• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

A Beginner's Guide To Securing a Wireless Network

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
UnseenMenace

UnseenMenace

UnseenModerator
Joined
Apr 23, 2001
Full Article - Overclockers.com

From The Article - "A Beginner's Guide To Securing a Wireless Network" - Paul Macklin (a.k.a. macklin01) - 9/26/03

Disclaimer:
I am by no means an expert at networking or network security. I am writing this article as an overview of the techniques I have learned that a relative novice at wireless networking can easily implement to improve wireless networking security with minimal confusion. It should be understood as a starting point on the quest for greater wireless networking security, not the complete solution.

Rather than help with the actual setup of your network, this guide instead focuses on the configuration of the various security options that may be available to you.

Introduction
I recently set up a wireless home network for my apartment. In my previous apartment, I had strung up a simple 10/100 hub and nailed some cable-holders along the perimeter of the walls to hold the cables. However, I didn't think the apartment owners in Orange County, CA, would appreciate this sort of option, so I decided to go wireless. It has been a tremendous improvement for aesthetics and simplicity, but security is an issue.

Consider, for example, the recent campaign by the RIAA to sue internet users who illegally share copyrighted music. If you examine these cases a little more closely, you'll notice that they don't even determine which computer did the sharing, but rather which IP address was responsible.

Suppose you have a broadband connection and a wireless router/firewall. If somebody bootlegs your connection and participates in KaZaa, it's going to be your IP address that appears on the subpoena. Granted, this is probably one of those very few cases that could stand a chance in court, but why get there in the first place?

Of course, it goes without saying that you want to safeguard your data and privacy. You'll also want to reserve your bandwidth for your own surfing, rather than bozo's pr0n downloads, so these are some other good reasons to invest some time in security. So, let's get started in at improving security.

In this guide, I'll go through the simplest changes you can make to your wireless network to improve security. At the end of the day, no wireless network is completely secure, but hopefully you can at least create a deterrence/inconvenience. There ought to be more tempting, less-secure networks nearby that are more tempting targets. The overall approach I'd like to convey is "lock the door and try to hide it."
Click to expand...

NOTE This Information Is Edited :- Reading The Full Article Is Recomended

1) Do you have a wireless network ? - Are you currently considering it.
2) Has the security concerns regarding wireless networks effected your decision to buy wireless networking products?
3) Does the price of wireless networking products effect your decision to buy wireless networking products? - If this is the case how much cheaper do they need to get ?
4) What are your current thoughts, experiences concerning wireless networking ?
5) What do you think of this article and the advice it gives ? - Do you have any more ?
 
I just recently set up a wireless network for my parent's. In order to get even a trace of a signal you have to be standing at least 10-20 feet inside the yard , and on 1 side you have to be inside the house. With a setup like this how important is securing the network ? I have it running 128bit security already ( highest my router would go ) .
 
That's a good question.

I think it's still moderately important because there are a lot of tools out there to overcome weak signals. People who do "war driving" often have directional, amplified antennas that can pick up surprisingly weak signals. So, just because your computer can't connect well outside of 10-20 feet doesn't mean that somebody else with the proper equipment can't from farther. But it's definitely a help, because the percentage of people with this "proper equipement" is much lower; your odds of being detected at all are now much lower. :)

That said, the 128bit encryption should help quite a lot. Otherwise, I wouldn't worry too much, but you should check in on the security from time to time. (And I still personally recommend changing the key regularly, since it's a weak encryption.)

I hope this helps! Thanks for your interest in my article!! :) -- Paul
 
UnseenMenace said:
1) Do you have a wireless network ? - Are you currently considering it.
Click to expand...
Yes. :)
2) Has the security concerns regarding wireless networks effected your decision to buy wireless networking products?
Click to expand...

It has, and that's why I made sure what I bought had at least 128bit security. If I had known then what I do now, I might have waited a bit longer or chosen something with WPA instead, such as the more expensive 802.11g products out there.

3) Does the price of wireless networking products effect your decision to buy wireless networking products? - If this is the case how much cheaper do they need to get ?
Click to expand...

Yes indeed. Up until recently, this equipment was very pricy. Now, with rebates, you can get the router I use (which has a doubled transmission rate and doubled WEP key) for under $40 on newegg, which is quite affordable.

4) What are your current thoughts, experiences concerning wireless networking ?
Click to expand...

It's a great advance for home users in terms of convenience, but the security is definitely an issue. It's too bad that the majority of these products have all the security turned off by default. Most home users never even turn it on, and I've had many friends who accidentally connected to their neighbor's networks. (And not intentionally. Windows will generally try to choose the strongest network it can find, so long as it can connect and log in.)

I think the situation will improve on the security end. The manufacturers are getting a lot of interest, and they don't want the continued bad press like WEP is starting to generate. WPA should be a lot better, and I'd assume they'll be more careful in future selection of standards.

I guess this is a lot like anything else in life: there's a trade-off between security / privacy and convenience. The U.S. liked relatively porous borders because it made commerce cheaper and faster. 9/11 happened, and now we have to trade some of that convenience for (presumably) better national security. Cordless phones are nice and convenient, but many of us (especially in the 900MHz days and before) have experienced picking up the phone to hear unexpected voices!

It's finding a livable balance between safety and convenience that's key, I think.

5) What do you think of this article and the advice it gives ? - Do you have any more ? [/B]
Click to expand...

Still looking for helpful comments! :) Thanks! -- Paul
 
Agreed. At least not for very long.

Then again, all locks (physical or in software) can be picked or broken with sufficient effort, so in a sense, there is no such thing as "secure." There are only various shades of relative security. Like most things in life, it's about choosing how much effort needs to be put into security to ensure a reasonable expectation of privacy for the intended purpose of the system and the value of that which you are safeguarding.

VPN's aren't secure, either. (I had some interesting discussions with a wireless researcher in Australia about wireless security, VPN's, and readily-available tools to crack VPN's, on a wireless or not.)

If the intended use of the network is mission-critical (e.g., financial operations or accounting or anything else with vital private or sensitive information), wireless is not the right networking form. Only wired networks should be used for sensitive transactions.

For casual file sharing, internet connection sharing, etc., (i.e., standard home use), wireless is fine so long as reasonable protections are used. WEP is a flawed encryption, but it still takes time to break. Which means that if the key is changed sufficiently regularly and proper precautions are taken, it should do alright for the typical home user.

It'll certainly be better than the setup of most home users: default settings on, no security enabled at all, and oblivious to whether or not somebody else is connected.

But I agree with at least a good portion of your statement: under WEP, you shouldn't be completely oblivious to the fact that you're still vulnerable. Just as wearing a bike helmet shouldn't encourage one to bike recklessly, the limited protections of WEP shouldn't encourage one to be needlessly risky. On the other hand, life is safer with a helmet than without.

So, at the end of the day, it isn't about making a network completely secure, but rather making security better than it was before.

Thanks!! -- Paul
 
This article could not have come at a better time for me. I have actually been considering a wireless network for my home. I was considering wireless simply because it's easier than pulling cable.
I am not overly concerned about security. Where I live, I know all of my neighbors for over 100 yards in any direction. This is a dead end gravel road 3 miles from town.
So, just how far away should I really be worried about? The nearest public road is 100+ yards away, is seldom traveled and used only by people who live in this neck of the woods so to speak.
The cost of wireless networking devices has fallen so far that cost is nearly a non-issue. At least for a small system with a lower need for security (I hope).
 
Cuda, thanks for the interest!

You sound like you're in a pretty fortunate position, since you're quite isolated. Again, amplified antennas can pick up quite faint signals and connect to those networks, but since you're so isolated, the probability is much lower.

I think if you at the least used WEP with regular key changes, did MAC filtering, and reduced your antenna's range if possible, you'd probably be in good enough shape. It never hurts to be security-minded, though, particularly on financial transactions.

If possible, I'd try to spend the extra $ on a system that has WPA if it's affordable for you. Otherwise, you'll probably be reasonably safe with the 802.11b systems with >= 128bit WEP, with the standard provisos. :)

Good luck, and have fun! :) -- Paul
 
Just another note: Look at the two networks that popped up today:

NetworksFound.jpg


WEP isn't great, but it sure beats out at least some of these alternative encryption methods. ;)

The people on Channel 1 changed away from what's the typical channel of 6 and managed to turn off SSID. Perhaps they're using VPN or some other security, which is good.

As for the channel 6er's ...

-- Paul
 
You must log in or register to reply here.

Similar threads

B
Comcast CGM433 Modem & Bridge Mode - SOLVED
Replies
6
Views
395
Barryng
B
Flamethrower1972
Soundcore Life Q20+SE Headphones.
Replies
2
Views
131
Flamethrower1972
Flamethrower1972
TerranBrackiatt
Win11 "Local Security Authorization is off" Warning: A bug
Replies
1
Views
553
TerranBrackiatt
TerranBrackiatt
chillz
HELP: Wireless Keyboard
2
Replies
23
Views
1K
rainless
rainless
don256us
Ubiquiti PoE switches are too damned high.
Replies
1
Views
524
Railgun
Railgun
Back