How Do I Know My Secure Wireless Network Really IS Secure?

Reply Subscribe

Thread Tools

Search this Thread

Oct 15, 2005 | 11:32 am

#16

UAVirgin

Join Date: Dec 2001

Location: DSM

Programs: "I COME FROM Des Moines. Somebody had to." -- Bill Bryson

Posts: 1,135

Quote:

Originally Posted by SkeptiCallie

With the proviso that this is not my territory, isn't the MAC ID only the unique number of the cable modem, not of the computer itself? Media Access Control ID? (Bad enough privacy advocates had to worry about those pesky Pentium ID numbers that could be turned on surreptitiously by web sites.

) Anyhow, your explanation is clear enough in context, only that the clause itself gave me pause.

MAC address is supposed to be a unique identifier of the hardware manufacturer. You can go to this web site and find out what manufacturer your MAC address is registered to.

Oct 17, 2005 | 7:19 am

#17

SFOffjunkie

Join Date: Aug 2003

Location: Chicago ORD

Programs: UA GS Million Miler, Hilton Diamond, Marriott/Starwood Gold

Posts: 143

Quote:

Originally Posted by UAVirgin

MAC address is supposed to be a unique identifier of the hardware manufacturer. You can go to this web site and find out what manufacturer your MAC address is registered to.

This is true; however, as bumpme pointed out, MAC addresses can be spoofed. My old Netgear router allowed me to provide whatever address I wanted, which it would supply in response to a query instead of the original, unique number.

This is very useful, for example, if your ISP somehow ties your service to a MAC address in order to get you to pay more for the privilege of networking your home. With the netgear, you could splice the router in between the computer and the modem, and the ISP would never know the difference. If the modem interrogates the router, it's given the "approved" MAC address.

bumpme, In order to spoof the MAC address, don't you have to know what it is in the first place?

Oct 17, 2005 | 10:05 am

#18

ClueByFour

Join Date: Jul 2000

Location: Commuting around the mid-atlantic and rust-belt on any number of RJs

Programs: TSA Random Selectee Platinum, * Gold, SPG/HH/MR mid-tier, and a tiny bag of pretzels.

Posts: 9,255

Quote:

Originally Posted by SFOffjunkie

If you use WPA, MAC filtering and turn off SSID, you'll be secure from all but the most determined intruders.

Just make sure it's WPA and not WEP. WEP adds (at most) an extra 10 minutes or so to the required time to break (it's tied to the strength of the IV in your particular brand of WEP). I had a friend tout to me the "security" of his wireless implementation--took about 12 minutes and a copy of auditor linux and the WEP key was cracked, sniffed the SSID, cloned his PC's MAC, dissassociated his PC, and had my laptop on the network in it's place.

WPA is another story.

Oct 17, 2005 | 10:08 am

#19

Martinis at 8

Join Date: Jan 2005

Location: IAH

Posts: 2,674

If you are truly concerned about security, then you may want to try a PGP product for e-mails, and a tunneler for surfing.

M8

Oct 17, 2005 | 12:57 pm

#20

JadedTraveler

Join Date: Jul 2001

Location: Lower Merion Township, PA, (an inner-ring suburb to the Socialist Workers City/State of Philadelphia, PA)

Posts: 597

There's also a good discussion in this thread, through app. message #20

http://www.flyertalk.com/forum/showt...0&page=1&pp=15

Take note of the relevance placed on who might be likely attackers, ... do you live in a multi-unit dwelling or in a suburban environment where the closest naighbor is several hundred feet away.

Oct 17, 2005 | 3:02 pm

#21

MarkW

Join Date: May 2003

Location: Chevy Chase, MD, USA

Programs: UA 1K, MM

Posts: 99

Another thought: if you're not actively using a wireless connection, disable wireless access. Most people leave it on all the time for convenience, but why take a chance? I'd prefer the slight inconvenience of having to enable my access point each time I want to use it for an extended period, rather than leaving it up all the time and hoping that I didn't overlook a security hole.

Oct 17, 2005 | 3:05 pm

#22

MarkW

Join Date: May 2003

Location: Chevy Chase, MD, USA

Programs: UA 1K, MM

Posts: 99

Related to the idea of turning it off when not in use...

One of my neighbors (don't know which one) has an unencrypted wireless access point I can reach from within my house. I've run a network scan a couple times just to see the names of the machines and figure out who it is. Each time I've done it, though, it looks like I'm the only machine on this segment of his network... meaning that it's hardly ever in use. if it's hardly ever in use, why leave it on constantly, ya know?

Oct 17, 2005 | 4:44 pm

#23

jsmeeker

Join Date: Mar 2002

Location: Dallas, TX

Programs: AA GLD, Marriott PLT, Hilton Diamond

Posts: 2,900

Quote:

Originally Posted by MarkW

why leave it on? Mine doesn't even have a switch. I would need to unplug it. Also, it means I can start to work right away. No need to power up a device. Another reason is that my machines may be accessing the internet when I am away.

Oct 17, 2005 | 5:06 pm

#24

MarkW

Join Date: May 2003

Location: Chevy Chase, MD, USA

Programs: UA 1K, MM

Posts: 99

Sorry, I should have been more specific. I should have said "turn off or disable wireless access". You're right, certain routers might not allow this. In that case, a user might want to remove any detachable antennas.

Oct 18, 2005 | 10:57 pm

#25

daw617

Join Date: Aug 2004

Posts: 707

I second the advice here. Securing a wireless network, and being confident you've got it secure, is a pain in the butt, sad to say. Basically, cleartext (unencrypted) or WEP is insecure, while WPA ought to be quite solid, assuming you have picked a good secret key/password.

Oct 19, 2005 | 1:32 pm

#26

chichow

Join Date: Oct 2002

Location: Chicago, USA

Programs: UA 1MM Gold AA Gold NW Silver Marriott Plat. SPG Plat. Hilton Gold Hertz 5 Star

Posts: 3,254

Quote:

Originally Posted by ClueByFour

i can follow but want to know what packages you used on auditor linux for each stage?

also are you able to automount a usb thumbdrive? or manually using CL

Oct 24, 2005 | 8:01 pm

#27

willyroo

Join Date: Sep 2002

Location: BNE, Australia...not too far from the nearest Qantas Pub err Club

Posts: 3,636

Quote:

Originally Posted by ClueByFour

A note of warning.

My Linksys WAP/router is WPA enabled - so I thought "great" - let's shift from WEP/MAC to WPA/MAC security.

But before you do anything - also make sure the wireless card in your notebook/desktop supports WPA! Mine doesn't, and it caused me all sorts of grief.

Oct 24, 2005 | 8:34 pm

#28

FewMiles

FlyerTalk Evangelist

Join Date: Nov 1999

Location: FTFOE

Programs: TalkBoard: We discuss / ad nauseum things that mean / so very little

Posts: 10,225

It might depend on the firmware and/or drivers too. When I first got the Linksys 54g card for my old notebook, the drivers at the time didn't support WPA. A couple of months later, they released new drivers that did.

FewMiles..

Oct 25, 2005 | 8:34 am

#29

UAVirgin

Join Date: Dec 2001

Location: DSM

Programs: "I COME FROM Des Moines. Somebody had to." -- Bill Bryson

Posts: 1,135

Also be mindful of mixed wireless devices on you LAN. I have a webcam and Laptop, one supports WEP only the other does both WEP & WPA. So I have to use the WEP.

Oct 25, 2005 | 5:24 pm

#30

DeafFlyer

Join Date: Mar 2003

Location: IAD

Programs: United MP

Posts: 7,860

Same for me. I need to replace just one component of my network to advance to WPA from WEP. Just one device forces all my wireless devices to use WEP.

Reply Share

First
Prev
2 / 3
Next
Last

Forum Jump