Anyone an expert on Wireless LANs
#1
OK, so I know that wireless LAN (the 802.11b standard) has a reputation for being very insecure.
You can turn on WEP, but anyone who sniffs enough traffic can deduce the key and break in.
You can specify an ESSID for your WLAN that is not the default, but what is that used for? Does that mean anyone who doesn't have that can't attach to the network?
Also, you can specify the MAC addresses of the machines allowed to connect.
So, my question is, if you use 128 bit WEP, make up and ESSID, and specify the MAC addresses of the PCs, is the Wireless LAN secure or are there more issues/things you can/need to do?
Thanks,
Alex
#2
Scooby Regular
Join Date: Mar 2001
Location: Derbyshire
Posts: 4,496
Likes: 0
Received 0 Likes
on
0 Posts
The question you have to ask yourself is how secure do you want it to be?
No network is 100% secure, it's always breakable. Just depends how much effort is involved.
Me, I haven't even got WEP enabled yet....just using MAC addresses for authorisation. Not too fussed either, for most people to hack it, I'm sure they would need to sit outside your house for a bit, probably in a very dodgy van
What have you got that needs to be so secure?
No network is 100% secure, it's always breakable. Just depends how much effort is involved.
Me, I haven't even got WEP enabled yet....just using MAC addresses for authorisation. Not too fussed either, for most people to hack it, I'm sure they would need to sit outside your house for a bit, probably in a very dodgy van
What have you got that needs to be so secure?
#3
BigGT3Fan
I agree with Hanslow - wireless security is good enough for home users.
Some manufactures now support 802.1x and WPA (wireless protected access). WPA isn't brilliant but its the right step in the right direction The 802.1x normally requires an radius server however some access points hold the user list locally therefore eliminating the need for the radius server (its not ideal but it better than nothing )
At the mo the following setup for home users is best
1) Maximum WEP encryption enabled - up to 256-bit
2) MAC filtering
3) ESSID non-broadcasting
4) DHCP server disabled
5) ESSID name changed from default setting
With the above I also use 802.1x and IP filtering. In about several weeks I will be testing WPA.
[Edited by RoadrunnerV2 - 3/17/2003 2:13:40 PM]
I agree with Hanslow - wireless security is good enough for home users.
Some manufactures now support 802.1x and WPA (wireless protected access). WPA isn't brilliant but its the right step in the right direction The 802.1x normally requires an radius server however some access points hold the user list locally therefore eliminating the need for the radius server (its not ideal but it better than nothing )
At the mo the following setup for home users is best
1) Maximum WEP encryption enabled - up to 256-bit
2) MAC filtering
3) ESSID non-broadcasting
4) DHCP server disabled
5) ESSID name changed from default setting
With the above I also use 802.1x and IP filtering. In about several weeks I will be testing WPA.
[Edited by RoadrunnerV2 - 3/17/2003 2:13:40 PM]
#4
Of course, if it suits your application, you can allow wireless clients to only access the Internet and not your local network. That way even if someone does crack it, all they're doing is depriving you of some bandwidth.
Somebody near me has a Wireless AP with all the defaults set, and I've successfully used their connexion
PS: RR -- any news about my strange dates from DLink tech support?
[Edited by carl - 3/17/2003 2:38:47 PM]
Somebody near me has a Wireless AP with all the defaults set, and I've successfully used their connexion
PS: RR -- any news about my strange dates from DLink tech support?
[Edited by carl - 3/17/2003 2:38:47 PM]
#5
Chaps,
You've missed the point, I realise that a home wireless network doesn't need to be very secure! It's not for home..
I couldn't care less if someone wanted to use my WWW link from outside my house, though I can't really see it. I would be slightly bothered if they wanted to access stuff on my home network, perhaps CC details etc but again I can't see it.
This is a work enquiry, we can only use WLAN if we can make it secure...
Alex
You've missed the point, I realise that a home wireless network doesn't need to be very secure! It's not for home..
I couldn't care less if someone wanted to use my WWW link from outside my house, though I can't really see it. I would be slightly bothered if they wanted to access stuff on my home network, perhaps CC details etc but again I can't see it.
This is a work enquiry, we can only use WLAN if we can make it secure...
Alex
#7
TBH, with MAC address filtering and 256-bit WEP you'd have to be a pretty determined cracker to get into the network. Would probably be easier to do a bit of 'social engineering' and get into the network that way.
No encryption method is completely secure. It's just a balance between the effort required to crack it and the value (and time of validity) of the data. So for example, if you had highly secret product data three months ahead of launch, you'd be OK with an encryption algorithm that required about three months to crack.
If you're really worried, you should put your wireless AP in your DMZ, required all wireless LAN users to use VPN software and only allow the VPN tunnels through your firewall.
No encryption method is completely secure. It's just a balance between the effort required to crack it and the value (and time of validity) of the data. So for example, if you had highly secret product data three months ahead of launch, you'd be OK with an encryption algorithm that required about three months to crack.
If you're really worried, you should put your wireless AP in your DMZ, required all wireless LAN users to use VPN software and only allow the VPN tunnels through your firewall.
Trending Topics
#9
At the mo I use the D-Link 1000AP+
http://www.broadbandbuyer.co.uk/Shop...&ProductID=419
For work access (along with the usual security features WEP, filtering etc) I would recommend 802.1x/Radius implementation with maybe some VPN'ing if needed.
WPA has one major flaw - at the mo (depending on manufactures implementation) its subject to denial of service attacks If the access point detects its being attacked it will then shut down for a specified amount of time! therefore a hacker could flood your WLAN and turn in off.
Non ESSID broadcasting is down to the equipment you use. Not all access points support the function
http://www.broadbandbuyer.co.uk/Shop...&ProductID=419
For work access (along with the usual security features WEP, filtering etc) I would recommend 802.1x/Radius implementation with maybe some VPN'ing if needed.
WPA has one major flaw - at the mo (depending on manufactures implementation) its subject to denial of service attacks If the access point detects its being attacked it will then shut down for a specified amount of time! therefore a hacker could flood your WLAN and turn in off.
Non ESSID broadcasting is down to the equipment you use. Not all access points support the function
#11
Scooby Regular
Join Date: Mar 2000
Location: Gloucestershire, home of the lawnmower.
Posts: 4,531
Likes: 0
Received 0 Likes
on
0 Posts
Figures I was given was that for a 128-Bit WEP secured WLAN an outsider (with the skills) would on average need to "collect" approx. 1Gb of traffic before having enough info. to break in. But once they have that traffic it *is* trivial.
I have seen hardware with much higher levels of security being advertised so going with new kit may be an option ?
Another thing to consider is whether an outsider can actually pick up the signal. Might be worth your while walking the site perimeter with a laptop. But do note that this assumes that nobody can get inside this perimeter.
Cheers
Ian
I have seen hardware with much higher levels of security being advertised so going with new kit may be an option ?
Another thing to consider is whether an outsider can actually pick up the signal. Might be worth your while walking the site perimeter with a laptop. But do note that this assumes that nobody can get inside this perimeter.
Cheers
Ian
Thread
Thread Starter
Forum
Replies
Last Post
andy97
Computer & Technology Related
12
16 September 2015 08:07 PM
The Joshua Tree
Computer & Technology Related
18
11 September 2015 09:24 PM