- Joined
- Apr 3, 2002
- Location
- Bloomington, IN
A Beginner’s Guide to Securing a Wireless Network
By Paul Macklin (a.k.a. macklin01)
Submitted on September 24, 2003 to Overclockers.com
Disclaimer:
I am by no means an expert at networking or network security. I am writing this article as an overview of the techniques I have learned that a relative novice at wireless networking can easily implement to improve wireless networking security with minimal confusion. It should be understood as a starting point on the quest for greater wireless networking security, not the complete solution.
Rather than help with the actual setup of your network, this guide instead focuses on the configuration of the various security options that may be available to you.
Introduction:
I recently set up a wireless home network for my apartment. In my previous apartment, I had strung up a simple 10/100 hub and nailed some cable-holders along the perimeter of the walls to hold the cables. However, I didn’t think the apartment owners in Orange County, CA, would appreciate this sort of option, so I decided to go wireless. It has been a tremendous improvement for aesthetics and simplicity, but security is an issue.
Consider, for example, the recent campaign by the RIAA to sue internet users who illegally share copyrighted music. If you examine these cases a little more closely, you’ll notice that they don’t even determine which computer did the sharing, but rather which IP address was responsible. Suppose you have a broadband connection and a wireless router/firewall. If somebody bootlegs your connection and participates in KaZaa, it’s going to be your IP address that appears on the subpoena. Granted, this is probably one of those very few cases that could stand a chance in court, but why get there in the first place?
Of course, it goes without saying that you want to safeguard your data and privacy. You’ll also want to reserve your bandwidth for your own surfing, rather than bozo’s pr0n downloads, so these are some other good reasons to invest some time in security. So, let’s get started in at improving security.
In this guide, I’ll go through the simplest changes you can make to your wireless network to improve security. At the end of the day, no wireless network is completely secure, but hopefully you can at least create a deterrence/inconvenience. There ought to be more tempting, less-secure networks nearby that are more tempting targets. The overall approach I’d like to convey is “lock the door and try to hide it.”
Equipment Used:
For my network, I use D-Link’s DI-614+ wireless router/firewall. It’s an 802.11b router with a proprietary method of doubling the data rate to 22 Mbps. It also allows for 256-bit WEP passwords. (So long as it’s used with other D-Link networking hardware, such as the DWL-650+.) Best of all, while giving pretty good performance, they’re also pretty cheap. At the time of this writing, the DI-614+ cost $39 at Newegg.com with rebates, $66 without rebates.
If you use different hardware, the terminology and/or techniques will likely differ, but the general approach should still apply.
General Hardware Setup:
My internet connection is through my cable modem, which is, in turn, connected to my firewall/router by an Ethernet cable. I have three computers on my network. Computer 1 is attached to the router with a standard 10/100 Ethernet cable. Computers 2 and 3 are connected via PCI wireless cards.
Router security:
For security, it is best to only use a “wired” computer (Computer 1 in my network) to administer the firewall/router. Thus, your setup should include at least one wired computer. This typically isn’t a big deal, because you’ll probably have a computer next to your router and cable modem anyway.
Also, firmware updates to your router should only be done through a wired computer. This reduces the risk that data corruption in your network could corrupt the firmware on your router.
You should immediately add a password to your admin account on your router. On my D-Link router, this and all settings can be changed by going to http://192.168.0.1 in any web browser. For the D-Link router, look at the “Admin” section of the “Tools” tab.
SSID security:
Your SSID, or service set identifier, is basically the unique name of your local area network (LAN). By default, the SSID is “default” for my D-Link hardware. You should change this name. Don’t use the name of your company or family, though. (This makes it too easy for outsiders to figure out whose network it is and if the data might be interesting.) Instead, choose a random or pseudo-random name, like “lalaMyNet823”. You might also want to change the channel from the default.
By default, most of these wireless routers broadcast the SSID. This makes it easier for other computers to detect and connect to the network. While this is great from an initial setup point of view, it’s something you’ll want to avoid for your network. (A network is more secure if it’s harder to know it’s there at all.) You’ll therefore want to disable this feature. On my D-Link router, you can change this by going to the “Advanced Tab”, then “Performance”, and changing the “SSID Broadcast” feature to “Disabled.”
Notice that once this is done, you’ll have to manually configure each wireless device on your network to the SSID you chose.
Encryption:
All 802.11b wireless routers have some sort of WEP (wireless equivalent protocol) encryption built in. All the routers can do 64-bit WEP encryption, and most can do 128-bit encryption. Some can also do 256-bit encryption. (My D-Link router is one such example.) Enabling this encryption provides some security for the data as it is transmitted between the router and the wireless clients. It also helps prevent unauthorized computers from accessing your network.
Recently, however, it has been shown that this encryption has some security flaws. From what I’ve read thus far, a 128-bit key can be broken in roughly one week solely from data interceptions and pattern analysis. A 64-bit key can be broken in a matter of hours.
Some maintain that these flaws are great enough that WEP shouldn’t even be bothered with, and using it only produces a false sense of security. I remember seeing a similar argument used at rifle ranges: “Gun safety mechanisms are mechanical devices that are subject to failure, so relying on them is false security. Therefore, don’t use them, and teach discipline instead.” Well, even the best-trained marksman can trip while carrying a firearm, and a fallback mechanism is nice. Likewise, I would maintain that weak encryption is better than no encryption, especially when used in conjunction with other protective measures.
Therefore, I would recommend using the highest-level protection that your network can allow. On my D-Link, I use the full 256-bit protection. On the D-Link, you can enable the WEP and set the key in the “Wireless” section of the “Home” tab. I generally choose to enter a hex string rather than an ASCII string because you can fit more hex characters (4 bits each) than ASCII characters (8 bits each) into a string of a fixed number of bits; this results in a more-random key. When choosing your WEP key, choose something random. Whatever you do, don’t stick with the default “000000000…..” key! In the “Downloadable Tools” section of this write-up, I have provided a random hex key generator to make this a little easier.
Some routers (such as my D-Link) allow you to choose an “open” or “shared” WEP Authentication. I would select “shared”. If you were to choose “open”, only those computers with MAC addresses and the correct WEP key would be able to connect to your network, but the wireless access point would be visible to all. Changing the option to “shared” fixes that. For the D-Link router, you can change these Open/Shared options under “Performance” in the “Advanced” tab.
You’ll need to manually enter your WEP key into every wireless device on your network.
I would recommend changing your WEP key every week or less. This way, if somebody is monitoring your network, your key will likely have been changed before they will have broken it.
DHCP Security:
By default, the D-Link router (and most wireless routers) have the DHCP (Dynamic Host Control Protocol) server enabled. This is helpful for setting up a network, because it assigns an IP address to all devices as they boot up and try to connect to the network. However, from a security standpoint, they make it much easier for any computer to connect to your network (including passers by who may notice your network), authorized or not. However, you can get around this with a small amount of effort.
Each piece of networking hardware has a unique MAC (Media Access Control) address. You can configure your router to only accept networking commands/requests from a specified list of hardware by specifying the MAC addresses.
First, go to each computer on your network, open a command prompt, and type:
ipconfig /all
if you’re in WinXP or Win2k, or type
winipconfig
in Win9x or WinME. The MAC address may sometimes be referred to as the adapter address. In Linux, use the “ifconfig –a” command. A typical address is
00-A0-C9-05-5A-E8
Then, for each computer, write down its MAC address and choose a unique IP address, such as 192.168.0.x, where x > 1.
Then, go to your router and assign these static IP addresses to each MAC address. For the D-Link router, you do this at the “DHCP” section of the “Home” tab, under “Static DHCP”.
Once you have added each MAC address and associated IP address to the Static DHCP Client List, you should disable the DHCP server on your router. On the D-Link router, this is done by selecting “DHCP server Disabled” in the “DHCP” section of the “Home” tab.
However, this isn’t quite the last step on the router configuration. Right now, you’re preventing other pieces of hardware from getting assigned IP addresses, and you’re manually assigning IP addresses to the hardware on your network. You also want your router to deny traffic to all devices you haven’t recognized and manually assigned addresses to. You do this by enabling MAC filtering on your firewall. On the D-Link router, this is done in the “Filters” section of the “Advanced” tab. Choose “MAC Filters”, choose “Only allow computers with MAC address listed below to access the network”, and enter the first MAC address on your list. List all the devices that way.
Once this is all done, you will have to manually set the IP address, Default Subnet, Default Gateway, and DNS server on each computer. (Both wired and wireless.) The IP address is set as you chose it. The Default Gateway and DNS server are both the IP address of your router. (In most cases, this is 192.168.0.1.) The default subnet is usually 255.255.255.0.
Notice that once you have MAC filtering enabled, you technically don’t have to turn off the DHCP server. Even if some unauthorized piece of hardware gets assigned an IP address, the MAC filter should prevent it from interacting with your network. However, disabling the DHCP server should make it that much more inconvenient for unauthorized users to gain a foothold in your network, and I still recommend disabling it.
One last thing I might recommend regarding IP addresses is changing the address of your router (typically 192.168.0.1) and other devices to other addresses. Because 192.168.x.y is so commonly used by default on most wireless (and wired) home and small networks, it is a common starting point for hacking attempts. Generating some random addresses should add some additional obstacles to hacking your network.
Further Hiding Your Network:
A hidden locked door is more secure than a locked door. It is therefore a good approach to try to hide your wireless network from the outside world. I have found that my router broadcasts data with much more power than is necessary. Fortunately, there is a way to adjust this power. On my D-Link router in the “Performance” section of the “Advanced” tab, I can choose 100%, 50%, 25%, or 12.5% antenna transmit power. After experimentation, I found that I could reduce the power to 12.5% and still get >90% signal strength and quality on all my networked devices. If you can adjust the antenna strength on your router, you should try to find the minimal strength necessary for maintaining quality connections.
Another thing you can do to hide your network (and not just your wireless network) from the outside world is to disable the WAN (wide-area network) ping. This ping is often the first step in probing your computer from the internet-side for attacks. It could also be used to detect your wireless network. On my D-Link router, you can disable this ping by selecting “Discard PING from WAN side” in the “Misc“ section of the “Tools” tab.
Security-Minded Living:
Here are some additional tips for everyday computing that will help improve the security of your network.
1) For transactions including your social security number, financial data, credit cards, etc., you should only use a wired computer.
2) Never distribute your WEP keys or other security data by shared data files or emails. If you must use a file to convey the keys, then do so manually with a floppy disk.
3) Change your WEP frequently. Once every week or so is generally acceptable for a 128-bit or higher key.
4) Check your firewall/router logs. If you notice unusual activity or a new machine connected to it, change your WEP key and static IP address immediately!
5) Don’t post screenshots of your configuration, etc.
6) Security is never finished. Keep up-to-date on developments in wireless security, and keep your firmware and drivers up-to-date as well.
Additional Security:
This is a good baseline security setup. A good step from here is setting up VPN’s (virtual private networks.) These use a secured tunneling protocol to connect members of a network across public telecommunications. They can be applied above and beyond the WEP encryption and other means described in this article. (But they are above the scope of this article for beginning security.)
Another possible method that has been brought to my attention is NoCatAuth. They use their own authentication process that could be handy in restricting web usage through your home network, although I haven’t had a chance to review its applicability beyond the standard NoCat network.
Downloadable Tools:
1) Random hex WEP key generator: I wrote a small command-line random key generator. You tell it how many bits your key is (e.g., 64, 128, 256 bits), and it will automatically generate a random key of appropriate length. It will both display this key on a screen and save it to a file for you.
Download: http://www.math.uci.edu/~pmacklin/downloads/programs/wireless/randomWEPkey.zip (117 KB)
Screenshot:
2) NetStumbler: You can use this tool to test out your new security settings. Note that on some machines, if you’re logged onto your wireless network while you use NetStumbler, it will mistakenly identify the SSID. (i.e., even if you aren’t broadcasting the SSID, it will find it.)
Download:
http://www.netstumbler.com/
Future Directions:
With sufficient demand (and if I can get the time to learn it), I might add information on VPN’s and new/improved downloadable tools to this guide.
Additional Web Resources:
1) SearchNetworking.com Glossary
http://searchnetworking.techtarget.com/glossaryBrowseAlpha
This site has a great, indexed glossary of the many terms you’ll see in wired and wireless networking.
3) NoCat and NoCatAuth
http://www.nocat.net/
This site has information on the NoCat network and NoCatAuth that they developed.
4) Oreilly Article on Vulnerability of WEP and Wireless Networks
http://www.oreillynet.com/pub/a/wireless/excerpt/wirlsshacks_chap1/index.html
A spooky write-up on what a really knowledgeable person can do with a little luck. (Although they only used some relatively older hardware and 64-bit keys.)
5) Net-Security.org
http://www.net-security.org/review.php?id=92
A good site for online security know-how.
6) Overclockers forum discussion
http://forum.oc-forums.com/vb/showthread.php?s=&postid=2149919#post2149919
Where the original discussions on the contents of this write-up occurred.
Acknowledgements:
I would like to thank Steve (larva), Tebore, trey_w, orion25, and XWRed1 for their contributions in the aforementioned forums discussion. They helped me to develop a better understanding of security and the available resources.
Contact:
For help or comments, please PM me. I am particularly interested in further tips for security-minded living.
By Paul Macklin (a.k.a. macklin01)
Submitted on September 24, 2003 to Overclockers.com
Disclaimer:
I am by no means an expert at networking or network security. I am writing this article as an overview of the techniques I have learned that a relative novice at wireless networking can easily implement to improve wireless networking security with minimal confusion. It should be understood as a starting point on the quest for greater wireless networking security, not the complete solution.
Rather than help with the actual setup of your network, this guide instead focuses on the configuration of the various security options that may be available to you.
Introduction:
I recently set up a wireless home network for my apartment. In my previous apartment, I had strung up a simple 10/100 hub and nailed some cable-holders along the perimeter of the walls to hold the cables. However, I didn’t think the apartment owners in Orange County, CA, would appreciate this sort of option, so I decided to go wireless. It has been a tremendous improvement for aesthetics and simplicity, but security is an issue.
Consider, for example, the recent campaign by the RIAA to sue internet users who illegally share copyrighted music. If you examine these cases a little more closely, you’ll notice that they don’t even determine which computer did the sharing, but rather which IP address was responsible. Suppose you have a broadband connection and a wireless router/firewall. If somebody bootlegs your connection and participates in KaZaa, it’s going to be your IP address that appears on the subpoena. Granted, this is probably one of those very few cases that could stand a chance in court, but why get there in the first place?
Of course, it goes without saying that you want to safeguard your data and privacy. You’ll also want to reserve your bandwidth for your own surfing, rather than bozo’s pr0n downloads, so these are some other good reasons to invest some time in security. So, let’s get started in at improving security.
In this guide, I’ll go through the simplest changes you can make to your wireless network to improve security. At the end of the day, no wireless network is completely secure, but hopefully you can at least create a deterrence/inconvenience. There ought to be more tempting, less-secure networks nearby that are more tempting targets. The overall approach I’d like to convey is “lock the door and try to hide it.”
Equipment Used:
For my network, I use D-Link’s DI-614+ wireless router/firewall. It’s an 802.11b router with a proprietary method of doubling the data rate to 22 Mbps. It also allows for 256-bit WEP passwords. (So long as it’s used with other D-Link networking hardware, such as the DWL-650+.) Best of all, while giving pretty good performance, they’re also pretty cheap. At the time of this writing, the DI-614+ cost $39 at Newegg.com with rebates, $66 without rebates.
If you use different hardware, the terminology and/or techniques will likely differ, but the general approach should still apply.
General Hardware Setup:
My internet connection is through my cable modem, which is, in turn, connected to my firewall/router by an Ethernet cable. I have three computers on my network. Computer 1 is attached to the router with a standard 10/100 Ethernet cable. Computers 2 and 3 are connected via PCI wireless cards.
Router security:
For security, it is best to only use a “wired” computer (Computer 1 in my network) to administer the firewall/router. Thus, your setup should include at least one wired computer. This typically isn’t a big deal, because you’ll probably have a computer next to your router and cable modem anyway.
Also, firmware updates to your router should only be done through a wired computer. This reduces the risk that data corruption in your network could corrupt the firmware on your router.
You should immediately add a password to your admin account on your router. On my D-Link router, this and all settings can be changed by going to http://192.168.0.1 in any web browser. For the D-Link router, look at the “Admin” section of the “Tools” tab.
SSID security:
Your SSID, or service set identifier, is basically the unique name of your local area network (LAN). By default, the SSID is “default” for my D-Link hardware. You should change this name. Don’t use the name of your company or family, though. (This makes it too easy for outsiders to figure out whose network it is and if the data might be interesting.) Instead, choose a random or pseudo-random name, like “lalaMyNet823”. You might also want to change the channel from the default.
By default, most of these wireless routers broadcast the SSID. This makes it easier for other computers to detect and connect to the network. While this is great from an initial setup point of view, it’s something you’ll want to avoid for your network. (A network is more secure if it’s harder to know it’s there at all.) You’ll therefore want to disable this feature. On my D-Link router, you can change this by going to the “Advanced Tab”, then “Performance”, and changing the “SSID Broadcast” feature to “Disabled.”
Notice that once this is done, you’ll have to manually configure each wireless device on your network to the SSID you chose.
Encryption:
All 802.11b wireless routers have some sort of WEP (wireless equivalent protocol) encryption built in. All the routers can do 64-bit WEP encryption, and most can do 128-bit encryption. Some can also do 256-bit encryption. (My D-Link router is one such example.) Enabling this encryption provides some security for the data as it is transmitted between the router and the wireless clients. It also helps prevent unauthorized computers from accessing your network.
Recently, however, it has been shown that this encryption has some security flaws. From what I’ve read thus far, a 128-bit key can be broken in roughly one week solely from data interceptions and pattern analysis. A 64-bit key can be broken in a matter of hours.
Some maintain that these flaws are great enough that WEP shouldn’t even be bothered with, and using it only produces a false sense of security. I remember seeing a similar argument used at rifle ranges: “Gun safety mechanisms are mechanical devices that are subject to failure, so relying on them is false security. Therefore, don’t use them, and teach discipline instead.” Well, even the best-trained marksman can trip while carrying a firearm, and a fallback mechanism is nice. Likewise, I would maintain that weak encryption is better than no encryption, especially when used in conjunction with other protective measures.
Therefore, I would recommend using the highest-level protection that your network can allow. On my D-Link, I use the full 256-bit protection. On the D-Link, you can enable the WEP and set the key in the “Wireless” section of the “Home” tab. I generally choose to enter a hex string rather than an ASCII string because you can fit more hex characters (4 bits each) than ASCII characters (8 bits each) into a string of a fixed number of bits; this results in a more-random key. When choosing your WEP key, choose something random. Whatever you do, don’t stick with the default “000000000…..” key! In the “Downloadable Tools” section of this write-up, I have provided a random hex key generator to make this a little easier.
Some routers (such as my D-Link) allow you to choose an “open” or “shared” WEP Authentication. I would select “shared”. If you were to choose “open”, only those computers with MAC addresses and the correct WEP key would be able to connect to your network, but the wireless access point would be visible to all. Changing the option to “shared” fixes that. For the D-Link router, you can change these Open/Shared options under “Performance” in the “Advanced” tab.
You’ll need to manually enter your WEP key into every wireless device on your network.
I would recommend changing your WEP key every week or less. This way, if somebody is monitoring your network, your key will likely have been changed before they will have broken it.
DHCP Security:
By default, the D-Link router (and most wireless routers) have the DHCP (Dynamic Host Control Protocol) server enabled. This is helpful for setting up a network, because it assigns an IP address to all devices as they boot up and try to connect to the network. However, from a security standpoint, they make it much easier for any computer to connect to your network (including passers by who may notice your network), authorized or not. However, you can get around this with a small amount of effort.
Each piece of networking hardware has a unique MAC (Media Access Control) address. You can configure your router to only accept networking commands/requests from a specified list of hardware by specifying the MAC addresses.
First, go to each computer on your network, open a command prompt, and type:
ipconfig /all
if you’re in WinXP or Win2k, or type
winipconfig
in Win9x or WinME. The MAC address may sometimes be referred to as the adapter address. In Linux, use the “ifconfig –a” command. A typical address is
00-A0-C9-05-5A-E8
Then, for each computer, write down its MAC address and choose a unique IP address, such as 192.168.0.x, where x > 1.
Then, go to your router and assign these static IP addresses to each MAC address. For the D-Link router, you do this at the “DHCP” section of the “Home” tab, under “Static DHCP”.
Once you have added each MAC address and associated IP address to the Static DHCP Client List, you should disable the DHCP server on your router. On the D-Link router, this is done by selecting “DHCP server Disabled” in the “DHCP” section of the “Home” tab.
However, this isn’t quite the last step on the router configuration. Right now, you’re preventing other pieces of hardware from getting assigned IP addresses, and you’re manually assigning IP addresses to the hardware on your network. You also want your router to deny traffic to all devices you haven’t recognized and manually assigned addresses to. You do this by enabling MAC filtering on your firewall. On the D-Link router, this is done in the “Filters” section of the “Advanced” tab. Choose “MAC Filters”, choose “Only allow computers with MAC address listed below to access the network”, and enter the first MAC address on your list. List all the devices that way.
Once this is all done, you will have to manually set the IP address, Default Subnet, Default Gateway, and DNS server on each computer. (Both wired and wireless.) The IP address is set as you chose it. The Default Gateway and DNS server are both the IP address of your router. (In most cases, this is 192.168.0.1.) The default subnet is usually 255.255.255.0.
Notice that once you have MAC filtering enabled, you technically don’t have to turn off the DHCP server. Even if some unauthorized piece of hardware gets assigned an IP address, the MAC filter should prevent it from interacting with your network. However, disabling the DHCP server should make it that much more inconvenient for unauthorized users to gain a foothold in your network, and I still recommend disabling it.
One last thing I might recommend regarding IP addresses is changing the address of your router (typically 192.168.0.1) and other devices to other addresses. Because 192.168.x.y is so commonly used by default on most wireless (and wired) home and small networks, it is a common starting point for hacking attempts. Generating some random addresses should add some additional obstacles to hacking your network.
Further Hiding Your Network:
A hidden locked door is more secure than a locked door. It is therefore a good approach to try to hide your wireless network from the outside world. I have found that my router broadcasts data with much more power than is necessary. Fortunately, there is a way to adjust this power. On my D-Link router in the “Performance” section of the “Advanced” tab, I can choose 100%, 50%, 25%, or 12.5% antenna transmit power. After experimentation, I found that I could reduce the power to 12.5% and still get >90% signal strength and quality on all my networked devices. If you can adjust the antenna strength on your router, you should try to find the minimal strength necessary for maintaining quality connections.
Another thing you can do to hide your network (and not just your wireless network) from the outside world is to disable the WAN (wide-area network) ping. This ping is often the first step in probing your computer from the internet-side for attacks. It could also be used to detect your wireless network. On my D-Link router, you can disable this ping by selecting “Discard PING from WAN side” in the “Misc“ section of the “Tools” tab.
Security-Minded Living:
Here are some additional tips for everyday computing that will help improve the security of your network.
1) For transactions including your social security number, financial data, credit cards, etc., you should only use a wired computer.
2) Never distribute your WEP keys or other security data by shared data files or emails. If you must use a file to convey the keys, then do so manually with a floppy disk.
3) Change your WEP frequently. Once every week or so is generally acceptable for a 128-bit or higher key.
4) Check your firewall/router logs. If you notice unusual activity or a new machine connected to it, change your WEP key and static IP address immediately!
5) Don’t post screenshots of your configuration, etc.
6) Security is never finished. Keep up-to-date on developments in wireless security, and keep your firmware and drivers up-to-date as well.
Additional Security:
This is a good baseline security setup. A good step from here is setting up VPN’s (virtual private networks.) These use a secured tunneling protocol to connect members of a network across public telecommunications. They can be applied above and beyond the WEP encryption and other means described in this article. (But they are above the scope of this article for beginning security.)
Another possible method that has been brought to my attention is NoCatAuth. They use their own authentication process that could be handy in restricting web usage through your home network, although I haven’t had a chance to review its applicability beyond the standard NoCat network.
Downloadable Tools:
1) Random hex WEP key generator: I wrote a small command-line random key generator. You tell it how many bits your key is (e.g., 64, 128, 256 bits), and it will automatically generate a random key of appropriate length. It will both display this key on a screen and save it to a file for you.
Download: http://www.math.uci.edu/~pmacklin/downloads/programs/wireless/randomWEPkey.zip (117 KB)
Screenshot:
2) NetStumbler: You can use this tool to test out your new security settings. Note that on some machines, if you’re logged onto your wireless network while you use NetStumbler, it will mistakenly identify the SSID. (i.e., even if you aren’t broadcasting the SSID, it will find it.)
Download:
http://www.netstumbler.com/
Future Directions:
With sufficient demand (and if I can get the time to learn it), I might add information on VPN’s and new/improved downloadable tools to this guide.
Additional Web Resources:
1) SearchNetworking.com Glossary
http://searchnetworking.techtarget.com/glossaryBrowseAlpha
This site has a great, indexed glossary of the many terms you’ll see in wired and wireless networking.
3) NoCat and NoCatAuth
http://www.nocat.net/
This site has information on the NoCat network and NoCatAuth that they developed.
4) Oreilly Article on Vulnerability of WEP and Wireless Networks
http://www.oreillynet.com/pub/a/wireless/excerpt/wirlsshacks_chap1/index.html
A spooky write-up on what a really knowledgeable person can do with a little luck. (Although they only used some relatively older hardware and 64-bit keys.)
5) Net-Security.org
http://www.net-security.org/review.php?id=92
A good site for online security know-how.
6) Overclockers forum discussion
http://forum.oc-forums.com/vb/showthread.php?s=&postid=2149919#post2149919
Where the original discussions on the contents of this write-up occurred.
Acknowledgements:
I would like to thank Steve (larva), Tebore, trey_w, orion25, and XWRed1 for their contributions in the aforementioned forums discussion. They helped me to develop a better understanding of security and the available resources.
Contact:
For help or comments, please PM me. I am particularly interested in further tips for security-minded living.
Last edited: