the Linksys to the Avaya(Orinoco, Agere,etc)

**Callahan** · 06-09-2002, 10:27 PM

Originally posted by freestyler

Actually they all do....from the Linksys to the Avaya(Orinoco, Agere,etc)

Actually, No they all don't. It really does depend on the card/AP. Check out http://practicallynetworked.com and their reviews. They test every card for the performance decrease with WEP enabled. Yes, the Orinoco cards look at around a 15-20% decrease in performance, but many (SMC USB for example) have no noticeable decrease.

Although, as we both mentioned, a VPN is the solution and should be used over WEP. But having both enabled (if you happen to not be affected by both the WEP and VPN overhead) doesnt hurt.