Wireless LAN - access point security.

Discussion in 'NZ Computing' started by Crash, Oct 5, 2005.

  1. Crash

    Crash Guest

    My Son recently bought a laptop for his contracting work in London. It came
    equipped with a wireless lan card which he thought might be useful in the future
    when he and his mates get broadband installed at their apartment. The NIC is
    used at work. He took it home after buying it and was bemused to discover an
    available network when he fired it up. Sop someone else in the apartment must
    have an open access point.

    I would have thought that when buying wireless lan gear there would be at least
    basic security on access points. Google reveals several security
    implementations with the IEEE 802.11 standard. While I am not in the market
    currently, are access points routinely sold such that anything in range can connect?

    It seems to me that in apartment complexes anyone using wireless access point
    would be very vulnerable in these circumstances with lots of other apartments in
    close proximity.

    Crash.
    Crash, Oct 5, 2005
    #1
    1. Advertising

  2. Crash

    XP Guest

    On Wed, 05 Oct 2005 20:53:10 +1300, Crash <> wrote:

    >My Son recently bought a laptop for his contracting work in London. It came
    >equipped with a wireless lan card which he thought might be useful in the future
    >when he and his mates get broadband installed at their apartment. The NIC is
    >used at work. He took it home after buying it and was bemused to discover an
    >available network when he fired it up. Sop someone else in the apartment must
    >have an open access point.
    >
    >I would have thought that when buying wireless lan gear there would be at least
    >basic security on access points. Google reveals several security
    >implementations with the IEEE 802.11 standard. While I am not in the market
    >currently, are access points routinely sold such that anything in range can connect?
    >
    >It seems to me that in apartment complexes anyone using wireless access point
    >would be very vulnerable in these circumstances with lots of other apartments in
    >close proximity.
    >
    >Crash.




    Its fully up to the user to set up the security, even a little Sony PSP has
    that..
    XP, Oct 5, 2005
    #2
    1. Advertising

  3. Crash wrote:
    > My Son recently bought a laptop for his contracting work in London. It
    > came equipped with a wireless lan card which he thought might be useful
    > in the future when he and his mates get broadband installed at their
    > apartment. The NIC is used at work. He took it home after buying it
    > and was bemused to discover an available network when he fired it up.
    > Sop someone else in the apartment must have an open access point.
    >
    > I would have thought that when buying wireless lan gear there would be
    > at least basic security on access points. Google reveals several
    > security implementations with the IEEE 802.11 standard. While I am not
    > in the market currently, are access points routinely sold such that
    > anything in range can connect?


    Yes, many are open by default. You know the old problem -
    functionality/features over security.

    > It seems to me that in apartment complexes anyone using wireless access
    > point would be very vulnerable in these circumstances with lots of other
    > apartments in close proximity.


    Vulnerable to what tho? Personally if it was me I would lock it down
    and make it secure, but really what are you trying to protect against.
    Here in NZ we would be worried because we of the $$$ implications
    because we pay per/MB for bandwidth. When you have a flatrate upstream
    I can see why "security" is less of an issue.

    Some residents in apartment blocks I know of overseas leave their WLANs
    open, to share the love around.

    Cheers
    Nathan
    Nathan Mercer, Oct 5, 2005
    #3
  4. Crash

    Crash Guest

    Crash wrote:
    [snip]
    > Sop someone else in the apartment must have an open access point.

    [snip]

    Should have read 'So someone else in the apartment block must have an open
    access point'...

    Crash
    Crash, Oct 5, 2005
    #4
  5. Crash

    Richard Guest

    XP wrote:

    > Its fully up to the user to set up the security, even a little Sony PSP has
    > that..


    How do you install the SSL certs into it to authenticate for 802.1x?
    Richard, Oct 5, 2005
    #5
  6. Crash

    Crash Guest

    Nathan Mercer wrote:
    > Crash wrote:

    [snip]

    >> It seems to me that in apartment complexes anyone using wireless
    >> access point would be very vulnerable in these circumstances with lots
    >> of other apartments in close proximity.

    >
    >
    > Vulnerable to what tho? Personally if it was me I would lock it down
    > and make it secure, but really what are you trying to protect against.
    > Here in NZ we would be worried because we of the $$$ implications
    > because we pay per/MB for bandwidth. When you have a flatrate upstream
    > I can see why "security" is less of an issue.
    >
    > Some residents in apartment blocks I know of overseas leave their WLANs
    > open, to share the love around.


    I was thinking of the per MB usage because of data caps here - but also just the
    simple degradation of performance. Even if the broadband connection speed was
    '8 megs burstable' sharing it with unknown others would degrade performance both
    down and up.

    Crash.
    Crash, Oct 5, 2005
    #6
  7. Crash

    Shane Guest

    On Wed, 05 Oct 2005 20:59:36 +1300, Nathan Mercer wrote:

    > Crash wrote:
    >> My Son recently bought a laptop for his contracting work in London. It
    >> came equipped with a wireless lan card which he thought might be useful
    >> in the future when he and his mates get broadband installed at their
    >> apartment. The NIC is used at work. He took it home after buying it
    >> and was bemused to discover an available network when he fired it up.
    >> Sop someone else in the apartment must have an open access point.
    >>
    >> I would have thought that when buying wireless lan gear there would be
    >> at least basic security on access points. Google reveals several
    >> security implementations with the IEEE 802.11 standard. While I am not
    >> in the market currently, are access points routinely sold such that
    >> anything in range can connect?

    >
    > Yes, many are open by default. You know the old problem -
    > functionality/features over security.
    >
    >> It seems to me that in apartment complexes anyone using wireless access
    >> point would be very vulnerable in these circumstances with lots of other
    >> apartments in close proximity.

    >
    > Vulnerable to what tho? Personally if it was me I would lock it down and
    > make it secure, but really what are you trying to protect against. Here in
    > NZ we would be worried because we of the $$$ implications because we pay
    > per/MB for bandwidth. When you have a flatrate upstream I can see why
    > "security" is less of an issue.
    >
    > Some residents in apartment blocks I know of overseas leave their WLANs
    > open, to share the love around.
    >
    > Cheers
    > Nathan


    My biggest worry is if the person who gains access to an unsecured WLAN
    then goes on to use that internet connection to commit a crime, the first
    port of call the police will make is to the owners of the WLAN. Although
    this should be quickly cleared up, its more than a slight inconvenience.
    That and youve aided (unwittingly) the criminal to hide his tracks

    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
    Shane, Oct 5, 2005
    #7
  8. Shane wrote:
    > My biggest worry is if the person who gains access to an unsecured WLAN
    > then goes on to use that internet connection to commit a crime, the first
    > port of call the police will make is to the owners of the WLAN. Although
    > this should be quickly cleared up, its more than a slight inconvenience.
    > That and youve aided (unwittingly) the criminal to hide his tracks


    Vote with your wallet for hardware that is secure by default.
    Nathan Mercer, Oct 5, 2005
    #8
  9. Crash

    -=rjh=- Guest

    Shane wrote:
    > On Wed, 05 Oct 2005 20:59:36 +1300, Nathan Mercer wrote:
    >
    >
    >>Crash wrote:
    >>
    >>>My Son recently bought a laptop for his contracting work in London. It
    >>>came equipped with a wireless lan card which he thought might be useful
    >>>in the future when he and his mates get broadband installed at their
    >>>apartment. The NIC is used at work. He took it home after buying it
    >>>and was bemused to discover an available network when he fired it up.
    >>>Sop someone else in the apartment must have an open access point.
    >>>
    >>>I would have thought that when buying wireless lan gear there would be
    >>>at least basic security on access points. Google reveals several
    >>>security implementations with the IEEE 802.11 standard. While I am not
    >>>in the market currently, are access points routinely sold such that
    >>>anything in range can connect?

    >>
    >>Yes, many are open by default. You know the old problem -
    >>functionality/features over security.
    >>
    >>
    >>>It seems to me that in apartment complexes anyone using wireless access
    >>>point would be very vulnerable in these circumstances with lots of other
    >>>apartments in close proximity.

    >>
    >>Vulnerable to what tho? Personally if it was me I would lock it down and
    >>make it secure, but really what are you trying to protect against. Here in
    >>NZ we would be worried because we of the $$$ implications because we pay
    >>per/MB for bandwidth. When you have a flatrate upstream I can see why
    >>"security" is less of an issue.
    >>
    >>Some residents in apartment blocks I know of overseas leave their WLANs
    >>open, to share the love around.
    >>
    >>Cheers
    >>Nathan

    >
    >
    > My biggest worry is if the person who gains access to an unsecured WLAN
    > then goes on to use that internet connection to commit a crime, the first
    > port of call the police will make is to the owners of the WLAN. Although
    > this should be quickly cleared up, its more than a slight inconvenience.
    > That and youve aided (unwittingly) the criminal to hide his tracks
    >


    Hell no; you might even have helped by collecting evidence. APs often
    log access and identify the MAC of the connected system. Could be useful.
    -=rjh=-, Oct 5, 2005
    #9
  10. Crash

    Richard Guest

    -=rjh=- wrote:
    >
    > Hell no; you might even have helped by collecting evidence. APs often
    > log access and identify the MAC of the connected system. Could be useful.


    Its not like mac addresses cant be changed!
    Richard, Oct 5, 2005
    #10
  11. Crash

    Crash Guest

    -=rjh=- wrote:
    > Shane wrote:

    [snip]

    >> My biggest worry is if the person who gains access to an unsecured WLAN
    >> then goes on to use that internet connection to commit a crime, the first
    >> port of call the police will make is to the owners of the WLAN. Although
    >> this should be quickly cleared up, its more than a slight inconvenience.
    >> That and youve aided (unwittingly) the criminal to hide his tracks
    >>

    >
    > Hell no; you might even have helped by collecting evidence. APs often
    > log access and identify the MAC of the connected system. Could be useful.


    One of the articles I read pointed out the ease with which MACS can be spoofed.....

    Crash.
    Crash, Oct 5, 2005
    #11
  12. Crash

    -=rjh=- Guest

    Richard wrote:
    > -=rjh=- wrote:
    >
    >>
    >> Hell no; you might even have helped by collecting evidence. APs often
    >> log access and identify the MAC of the connected system. Could be useful.

    >
    >
    > Its not like mac addresses cant be changed!


    Sure, but it is entirely possible that somebody using an open AP might
    not know/bother to spoof a MAC address, or - more important - might
    forget to change it after using an AP.
    -=rjh=-, Oct 5, 2005
    #12
  13. Crash

    Mercury Guest

    how do *you* do that on an XP Home system?


    "Richard" <> wrote in message
    news:43438da4$...
    > XP wrote:
    >
    >> Its fully up to the user to set up the security, even a little Sony PSP
    >> has
    >> that..

    >
    > How do you install the SSL certs into it to authenticate for 802.1x?
    Mercury, Oct 5, 2005
    #13
  14. Crash

    Richard Guest

    Mercury wrote:
    > how do *you* do that on an XP Home system?
    >
    >
    > "Richard" <> wrote in message
    > news:43438da4$...
    >
    >>XP wrote:
    >>
    >>
    >>>Its fully up to the user to set up the security, even a little Sony PSP
    >>>has
    >>>that..

    >>
    >>How do you install the SSL certs into it to authenticate for 802.1x?


    I dont know, I only have XP pro here.

    Otherwise you could use PSK and change it regually but thats a pain in the ass.

    I just have wep and then VPN to the machine I have working nat/router duty, and
    have the AP on the subnet between the dsl router and the nat/router machine, the
    only other thing on that subnet is the p2p downloading machine.
    Richard, Oct 5, 2005
    #14
  15. Crash

    Don Hills Guest

    In article <>, Nathan Mercer <> wrote:
    >
    >Vote with your wallet for hardware that is secure by default.


    Hardware needs software, so it follows that we should also:

    "Vote with your wallet for software that is secure by default."

    --
    Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
    "New interface closely resembles Presentation Manager,
    preparing you for the wonders of OS/2!"
    -- Advertisement on the box for Microsoft Windows 2.11 for 286
    Don Hills, Oct 5, 2005
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    0
    Views:
    2,044
  2. Adrian B

    point-to-point VOIP on a LAN

    Adrian B, Nov 16, 2005, in forum: UK VOIP
    Replies:
    3
    Views:
    8,218
    Sparks
    Nov 17, 2005
  3. David Sudjiman
    Replies:
    0
    Views:
    981
    David Sudjiman
    Jun 8, 2006
  4. Bob Wright

    Wireless Access Point/DSL modem separated from LAN

    Bob Wright, Dec 14, 2006, in forum: Wireless Networking
    Replies:
    11
    Views:
    5,577
    David Hettel
    Dec 16, 2006
  5. Nate Goulet
    Replies:
    9
    Views:
    1,179
    Nate Goulet
    Dec 7, 2007
Loading...

Share This Page