|
General software and network General OS-independent software and network questions, X11, MTA, routing, etc. |
|
Thread Tools | Display Modes |
|
|||
How secure are wireless home networks?
Hello,
Comparatively speaking, how secure is a wireless home network - say, in a residential area? Would more security measures need to be provided than with a wired network?
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14) |
|
|||
This kinda sounds like homework.
Anyway, as you seem to have been living under a rock... most residential, and even commercial networks are vulnerable to attacks, most people buy a wireless router/access point, plug it in.. and assume that's all they had to do. Many networks are unencrypted and have no sort of authentication system... but users aren't entirely at fault, the available encryption techniques are mostly insecure.. WEP, (Wired Equivalent Privacy) was cracked.. years ago, I believe it takes only seconds to find someones key these days. WPA/WPA2, is a little better.. but I know very little about it... I'm not an expert, I'm sure there are more qualified people here... up until recently I had no wireless equipment, I've setup a few AP's for fun.. with OpenBSD+authpf. All unauthenticated traffic was.. served a bogus error page. |
|
|||
Yes, obviously... it's far easier to gain unauthorized access to a wireless network, you would notice someone walking into home and tapping into your Ethernet cables while munching on a twinkie and downloading illegal stuff.
|
|
|||
Bruce Schneier, security expert, leaves his wide open saying he's not concerned. I don't know how many people would want to sit in their car outside my house stealing bandwidth, or that my neighbors know how to do that, but we're such bandwidth hogs ourselves that I just allow the MAC addresses for the 4 computers we own that use it.
|
|
||||
Quote:
I personally use RADIUS at home and havent detected any break-in attempt so far, which means nobody gives a damn about my wireless |
|
|||
Quote:
So think twice about doing online banking while at the local coffee shop. |
|
||||
There are 3 or 4 wireless networks in my area, depending on signal strength of the most distant.... Only two use encryption and one of them is mine.
In regards to a "residential area" as you put it, I think it depends on the area. For example, where I am, let's just say bra size is larger then brain size for both sexes, computer geeks are more rare then finding rhodium in your backyard, peoples understanding of cracking follows Clarke's third law, which the've never heard of... And anyone smart enough to use tools to make it simple, are more then far enough displaced from here that I don't need to line my bedroom walls with RADAR absorbent material to feel safe. In your area the inverse could be true, on you would know. Compared to a wireless network, it's the same problem but in a very different way. If someone gets into your home, they can always unplug one of your computers and get on your network, even easier if your using DHCP. With a wireless network, they don't have to get physical access to your network in order to join it. "Wireless Equivalent Privacy" is just what it says it is, equivalent privacy to what you get over Ethernet/Token Ring systems (at least I assume so, since I've never used Token Ring). It's just enough security that the you have to 'want to' break in in order to do so. WPA/WPA2 and other methods provide tougher encryption but anything can be cracked given enough time and effort. I'm not sure how many consumer wireless routers and AP allow you to place wireless clients in a separate virtual networks or not. But if your system can do so without interfering with your needs, you might look into it. Most consumer APs should allow you to restrict connections based on MAC (for what it's worth) /or segregate wireless clients off from the wired network, I would hope. The problem with wireless is just that, it's wireless technology. Take what measures you can if you use it, and think carefully what you let pass. From my laptop to my AP, the wireless connection is encrypted and things 'of importance' that have to go across the wifi link are usually conducted via SSH, HTTPS, or likewise some encrypted protocol. In the hopes of avoiding the "Hey wait, this isn't my network..." kind of situations. I configured my systems to only connect to my WLAN automatically and in the case of my laptop, I usually disable that automation when traveling, then encrypt the information in case of theft.
__________________
My Journal Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''. |
|
|||
Hello,
Thanks guys. That's what I thought, but I started to doubt myself. The only use I would have for a wireless connection right now would be to be able to get a laptop and sit out on the deck while using it. But, for now I guess I'll save the money on the laptop and just stick to a good 'ol RJ45 connection for the time being. Maybe in another year or two, I might reconsider. Again, thanks for the input.
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14) |
|
||||
ah, I'm always late to the party!
If you are running a wireless laptop to your LAN, establishing a VPN connection will get over the worries you may have with wireless hacks. About checking your bank account at a coffee shop... if your online banking doesn't run over SSL, I wouldn't use it anywhere in the first place , but if does, you shouldn't have a real issue.
__________________
Network Firefighter |
|
||||
Im a bit suprised about this statement, given what you have posted in this forum, you appears to be an experienced sys admin(no offence). Dont even think about SSL >= security, access can be gained over SSL.
__________________
The power of plain text? It can control an entire OS Last edited by 18Googol2; 12th August 2008 at 05:57 AM. |
|
|||
WEP=BAD NEWS, it is almost worse than leaving your network open because it gives a false sense of security. WPA/WPA2 is pretty dang good if you choose a good key. If you happen to get one of the 802.11n routers, be sure to enable security because the range on those things is much larger. perhaps I'm just paranoid, but I do live in an apartment and it is WAY to easy to hop onto someone's network. OH, and here is a nasty little story about businesses and wireless networks (from 2002 but stillcreepy)
|
|
||||
Quote:
No offense taken, in fact I appreciate the comment. But when you mention your wariness about SSL security, are you referring to a "man-in- the-middle" or attack? I think that those are do-able for sure, but I assume a low risk on them. Of course, low-risk is not no-risk, and I have not personally shopped online or done any online banking from a wireless hotspot. Also, the risk for a "man-in-the-middle" is also present on wired network paths, not just wireless, but again, the risk is low, and depends on the target website's implementation of SSL. More to the point, I think that unless the site you are going to with sensitive information has properly implemented SSL (is completely SSL'd throughout the site and not just on authentication) then you shouldn't be visiting that site with sensitive information in the first place. But if you are referring to something else... let me know. But my assumptions about SSL are that since it's encrypted traffic, and barring any insecure implementations of SSL, it's a secure way to communicate (aside from outlandish uber-hacker gangs and rogue governments... but if that's a realistic fear I wouldn't get online in the first place ) Here's a fun article about cracking SSL itself. I believe this refers to USA-export encryption, not domestic (which is stronger.) Here's another. This one is a more technical paper that describes the toughness of SSL.
__________________
Network Firefighter |
|
||||
I have to backup fridder.
I already posted that there are enough default installed WiFi in a city neighbourhood to always get an Internet connection. Stealing bandwidth? Well, if you leave your wallet for anyone to grab it, don't be surprised your cash will be gone. Proper MAC address plus key authentification is just like keeping your wallet in your pocket. Unfortunately, some ISPs will regularly "update" the modem settings as they want to remain "user friendly". Whatever you specify on ISPs modems should be checked on a regular basis. "User friendly" meaning you are a Vista Home user, with the Windows firewall set and ISP provided Norton anti-virus installed, WiFi set as an access point for everybody including yourself as you are too stoopid to run WiFi-radar and get connected. Only objective, reduce phone support traffic.
__________________
da more I know I know I know nuttin' |
|
||||
Quote:
I wouldnt say its a low risk. Believe it or not, it would take a script kiddie only ~5mins in total (including the time to download software) to finish every step needed to retrieve the password over SSL. Also, it requires zero technical knowledge. All you have to do is point and click as per instruction. If the program is widespread one day, it would be a disaster.
__________________
The power of plain text? It can control an entire OS Last edited by 18Googol2; 14th August 2008 at 08:39 AM. |
|
||||
Quote:
__________________
Network Firefighter |
|
|||
Hello,
I finally got a wireless gateway for use with my laptop. Here is the security I currently have: 1) ssid name is unusual - 7-8 characters - mix of caps, lowercase, numbers, control characters 2) ssid broadcast turned off 3) using WPA-PSK (wpa_supplicant on NetBSD didn't seem to like WPA2-PSK - gateway doesn't support Enterprise) 4) passcode is 24 characters - mix of caps, lowercase, and numbers (didn't like it when I put control characters in there, so I left them out) 5) gateway has built-in firewall (for whatever good there default setup is) 6) using MAC filtering where my laptop's MAC is the only one allowed on the wireless I'm planning to setup my own firewall (probably PF, once I have time to learn how to configure it) in the future, but for now, is that decent security? Anything else I can do?
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14) |
|
||||
Quote:
or you are trying to ask us what you really need to do to make it really secure? |
|
|||
That is the security I have implemented so far. I'm asking how secure (or insecure - I hope not ) that is and what else I can do to make it really secure?
__________________
And the WORD was made flesh, and dwelt among us. (John 1:14) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
how to secure my ftp? | milo974 | OpenBSD Security | 3 | 4th August 2009 03:47 PM |
Securing wifi networks with ipsec/ssh and openbsd | Oko | OpenBSD Security | 4 | 16th April 2009 07:32 AM |
Is this secure? | Ungenious | OpenBSD Security | 4 | 30th November 2008 02:27 AM |
I would like to secure a system | kungfujesus | OpenBSD Security | 4 | 28th September 2008 04:30 PM |
DMZ for two networks users... | maurobottone | OpenBSD Security | 6 | 2nd June 2008 02:57 PM |