Wireless Question?

Nighthawk

I was reading Eric's post and it made me wonder, can my neighbor tap into my wireless connection and use it?

FrancF

Not if your running WPA2-Personal wireless security in your settings. Your good

fishkiller41

All the new routers have a code u can use during set up. U don't HAVE to use it, but if U don't, someone w/a laptop can scan it and horn-in on your IP [:(!]

hrbie

I think even the older model routers have some sort of lock on them.

FrancF

And that would be "admin" the first thing they will try.

Nwcid

As the others have said it depends.

If you set a password and locked the system then unless they "hack" it some how then no they can not.

If you have an open (ie unlocked) system then yes they can.

This is assuming they are in a spot they can get the signal.

BaseJumper

and you would be amazed at how many businesses and homes have open wireless connections. Businesses that have open access to their network, not just a partition set up and open for their clients.

Well, if they were all educated on these topics, I would not have a job. So no complaints here.

Old-Colts

Enable encryption and use the strongest method offered by your product and turn off the beacon so that your SSID isn't broadcasted and neighbors or internet thieves can't see your Router. Your setup will then be very secure!

lindalecowboy

quote:Originally posted by Old-Colts
Enable encryption and use the strongest method offered by your product and turn off the beacon so that your SSID isn't broadcasted and neighbors or internet thieves can't see your Router. Your setup will then be very secure!


you old fart, you ain't just another pretty face are you??? a geek in sheep's clothing.

Old-Colts

quote:Originally posted by lindalecowboy
quote:Originally posted by Old-Colts
Enable encryption and use the strongest method offered by your product and turn off the beacon so that your SSID isn't broadcasted and neighbors or internet thieves can't see your Router. Your setup will then be very secure!you old fart, you ain't just another pretty face are you??? a geek in sheep's clothing.[:I][:I][:D]

Nighthawk

How exactly do I do this? The Router is in my wifes office she runs 2 PC's off of it and I run my laptop. We use the same passwords to log on to our computers. But I dont guess that stops the neighbor from tapping in. If youloose your connection and have to get back on line it has our IP address then you have to enter a password. Is this the one that makes it safe?

BaseJumper

Well, we first need to get you logged in to your router so we can setup the security. Do you have the user guide handy for your router? Not knowing what your level of knowledge is on these things it is tough to explain in this format.

Can you log in to your router and see the configuration settings? If not I will start by getting you in to the router and then we will go from there.

Read over the user guide if you have it. If you don't, download a copy from the manufacturer website. Once you have looked it over you may find the answer yourself. If you are still confused I will be glad to help.

BaseJumper

But...if you let them on your network you no longer have control over your security or what goes up and downstream on your network that you are responsible for. If the neighbor kids are downloading huge files on a torrent site and sucking up a God awful amount of bandwidth, you will be blamed because it comes from your IP address.

Trust me when I say that your PCs are not secure if you open up your router. I got tired of the teenage neighbor here trying like hell to crack my router/firewall. I installed a new wireless network and left the old one up (with slightly less security). When he finally hacked the decoy, there were no more attempts on it for almost a month. Hope the little turd had lots of trouble with his PC for awhile.

DHCP is not secure. Even if your router is not open, all it takes is some skill with HTML (the language of the we page) and some basic script language know how to access many routers. Hell, the tutorials and even the exact code to hack specific Linksys, Netgear, and even Cisco routers can be found on the internet via a Google search.

Here is a tech read out on DHCP and it's lack of security if interested.

https://forums2.symantec.com/t5/Emerging/DNS-Pharming-Attacks-Using-Rogue-DHCP/ba-p/370377

cnsay

Most likely if you just turn off the broadcast and change the name of the network to something not obvious to the neighbors you will be fine. It is still easy for you to add computers but not so easy for them to stumble across your network. Wireless networks are like doors, the locks will keep the honest people honest but not stop someone out to be bad.

iwannausername

Breaking WEP encryption is trivial. Breaking WPA2 is possible, just takes longer.

BaseJumper

Use WPA-2, do not broadcast your SSID, and then choose to only allow the MAC addresses that you specify and never allow remote administration. Makes it much harder from outside the network. Most won't even try, especially when your neighbors have an open network 3 houses down.

This makes it a little more work for you to manage adding something new on the network, but is your security worth the time? Mine is.

iwannausername

HTML is just a markup language - it has no cracking capabilities.

Hiding your SSID just marks it as hidden - it is still transmitted, and many wireless apps will cheerfully show hidden networks.

All encryption is breakable - wep in about 30 seconds, WPA2 takes a few days and more data to examine. Trivial to do in a neighborhood.

And changing your MAC address to match one you've sniffed out is trivial as well, at least on real operating systems....

quote:Originally posted by BaseJumper
Use WPA-2, do not broadcast your SSID, and then choose to only allow the MAC addresses that you specify and never allow remote administration. Makes it much harder from outside the network. Most won't even try, especially when your neighbors have an open network 3 houses down.

This makes it a little more work for you to manage adding something new on the network, but is your security worth the time? Mine is.

HappyNanoq

There are a couple of instructional videos on YouTube - on how to hack a wireless network.

All it takes is a laptop/desktop with wireless capability - Linux operatingsystem and a program that comes with Linux as standard.


You can setup the Linux computer so it "listens" to any traffic on the different channels on the wireless - regardless of it being "SSID Off", encrypted with WEP, WPA or WPA-2 - and even MAC-adressen can be taken/recorded and cloned directly from the wireless communication.

I've personally seen a 128bit coded WPA-2 wireless network with "Do not broadcast SSID" and set to only allow certain MAC-adresses - be cracked in 7 minutes.!

That was sone with a HP Pavilion laptop, running UBUNTU (Linux) and the serviceprograms that comes with that operatingsystem.

We're not safe.


But set it up as good as you can - and hope there are no geeks that want to put some blame on you.

HappyNanoq

When I lived in Denmark, my cousin lived across the street - and as I had a 1mb download 512kb upload DSL with no upper limit - offcourse we set it up so he could use the internet also.


You can only block out the "regular" users - i.e. those that live close by and tries to scan for open networks.


"SSID Broadcast" is a function that makes the router broadcast it's network ID - if you turn it off, you have to know there is a network, and make the computer search specifically for that network name, in order to get a responce.

So when you are done setting it up - turn off "Broadcast SSID".



Of WEP, WPA and WPA-2 - the WPA-2 is the strongest/most complicated coding.
If you don't have many neighbours and consider it a low risk - it doesn't matter much which one you choose.
If you live in a city, with many people within range, you should use WPA-2 and the strongest encoding you can.!

But in order to keep out "regular" users - any 128bit encoding will do.

As wireless routers are usually 10MBit or 54MBit, and the internet is WAY less.... you won't feel any speed-difference between the different encodings - so just choose the strongest encoding that your setup will accept.



Also, change the IP-adress as well as the ADMIN-account password.!

You use the factory IP-adress to connect to the router, when setting it up - and you probably use ADMIN without any password.

Then all a hacker needs to do, is try to connect to the standard factory IP-adresses and type in ADMIN. All other security would then mean absolutely zilch/nada/bubkus.


Also, run through the router settings, scan your MAC-adress and make it one of the approved computers.!

It won't mean nothing for an experienced/semi-experienced hacker, but it would keep out the "regular" users that might get lucky with trying passwords.

If they crack the password and make contact to the router - the router checks if the MAC-adress is correct.
MAC-adress is a code that is put together from different hardware-options in your computer - and with a serialnumber in the wireless network hardware.
"Regular" users won't have the same MAC-adress and the router will filter them out.

Hackers can "sniff" MAC-adresses, and any passwords in WEP, WPA and WPA-2 encryption - simply by letting the computer listen to any traffic on the wireless router frequencies.


If you do these things - you will keep out most people, except semi-experienced/experienced hackers. (nerds)


So:
select the strongest encryption available in the wireless router and the computer. - it might be WPA or WPA-2 - or if it's an older system, it might be the WEP.
You can update your system to allow for stronger encryptions, and WPA-2 would be the best.

Chance the Admin-password (remember, passwords are case sensitive... so "broadway" isn't the same as "bRoaDWaY", for instance)

Change the router IP-adress, so it won't respond to hackers or regular users trying to detect factory set router-IP's.
Remember when you change the IP-adress, if you need to make changes - it will be the new IP-adress that you would have to use to gain access to the Admin-part of the router.

Change the wireless networkname to something only YOU know.

Set it to "Broadcast SSID = OFF" - then regular people won't get "Nighthawk Wireless" to pop up when they scan for networks.
They would have to know the networkname. (it's a soft code in itself)

Set the router to accept your own MAC-adresses of your various computers.


If you can - setup a Log, and keep an eye on it from time to time.
It will help you see if anyone tries to make a fool out of you.

That should do it - for the most part.!

BaseJumper

definately all of those things listed by everyone to help secure your wireless network. Kind of like you and your friends being chased by a bear: you don't have to be able to outrun the bear, just be able to out run your friends. If your network is more secure than your neighbors, they will more than likely leave you alone.

The only way to make the network more secure than the tools allowed on common routers (WPA-PSK, allow only know MACs, no broadcast) is to install programs on your PCs that encrypt all data going over the network with 256 bit AES encryption keys. That way none of the data you send is in the clear and much harder to capture any of it even with the listening tools available.

Security on wireless is not like the Showtime Rotisserie Ovens: you can't "Set it and forget it". Check your logs, set your security to email you upon certain events and don't give your kids the password to log into the router and change anything.

iwannausername

Or leave your wireless completely open, but with no gateway. Then use a VPN to create a sub-network and access the internet. Everyone can connect to the wireless, but no one can do anything with out the VPN connection