Welcome to WebmasterWorld Guest from 54.146.221.231

Forum Moderators: open

Message Too Old, No Replies

Setting Up Wireless Security

     
7:55 pm on Sep 6, 2006 (gmt 0)

Full Member

10+ Year Member

joined:Dec 1, 2004
posts:320
votes: 0


Hello...Thinking of going wireless for our pc's but am a bit concerned about security as we run e-com sites...
How secure is a wireless router? any extra particular measures that anyone has taken to ensure security?
Any feedback would be greatly appreciated...
7:51 am on Sept 7, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 5, 2001
posts:2466
votes: 0


setup the route to only handle preset MAC addresses .. you will find the mac address in the your Network Connections in windows

Dave

9:02 am on Sept 7, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


I discovered recently that it's possible to fake/clone mac addresses.

Kaled.

5:18 pm on Sept 7, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 26, 2005
posts:3041
votes: 0


I discovered recently that it's possible to fake/clone mac addresses.

That's certainly possible. Most network adapters today have configurable MAC addresses. They have a built-in one, but it's possible to override it. In Windows, it can be as simple as using the control panel applet or notification area applet that came with the network adapter driver.

However, somebody would first have to know what MAC address to set. The router doesn't "advertise" the MAC addresses that it accepts, and they aren't sent over the air in the clear (i.e. without encryption) assuming that encryption is properly set-up.

11:40 am on Sept 8, 2006 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


IMHO - The folks most likely to bother with trying to gain access through your router - and have the skills to do it - aren't likely to bother with it unless there's a reasonable reward for their efforts. Your neighbors are more likely to try (if broadcast mode is enabled) but as was noted, they'd need to know your MAC address.
4:00 pm on Sept 26, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:Jan 13, 2006
posts:165
votes: 0


WEP key encryption on $50 Linksys router can be cracked in less than a half hour.

Requiring specific MAC addresses adds security but they can also be grabbed from the air by someone who knows how to do it.

You are safe from the average person in your neighborhood if you are buying off the shelf wireless equiptment at the local computer store. You aren't so safe from a 17 year old neighbor with some time on his hands, moderate technical skills, and who considers cracking your wireless a fun challenge.

1:23 am on Sept 28, 2006 (gmt 0)

Junior Member

10+ Year Member

joined:July 30, 2002
posts:100
votes: 0


Use WPA for security, with a relatively long (~25 characters, but the more the better) random key. The only attack vector on WPA that I am aware of is a dictionary attack on poorly chosen keys. Make sure to change the key whenever someone leaves the company.

You could then also set it up to only accept a preset list of mac addresses, though that doesn't really add much security, for reasons already mentioned.

WEP is a joke. Don't use it.

3:28 pm on Sept 28, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Mar 14, 2003
posts:508
votes: 0


1) Turn off network ID broadcasting (SSID)
2) Turn on WEP or WPA
3) Turn on MAC address control
4) Accept you've done all you reasonably can, that your network is as secure as it can be, but it can still be hacked by someone with the time, skills and inclination!
5:22 pm on Sept 28, 2006 (gmt 0)

New User

5+ Year Member

joined:Apr 16, 2006
posts:15
votes: 0


0) Change the administrator password for your wireless router to something other than the default.
.
.
.
5) Ensure that your laptops / PCs only connect to your wireless router and not neighbouring unsecured networks.
6) If your router allows it, reduce the signal strength to operate in a more sensible range.
7) If you are still worried, there are some reasonably priced WLAN network monitoring devices, which can alert you to new wireless devices in your vicinity.
8) Send all of your cables to cable heaven.
9) Forget you ever heard the word hacker.
10) Pour yourself a drink, lean back in your sun lounger, relax and / or scrutinize your campaigns.
1:51 pm on Oct 14, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


11) Get yourself a copy of NetStumbler to check out what else is around in your neighbourhood, if only so that you can then get your kit on a different channel to them.

Most people seem to leave their kit with default SSID, default channel, default username, and god knows what default else.

12) If all your kit uses only 11b or 11g or something else, then limit connections to just that one type.