Is my network secure enough now?!?

Discussion in 'Wireless Networking' started by Lobster, Jun 12, 2005.

  1. Lobster

    Lobster Guest

    I've set up a wireless network at home for the first time, having
    hopefully read up enough on security to make this a 'safe' proposition.
    What I'd like to know is, having taken these steps, can I consider my
    wireless network to be fully secure to all intents and purposes (given
    that I'm just an ordinary person living in a low-population density
    suburb (rather than, say, a corporate user at high risk of attack)?

    I have a Linksys WRT54G router connected to always-on broadband, and
    have taken the following steps:

    1. Changed the router admin login details from the default
    2. Changed the default SSID
    3. Disabled SSID broadcast
    4. Enabled MAC filter (ie only the MAC address of my laptop is allowed
    to connect wirelessly)
    5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds,
    whatever that means!)
    6. Enabled Windows XP firewall on all PCs (plus the router's hardware
    firewall).

    Does this sound reasonable? Should I really worry about accessing
    online banking wirelessly for example, any more than when accessing it
    from a wired PC?

    --
    Thanks
    David
     
    Lobster, Jun 12, 2005
    #1
    1. Advertising

  2. Both items 3 & 4 are of minimal to no value as far as security measures are concerned. The best
    measure is using WPA, which you have done, with a very long and random key. Personally I use WPA-PSK
    (TKIP) with a >25 character totally random ASCII key...

    http://www.dslreports.com/faq/wlan/40.0 Security#10907
    http://www.dslreports.com/faq/11462

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...


    "Lobster" <> wrote in message
    news:3z0re.7460$...
    > I've set up a wireless network at home for the first time, having hopefully read up enough on
    > security to make this a 'safe' proposition. What I'd like to know is, having taken these steps,
    > can I consider my wireless network to be fully secure to all intents and purposes (given that I'm
    > just an ordinary person living in a low-population density suburb (rather than, say, a corporate
    > user at high risk of attack)?
    >
    > I have a Linksys WRT54G router connected to always-on broadband, and have taken the following
    > steps:
    >
    > 1. Changed the router admin login details from the default
    > 2. Changed the default SSID
    > 3. Disabled SSID broadcast
    > 4. Enabled MAC filter (ie only the MAC address of my laptop is allowed to connect wirelessly)
    > 5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds, whatever that means!)
    > 6. Enabled Windows XP firewall on all PCs (plus the router's hardware firewall).
    >
    > Does this sound reasonable? Should I really worry about accessing online banking wirelessly for
    > example, any more than when accessing it from a wired PC?
    >
    > --
    > Thanks
    > David
     
    Sooner Al [MVP], Jun 12, 2005
    #2
    1. Advertising

  3. Lobster wrote:
    > I've set up a wireless network at home for the first time, having
    > hopefully read up enough on security to make this a 'safe' proposition.
    > What I'd like to know is, having taken these steps, can I consider my
    > wireless network to be fully secure to all intents and purposes (given
    > that I'm just an ordinary person living in a low-population density
    > suburb (rather than, say, a corporate user at high risk of attack)?
    >
    > I have a Linksys WRT54G router connected to always-on broadband, and
    > have taken the following steps:
    >
    > 1. Changed the router admin login details from the default
    > 2. Changed the default SSID
    > 3. Disabled SSID broadcast
    > 4. Enabled MAC filter (ie only the MAC address of my laptop is allowed
    > to connect wirelessly)
    > 5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds,
    > whatever that means!)
    > 6. Enabled Windows XP firewall on all PCs (plus the router's hardware
    > firewall).
    >
    > Does this sound reasonable? Should I really worry about accessing
    > online banking wirelessly for example, any more than when accessing it
    > from a wired PC?
    >


    So far I haven't been successful with 5 & 6. I take the MAC address is
    the numbers/letters on the card that slots into the Notebook adjacent to
    the serial number? Group renewal, I was wondering what that was to?

    Thanks

    --
    Keith (Southend)

    'Weather Home & Abroad'
    http://www.southendweather.net
     
    Keith (Southend), Jun 12, 2005
    #3
  4. "Sooner Al [MVP]" <> wrote in message
    news:...

    [[top post relocated]]

    > "Lobster" <> wrote in message
    > news:3z0re.7460$...
    >> I've set up a wireless network at home for the first time, having
    >> hopefully read up enough on security to make this a 'safe' proposition.
    >> What I'd like to know is, having taken these steps, can I consider my
    >> wireless network to be fully secure to all intents and purposes (given
    >> that I'm just an ordinary person living in a low-population density
    >> suburb (rather than, say, a corporate user at high risk of attack)?
    >>
    >> I have a Linksys WRT54G router connected to always-on broadband, and have
    >> taken the following steps:
    >>
    >> 1. Changed the router admin login details from the default
    >> 2. Changed the default SSID
    >> 3. Disabled SSID broadcast
    >> 4. Enabled MAC filter (ie only the MAC address of my laptop is allowed to
    >> connect wirelessly)
    >> 5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds,
    >> whatever that means!)
    >> 6. Enabled Windows XP firewall on all PCs (plus the router's hardware
    >> firewall).
    >>
    >> Does this sound reasonable? Should I really worry about accessing online
    >> banking wirelessly for example, any more than when accessing it from a
    >> wired PC?
    >>
    >> --
    >> Thanks
    >> David

    >
    >


    > Both items 3 & 4 are of minimal to no value as far as security measures
    > are concerned. The best measure is using WPA, which you have done, with a
    > very long and random key. Personally I use WPA-PSK (TKIP) with a >25
    > character totally random ASCII key...
    >
    > http://www.dslreports.com/faq/wlan/40.0 Security#10907
    > http://www.dslreports.com/faq/11462
    >
    > --
    >
    > Al Jarvi (MS-MVP Windows Networking)
    >


    What Al told the O.P. isn't really true. Disabling SSID and enabling MAC
    filtering will thwart all but the most devious and dedicated hackers who are
    out crusiing the neighborhhod packet sniffing and looking to break in-- a
    very small number of people indeed. The average Joe won't even see his
    network-- much less get in.

    It's like the lock on your front door or your car door. It can be defeated--
    but only by those who really want to do that and have the technical knowhow
    and tools.. The O.P. has good enough security for most situations most of
    the time.

    And BTW, use WPA-PSK AES security rather than TKIP-- much stronger and much
    tougher to defeat--- even by a techonerd....

    Doc
     
    J.H. Holliday, Jun 12, 2005
    #4
  5. Well, first lets be clear on what I said and that was..."The best measure is using WPA, which you
    have done..."

    Now I agree that WPA using AES is better, but WPA, whatever flavor you use is better than WEP. It
    simply depends on what your hardware supports. Mine supports WPA (TKIP), but not AES...

    Secondly, security through obscurity is simply no security... Not to mention some clients simply can
    not connect to a wireless network if the SSID is not broadcast. That is a fact...

    Later...

    --

    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no rights...


    "J.H. Holliday" <doc@okcorral> wrote in message news:...
    > "Sooner Al [MVP]" <> wrote in message
    > news:...
    >
    > [[top post relocated]]
    >
    >> "Lobster" <> wrote in message
    >> news:3z0re.7460$...
    >>> I've set up a wireless network at home for the first time, having hopefully read up enough on
    >>> security to make this a 'safe' proposition. What I'd like to know is, having taken these steps,
    >>> can I consider my wireless network to be fully secure to all intents and purposes (given that
    >>> I'm just an ordinary person living in a low-population density suburb (rather than, say, a
    >>> corporate user at high risk of attack)?
    >>>
    >>> I have a Linksys WRT54G router connected to always-on broadband, and have taken the following
    >>> steps:
    >>>
    >>> 1. Changed the router admin login details from the default
    >>> 2. Changed the default SSID
    >>> 3. Disabled SSID broadcast
    >>> 4. Enabled MAC filter (ie only the MAC address of my laptop is allowed to connect wirelessly)
    >>> 5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds, whatever that means!)
    >>> 6. Enabled Windows XP firewall on all PCs (plus the router's hardware firewall).
    >>>
    >>> Does this sound reasonable? Should I really worry about accessing online banking wirelessly for
    >>> example, any more than when accessing it from a wired PC?
    >>>
    >>> --
    >>> Thanks
    >>> David

    >>
    >>

    >
    >> Both items 3 & 4 are of minimal to no value as far as security measures are concerned. The best
    >> measure is using WPA, which you have done, with a very long and random key. Personally I use
    >> WPA-PSK (TKIP) with a >25 character totally random ASCII key...
    >>
    >> http://www.dslreports.com/faq/wlan/40.0 Security#10907
    >> http://www.dslreports.com/faq/11462
    >>
    >> --
    >>
    >> Al Jarvi (MS-MVP Windows Networking)
    >>

    >
    > What Al told the O.P. isn't really true. Disabling SSID and enabling MAC filtering will thwart all
    > but the most devious and dedicated hackers who are out crusiing the neighborhhod packet sniffing
    > and looking to break in-- a very small number of people indeed. The average Joe won't even see his
    > network-- much less get in.
    >
    > It's like the lock on your front door or your car door. It can be defeated-- but only by those
    > who really want to do that and have the technical knowhow and tools.. The O.P. has good enough
    > security for most situations most of the time.
    >
    > And BTW, use WPA-PSK AES security rather than TKIP-- much stronger and much tougher to defeat---
    > even by a techonerd....
    >
    > Doc
     
    Sooner Al [MVP], Jun 13, 2005
    #5
  6. Lobster

    DanR Guest

    J.H. Holliday wrote:
    > "Sooner Al [MVP]" <> wrote in message
    > news:...
    >
    > [[top post relocated]]
    >
    >> "Lobster" <> wrote in message
    >> news:3z0re.7460$...
    >>> I've set up a wireless network at home for the first time, having
    >>> hopefully read up enough on security to make this a 'safe' proposition.
    >>> What I'd like to know is, having taken these steps, can I consider my
    >>> wireless network to be fully secure to all intents and purposes (given
    >>> that I'm just an ordinary person living in a low-population density
    >>> suburb (rather than, say, a corporate user at high risk of attack)?
    >>>
    >>> I have a Linksys WRT54G router connected to always-on broadband, and have
    >>> taken the following steps:
    >>>
    >>> 1. Changed the router admin login details from the default
    >>> 2. Changed the default SSID
    >>> 3. Disabled SSID broadcast
    >>> 4. Enabled MAC filter (ie only the MAC address of my laptop is allowed to
    >>> connect wirelessly)
    >>> 5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds,
    >>> whatever that means!)
    >>> 6. Enabled Windows XP firewall on all PCs (plus the router's hardware
    >>> firewall).
    >>>
    >>> Does this sound reasonable? Should I really worry about accessing online
    >>> banking wirelessly for example, any more than when accessing it from a
    >>> wired PC?
    >>>
    >>> --
    >>> Thanks
    >>> David

    >>
    >>

    >
    >> Both items 3 & 4 are of minimal to no value as far as security measures
    >> are concerned. The best measure is using WPA, which you have done, with a
    >> very long and random key. Personally I use WPA-PSK (TKIP) with a >25
    >> character totally random ASCII key...
    >>
    >> http://www.dslreports.com/faq/wlan/40.0 Security#10907
    >> http://www.dslreports.com/faq/11462
    >>
    >> --
    >>
    >> Al Jarvi (MS-MVP Windows Networking)
    >>

    >
    > What Al told the O.P. isn't really true. Disabling SSID and enabling MAC
    > filtering will thwart all but the most devious and dedicated hackers who are
    > out crusiing the neighborhhod packet sniffing and looking to break in-- a
    > very small number of people indeed. The average Joe won't even see his
    > network-- much less get in.
    >
    > It's like the lock on your front door or your car door. It can be defeated--
    > but only by those who really want to do that and have the technical knowhow
    > and tools.. The O.P. has good enough security for most situations most of
    > the time.
    >
    > And BTW, use WPA-PSK AES security rather than TKIP-- much stronger and much
    > tougher to defeat--- even by a techonerd....
    >
    > Doc


    I agree that disabling the SSID is a good thing. When people with Wi-Fi click on
    "view wireless networks"... they will not see you. Their curiosity will not be
    peeked to the point where they start thinking... "I wonder who that is... I
    wonder if my computer hacker friend Fred can get into this network?" The
    argument against hiding the SSID is that you are not being a good neighbor and
    those folks won't know to avoid your channel. So... you can take the attitude
    that you will police the neighborhood and avoid other Wi-Fi channels that are in
    use. Of course you may not be the only one with that attitude and channel
    conflicts can occur. So what to do. I hide my SSID.
    I also use MAC filtering. Why not... it's easy and one more layer of protection.
     
    DanR, Jun 13, 2005
    #6
  7. Lobster

    McSpreader Guest

    Lobster <> wrote in
    news:3z0re.7460$:

    > Should I really worry about accessing
    > online banking wirelessly for example, any more than when
    > accessing it from a wired PC?
    >


    When you access a security-sensitive site e.g. online banking or
    shopping checkout, you will** be using a secure HTTPS connection
    irrespective of how you connect. That means data is encrypted end-to-
    end between your PC and the bank or store.

    If you have set up your wireless LAN to provide WPA encryption, the
    data is encrypted a second time whilst in transit on your wireless
    LAN, using a key that is typically changed every 60 minutes. So the
    answer to your question is "No".

    ** If not, consider changing - NOW!
     
    McSpreader, Jun 13, 2005
    #7
  8. "DanR" <> wrote:
    >J.H. Holliday wrote:
    >> "Sooner Al [MVP]" <> wrote:
    >>>>
    >>>> 3. Disabled SSID broadcast
    >>>> 4. Enabled MAC filter (ie only the MAC address of my laptop is allowed to
    >>>> connect wirelessly)
    >>>> 5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds,
    >>>> whatever that means!)

    ....
    >>> Both items 3 & 4 are of minimal to no value as far as security measures
    >>> are concerned. The best measure is using WPA, which you have done, with a

    ....
    >> What Al told the O.P. isn't really true. Disabling SSID and enabling MAC


    Actually, it is *precisely* true.

    >> filtering will thwart all but the most devious and dedicated hackers who are
    >> out crusiing the neighborhhod packet sniffing and looking to break in-- a
    >> very small number of people indeed. The average Joe won't even see his
    >> network-- much less get in.


    Okay, so you are saying that it keeps the harmless people out,
    and only those who are most likely to do you real harm can get
    in. Not good.

    >I agree that disabling the SSID is a good thing. When people with Wi-Fi click on
    >"view wireless networks"... they will not see you.


    Generally that is a good thing too.

    >Their curiosity will not be
    >peeked to the point where they start thinking... "I wonder who that is... I
    >wonder if my computer hacker friend Fred can get into this network?"


    And if it is, he's using WPA to keep them out. Because SSID,
    MAC filtering and WEP certainly won't.

    >The
    >argument against hiding the SSID is that you are not being a good neighbor and
    >those folks won't know to avoid your channel.


    That isn't a case of being a good neighbor, it's a case of being
    a smart neighbor. If they don't see your network, they can't
    plan to avoid it. So, they look, and see everyone except you,
    and plonk down right on the same channel you chose. They just
    happen to have a big antenna and good receivers, so you don't
    bother them at all, but they cause just enough interference to
    reduce your bit rate from 54 to 4 Mbps, but only intermittantly.

    Not good!


    >So... you can take the attitude
    >that you will police the neighborhood and avoid other Wi-Fi channels that are in
    >use. Of course you may not be the only one with that attitude and channel
    >conflicts can occur. So what to do. I hide my SSID.


    What for?

    >I also use MAC filtering. Why not... it's easy and one more layer of protection.


    Sure. Protection that causes *you* far more inconvenience
    than it does someone intent on hacking into your network!

    Not good...

    --
    Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
    Ukpeagvik (Barrow, Alaska)
     
    Floyd L. Davidson, Jun 13, 2005
    #8
  9. Lobster

    Pavel A. Guest

    "DanR" <> wrote in message news:Q_3re.308$...
    > The > argument against hiding the SSID is that you are not being a good neighbor and
    > those folks won't know to avoid your channel. So... you can take the attitude
    > that you will police the neighborhood and avoid other Wi-Fi channels that are in
    > use. Of course you may not be the only one with that attitude and channel
    > conflicts can occur.


    ??? How showing your SSID can help other to avoid your channel?

    --PA
     
    Pavel A., Jun 13, 2005
    #9
  10. Lobster

    DanR Guest

    Pavel A. wrote:
    > "DanR" <> wrote in message
    > news:Q_3re.308$...
    >> The > argument against hiding the SSID is that you are not being a good
    >> neighbor and those folks won't know to avoid your channel. So... you can
    >> take the attitude
    >> that you will police the neighborhood and avoid other Wi-Fi channels that
    >> are in use. Of course you may not be the only one with that attitude and
    >> channel
    >> conflicts can occur.

    >
    > ??? How showing your SSID can help other to avoid your channel?
    >
    > --PA


    Software that comes with your wireless card can do a site survey and show the
    SSID and channel number of close by wireless networks. As will Netstumbler. (my
    linksys monitor software will do this)
    WinXP alone does not show channel number as far as I can tell.
    If everyone played fair and everyone broadcasted their SSID then everyone could
    see what everyone's broadcast channel was set to and avoid conflicts.
     
    DanR, Jun 13, 2005
    #10
  11. Lobster

    Lobster Guest

    J.H. Holliday wrote:
    > "Sooner Al [MVP]" <> wrote in message
    > news:...
    >
    >>"Lobster" <> wrote in message
    >>news:3z0re.7460$...
    >>
    >>>I have a Linksys WRT54G router connected to always-on broadband, and have
    >>>taken the following steps:
    >>>
    >>>1. Changed the router admin login details from the default
    >>>2. Changed the default SSID
    >>>3. Disabled SSID broadcast
    >>>4. Enabled MAC filter (ie only the MAC address of my laptop is allowed to
    >>>connect wirelessly)
    >>>5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds,
    >>>whatever that means!)
    >>>6. Enabled Windows XP firewall on all PCs (plus the router's hardware
    >>>firewall).
    >>>
    >>>Does this sound reasonable? Should I really worry about accessing online
    >>>banking wirelessly for example, any more than when accessing it from a
    >>>wired PC?


    >>Both items 3 & 4 are of minimal to no value as far as security measures
    >>are concerned. The best measure is using WPA, which you have done, with a
    >>very long and random key. Personally I use WPA-PSK (TKIP) with a >25
    >>character totally random ASCII key...


    > And BTW, use WPA-PSK AES security rather than TKIP-- much stronger and much
    > tougher to defeat--- even by a techonerd....


    Thanks to all for the replies; I'm quite reassured now! And I can see
    that I can beef up my security another notch by using a better WPA key,
    and by switching from TKIP to AES, which my router also supports.

    --
    David
     
    Lobster, Jun 13, 2005
    #11
  12. Lobster

    mhicaoidh Guest

    Taking a moment's reflection, Lobster mused:
    |
    | 3. Disabled SSID broadcast

    Unnecessary due to #5 below, SSID is still attached, unencrypted, to
    every packet. So, those who could attempt to crack your encryption
    already have your SSID. Might as well broad cast it to stay within spec
    (less connectivity issues), and keep neighbours from setting their
    wireless up on the same channel you are using ... thus causing
    interference.

    | 4. Enabled MAC filter (ie only the MAC address of my laptop is allowed
    | to connect wirelessly)

    Unnecessary due to #5 as well. MAC address is attached to every
    frame, unencrypted. So, anyone who can capture your packets can easily
    determine what MACs are allowed.

    | 5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds,
    | whatever that means!)

    Use AES if your client software allows it. If you are using the XP
    zero config connector, AES does not work with it. But, in that case,
    TKIP is fine. Group renewal is the interval that the WPA keys are
    regenerated automatically between server and client. This is how they
    patched the vulnerability of WEP.

    | Does this sound reasonable? Should I really worry about accessing
    | online banking wirelessly for example, any more than when accessing it
    | from a wired PC?

    Other than my comments above, yes. It's reasonable. I wouldn't
    worry about accessing online banking. With WPA enabled, you are
    encrypted. Also, the banking website should have SSL encryption. So,
    you are doubly encrypted.
     
    mhicaoidh, Jun 13, 2005
    #12
  13. Lobster

    mhicaoidh Guest

    Taking a moment's reflection, J.H. Holliday mused:
    |
    | What Al told the O.P. isn't really true. Disabling SSID and enabling
    | MAC filtering will thwart all but the most devious and dedicated
    | hackers who are out crusiing the neighborhhod packet sniffing and
    | looking to break in-- a very small number of people indeed. The
    | average Joe won't even see his network-- much less get in.

    I'm afraid it is true. Because WPA enabled will thwart *everyone*.
    So, SSID hiding and MAC filtering become useless and redundant ... and
    can cause issues.
     
    mhicaoidh, Jun 13, 2005
    #13
  14. On Sun, 12 Jun 2005 20:04:15 GMT, Lobster
    <> wrote:

    Might as well throw in my worthless opinions and suggestions.

    >I have a Linksys WRT54G router connected to always-on broadband, and
    >have taken the following steps:


    Dump the Linksys firmware and switch to an alternative:
    http://www.sveasoft.com/content/view/3/1/
    It's not any more secure, but it has many more features and goodies.

    >1. Changed the router admin login details from the default


    Alternative firmware can have multiple ways to access the WRT54G.
    Besides the web interface, there's SSH2, telnet, SNMP, and PPTP. All
    of these have passwords. SNMP has two (read and write). Do NOT
    assume that they are all identical or that changing one will change
    the others. Check all of them.

    >2. Changed the default SSID


    There's your chance to be creative.

    >3. Disabled SSID broadcast


    Waste of time and causes problems with some wireless clients. It also
    pisses me off because I have to dig out my Linux Kismet application to
    find other users on what I would expect to be an unpolluted channel.
    If you're spewing RF, it's considered "polite" to tell the world that
    you're around.

    >4. Enabled MAC filter (ie only the MAC address of my laptop is allowed
    >to connect wirelessly)


    I can spoof any MAC address in about 2 seconds.
    http://www.klcconsulting.net/smac/
    Actually, you don't even need a utility as a registry tweak and a
    reboot will do the trick. Run:
    nbtstat -A your_IP_address
    to disclose your current MAC address.

    >5. Enabled WPA-TKIP encryption (with Group renewal every 3600 seconds,
    >whatever that means!)


    So far, nobody has been able to decrypt WPA-PSK with either RC4 or AES
    encryption (with non-trivial pass phrases). I guess that means nobody
    is going to hack your system. However, give me 30 seconds on your
    laptop and I'll steal your WPA pass phrase, which some vendors still
    stupidly plant in the registry in plain text. That's what's wrong
    with WPA-PSK (pre-shared key). So, you're safe as long as nobody has
    physical access to your WRT54G or client computah.

    Group renewal means that every 3600 seconds (1 hr), the encryption key
    is re-negotiated with all clients. Methinks that's a bit long for
    roaming clients and hot spots, but probably just fine for home use.

    >6. Enabled Windows XP firewall on all PCs (plus the router's hardware
    >firewall).


    Enabling the firewall and configuring it are two different animals.
    Having a personal firewall is a good idea. However, it interferes
    with many services. So, the Windoze Firewall has "Exceptions" which
    are essentially holes in the firewall. Pay special attention to the
    "Windoze File and Print" exception and which interfaces are allowed to
    access shares. Having a firewall that looks like Swiss Cheeze is not
    a good idea.

    >Does this sound reasonable? Should I really worry about accessing
    >online banking wirelessly for example, any more than when accessing it
    >from a wired PC?


    It's good enough. However, you're worrying about the wrong things.
    The real threat are keyboard loggers, spyware, and trojan horse
    programs. These will send your keystrokes, credit card numbers, and
    useful info to the forces of evil on the internet. There's nothing
    that a Windoze firewall, wireless encryption, or security band-aids
    that will prevent these from arriving on your machine. Put some time
    and effort into identifying, removing, and blocking your computah from
    spyware infections, and your banking will be safe. Also, pay special
    attention to how you access your online bank's URL. There are plenty
    of URL redirectors and web and DNS hijackers around that redirect your
    banks web page to the forces of evil's phishing site.


    --
    Jeff Liebermann -cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
     
    Jeff Liebermann, Jun 13, 2005
    #14
  15. mhicaoidh --- please clarify your comment:

    "Use AES if your client software allows it. If you are using the XP zero
    config connector, AES does not work with it."

    Am confused by the part that AES doesn't work if you use XP's zero config to
    setup your wireless adapter. You mean even though AES is an option listed in
    the Encryption drop-down it won't work? What happens, the adapter and router
    fail to connect? Thanks for the clarification.
     
    =?Utf-8?B?SmFtZXNQ?=, Jun 15, 2005
    #15
  16. Spoofing WAS Re: Is my network secure enough now?!?

    In article <>, -cruz.ca.us says...
    <Snip Response>

    > It's good enough. However, you're worrying about the wrong things.
    > The real threat are keyboard loggers, spyware, and trojan horse
    > programs. These will send your keystrokes, credit card numbers, and
    > useful info to the forces of evil on the internet. There's nothing
    > that a Windoze firewall, wireless encryption, or security band-aids
    > that will prevent these from arriving on your machine. Put some time
    > and effort into identifying, removing, and blocking your computah from
    > spyware infections, and your banking will be safe. Also, pay special
    > attention to how you access your online bank's URL. There are plenty
    > of URL redirectors and web and DNS hijackers around that redirect your
    > banks web page to the forces of evil's phishing site.
    >
    >
    >

    I was reading your comment about URL redirectors which made me think
    about Mozilla Firefox with the extension called Spoofstick. This
    extension is supposed to show the TRUE URL to which your browser is
    pointed even if you have been redirected to a phishing site. In other
    words the URL address line may show www.bankofamerica.com whereas the
    Spoofstick URL address line would show you to actually be at
    www.forcesofeveil.com. Any comments as to the effectiveness of the
    Mozilla browser with that extension?

    Thanks.
    --
    Robin
    Charleston, WV
     
    Robin Brumfield, Jun 15, 2005
    #16
  17. Re: Spoofing WAS Re: Is my network secure enough now?!?

    On Wed, 15 Jun 2005 08:44:28 -0400, Robin Brumfield
    <> wrote:

    >In article <>, -cruz.ca.us says...
    ><Snip Response>
    >
    >> It's good enough. However, you're worrying about the wrong things.
    >> The real threat are keyboard loggers, spyware, and trojan horse
    >> programs. These will send your keystrokes, credit card numbers, and
    >> useful info to the forces of evil on the internet. There's nothing
    >> that a Windoze firewall, wireless encryption, or security band-aids
    >> that will prevent these from arriving on your machine. Put some time
    >> and effort into identifying, removing, and blocking your computah from
    >> spyware infections, and your banking will be safe. Also, pay special
    >> attention to how you access your online bank's URL. There are plenty
    >> of URL redirectors and web and DNS hijackers around that redirect your
    >> banks web page to the forces of evil's phishing site.


    >I was reading your comment about URL redirectors which made me think
    >about Mozilla Firefox with the extension called Spoofstick. This
    >extension is supposed to show the TRUE URL to which your browser is
    >pointed even if you have been redirected to a phishing site. In other
    >words the URL address line may show www.bankofamerica.com whereas the
    >Spoofstick URL address line would show you to actually be at
    >www.forcesofeveil.com. Any comments as to the effectiveness of the
    >Mozilla browser with that extension?
    >Thanks.


    I'm not a security expert and am no longer in the awkward positions of
    having to administer and guarantee the security and integrity of my
    customers systems. (Wooopeee!) Although I use Firefox heavily, I
    haven't really played with all the myriad of extensions and toolbars.
    A quick look at Spoofstick:
    http://www.corestreet.com/spoofstick/
    looks interesting, possibly useful, but due to lack of experience, I
    have no opinion.

    However, such a program will do nothing for the current crop of DNS
    cache corruption exploits, that redirect the DNS lookup to the
    phishing site. There's nothing a user can do to authenticate the DNS
    lookup. BofA is adding "sitekey" in an attempt to mitigate the
    phishing problem:
    http://www.eweek.com/article2/0,1759,1821126,00.asp

    In general, programs that require an intelligent decision on the part
    of the GUM (great unwashed masses) is doomed to failure. I install
    personal firewall, anti-virus, and anti-spyware programs on my
    customers computahs. Depending on what they're doing (installs,
    updates, getting attacked) these programs offer pop-up windows that
    ask the user for an intelligent decision. The batting average of the
    GUM is dismal. Most will consistently make the wrong decision. In my
    cynical opinion, such decision based security methods are only useful
    for intelligent and informed users, which seem to be in short supply.

    In my never humble opinion, the security problem breaks down quite
    simply. It's choice between authentication and anonymity. You can't
    really have both at the same time. In order to prevent spoofing,
    phishing, identity theft, spam, and such, it would be easy enough to
    authenticate every packet, that would be traceable back to its point
    of origin. That would solve most of the outstanding security issues
    quite easily. Just one catch. You loose all possibilities of
    anonymity. Anonymous political and corporate dissent would
    effectively be over. I wouldn't be able to cruise the porn sites and
    buy lingerie for my mistress without having the packets traced back
    directly to me. (What a horrible thought). So, while waiting for the
    GUM to decide how they want it done, various compromises are thrown
    together, which methinks will generally fail or be circumvented.
    Lacking a suitable consensus, our beloved government has the bad habit
    of making such decisions for us and given the opportunity, will surely
    do so.


    --
    Jeff Liebermann -cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 AE6KS 831-336-2558
     
    Jeff Liebermann, Jun 15, 2005
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. VT
    Replies:
    43
    Views:
    1,661
  2. ajacobs2

    Enough is enough....

    ajacobs2, Sep 30, 2003, in forum: Digital Photography
    Replies:
    33
    Views:
    1,026
  3. Imhotep

    Enough is enough...

    Imhotep, Sep 24, 2005, in forum: Computer Security
    Replies:
    16
    Views:
    823
    John Hyde
    Sep 28, 2005
  4. Replies:
    0
    Views:
    597
  5. Replies:
    0
    Views:
    690
Loading...

Share This Page