 |
 |
How do I *really* know my wireless network is secure?
|
|
|
|
|
Junior Member
Join Date: Jan 2003
Location: Bloomington, MN
Status:
Offline
|
|
OK - I got my cable wireless network set up with able assistance in this forum from folks like GHPorter, aanorton, ScotttheKing, etc. I did all the stuff one is supposed to do to secure it - the 128 bit thing, mapped it only to my Mac, did the hex key thing, renamed the network with my unhackable password, etc.
How can I easily verify at any moment that no baddies are using my connection in a way that would get me in trouble with the FBI?
I have one computer in my network.
Thank you.
|
She's too happy!
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Feb 2003
Location: earth
Status:
Offline
|
|
Originally posted by PreciousBbird:
OK - I got my cable wireless network set up with able assistance in this forum from folks like GHPorter, aanorton, ScotttheKing, etc. I did all the stuff one is supposed to do to secure it - the 128 bit thing, mapped it only to my Mac, did the hex key thing, renamed the network with my unhackable password, etc.
How can I easily verify at any moment that no baddies are using my connection in a way that would get me in trouble with the FBI?
I have one computer in my network.
Thank you.
put an ids on you machine (i.e. snort or something). that will let you know if someone tries something on the machine or network.
fyi... using wep, mac filtering and all the other goodies does not prevent someone who wants to get on your access point from doing so. however, the harder you make it the more determined to get on *your* network they will need to be. getting onto the network is one thing, getting on your machine is another. between locking down the access point and hardening the machine you should be fine unless you are housing some sort of real important data that someone really, really wants.
in the end, the fact that you are using a mac is pretty much enough reason for most script kiddies or wannabe hackers to not get anywhere.
|
|
|
| |
|
|
|
|
|
|
|
Moderator Emeritus  Join Date: Dec 2000
Location: College Park, MD
Status:
Offline
|
|
If you want to be 100% sure that no one is using it for anything "bad", pull the power cord out of the back.
If you have WEP and SSID broadcasting off and MAC filtering you can be pretty sure that no one is going to try anything. It's just not worth the time. Don't worry about it. If you want even more security then that it's going to cost money and take a lot of work.
|
|
|
| |
|
|
|
|
|
|
|
Administrator  Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Online
|
|
Scott's right, the only way to be absolutely certain everything's perfect is to turn it off. On the other hand, you've already covered all the bases you can.
MAC filtering will keep out all but your selected network card (your AirPort card), and 128 bit WEP will keep all but the most stubborn, adept and well equipped (that's electronic hardware I'm talking about-my personal opinion is that people that dink around with other's networks are compensating for a physical lack in a particularly intimate anatomical area) from reading your packets.
Besides, sadly there are far too many others out there that haven't even thought about any security-they order stuff over the phone with their credit cards using their ancient cordless that every scanner junkie in the neighborhood can listen in on-so your "padlock, fence and warning sign" security is too much trouble to mess with. Welcome to the era of paranoid computing.
When do you next plan to change your WEP key? You should do it fairly frequently...like monthly.
|
|
Glenn -----
OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Feb 2003
Location: earth
Status:
Offline
|
|
Originally posted by GHPorter:
Besides, sadly there are far too many others out there that haven't even thought about any security-
exactly
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
For all intents an purposes you have your bases covered in so far as combating the "casual" hacker who does not have all that much skill or desire to penetrate your defenses. There are plenty of other APs that are easier to associate with and shoot traffic through out there as has been stated in previous posts. Beyond what you have done there isn't much else you can do in addition to changing your key on a regular basis.
You can go with a solution like Snort or Shadow if you really want to actively monitor the waves for anamolous traffic, which I believe has also been mentioned (props where props are due). Short of upgrading hardware and deploying some kind of 802.1x solution i.e. LEAP, PEAP, EAP/TLS with MIC and/or TKIP (Not exactly cost effective for a home solution. Oh did I miss a buzz acronym  ??) you will always have risk broadcasting data traffic on the airwaves.
It pretty much boils down to how sensitive the data that is transferred wirelessly is, and how partial you are to not letting that slip into other people's hands. Well I think I've rehashed what has been said already enough. Wireless security annoys me enough to the point where I have to vent/expound however unnecessary it is I guess. Cheers all.
-Kampl
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
