Wireless security

Discussion in 'Wireless Networking' started by Mr T, Oct 1, 2005.

  1. Mr T

    Mr T Guest

    I have recently setup a wireless network with my laptop and 3 desktops. At
    present I have no security on my network. Can someone advise me what
    security I need to setup on my network?
    Thanks

    Mr T
     
    Mr T, Oct 1, 2005
    #1
    1. Advertising

  2. On Sat, 01 Oct 2005 15:07:21 GMT, "Mr T" <> wrote:

    >I have recently setup a wireless network with my laptop and 3 desktops. At
    >present I have no security on my network. Can someone advise me what
    >security I need to setup on my network?
    >Thanks
    >
    >Mr T
    >
    >


    Apologies all for x-post

    Mr T - dont be so f'ing lazy - hit google. This has been done to
    death.

    Cheers
     
    Justin Thompson, Oct 1, 2005
    #2
    1. Advertising

  3. Mr T

    Mr T Guest

    "Justin Thompson" <> wrote in message
    news:...
    > On Sat, 01 Oct 2005 15:07:21 GMT, "Mr T" <> wrote:
    >
    >>I have recently setup a wireless network with my laptop and 3 desktops. At
    >>present I have no security on my network. Can someone advise me what
    >>security I need to setup on my network?
    >>Thanks
    >>
    >>Mr T
    >>
    >>

    >
    > Apologies all for x-post
    >
    > Mr T - dont be so f'ing lazy - hit google. This has been done to
    > death.
    >
    > Cheers


    Then what??? :)
     
    Mr T, Oct 1, 2005
    #3
  4. On Sun, 02 Oct 2005 01:00:43 GMT, "Doz" <> wrote:

    >What sort of answer is "hit google"?
    >


    <Sigh>
    <wonders about the limit of peoples imagination>
    <wonders if Doz has missed a "y" off the end of his name>
    <has better things to do with life, and gets on with it>
    <is happy>
     
    Justin Thompson, Oct 2, 2005
    #4
  5. Mr T

    Doz Guest

    Mr T must be chuffed with all the help you gave...


    "Justin Thompson" <> wrote in message
    news:...
    > On Sun, 02 Oct 2005 01:00:43 GMT, "Doz" <> wrote:
    >
    >>What sort of answer is "hit google"?
    >>

    >
    > <Sigh>
    > <wonders about the limit of peoples imagination>
    > <wonders if Doz has missed a "y" off the end of his name>
    > <has better things to do with life, and gets on with it>
    > <is happy>
    >
    >
    >
     
    Doz, Oct 2, 2005
    #5
  6. Mr T

    Graham Guest

    | "Justin Thompson" <> wrote in message
    | news:...
    | > On Sun, 02 Oct 2005 01:00:43 GMT, "Doz" <> wrote:
    | >
    | >>What sort of answer is "hit google"?
    | >>
    | >
    | > <Sigh>
    | > <wonders about the limit of peoples imagination>
    | > <wonders if Doz has missed a "y" off the end of his name>
    | > <has better things to do with life, and gets on with it>
    | > <is happy>
    | >


    "Doz" <> wrote in message news:6JG%e.5578$...

    > Mr T must be chuffed with all the help you gave...



    With a name like "Justin", what else do you expect.....??

    --
    Regards,
    Graham.
    ROT13 for email address:-
    Rznvy:
     
    Graham, Oct 2, 2005
    #6
  7. Mr T

    Doz Guest

    *snigger*

    "Graham" <> wrote in message
    news:pNG%e.5280$O%...

    | "Justin Thompson" <> wrote in
    message
    | news:...
    | > On Sun, 02 Oct 2005 01:00:43 GMT, "Doz" <> wrote:
    | >
    | >>What sort of answer is "hit google"?
    | >>
    | >
    | > <Sigh>
    | > <wonders about the limit of peoples imagination>
    | > <wonders if Doz has missed a "y" off the end of his name>
    | > <has better things to do with life, and gets on with it>
    | > <is happy>
    | >


    "Doz" <> wrote in message
    news:6JG%e.5578$...

    > Mr T must be chuffed with all the help you gave...



    With a name like "Justin", what else do you expect.....??

    --
    Regards,
    Graham.
    ROT13 for email address:-
    Rznvy:
     
    Doz, Oct 2, 2005
    #7
  8. Mr T

    Mark Guest

    "Mr T" <> wrote in message
    news:JCx%e.4598$O%...
    >I have recently setup a wireless network with my laptop and 3 desktops. At
    > present I have no security on my network. Can someone advise me what
    > security I need to setup on my network?
    > Thanks
    >
    > Mr T
    >
    >
    >


    The best thing to do is enable MAC address filtering on the access point.
    Add the MAC addresses of the wireless networkcards. This will make it much
    harder for any random passer to even connect to the AP network.
     
    Mark, Oct 2, 2005
    #8
  9. Mr T

    mikeFNB Guest

    2nd that
    best & simplest way

    mike

    "Mark" <> wrote in message
    news:9sI%e.4569$...
    >
    > "Mr T" <> wrote in message
    > news:JCx%e.4598$O%...
    >>I have recently setup a wireless network with my laptop and 3 desktops. At
    >> present I have no security on my network. Can someone advise me what
    >> security I need to setup on my network?
    >> Thanks
    >>
    >> Mr T
    >>
    >>
    >>

    >
    > The best thing to do is enable MAC address filtering on the access point.
    > Add the MAC addresses of the wireless networkcards. This will make it much
    > harder for any random passer to even connect to the AP network.
    >
     
    mikeFNB, Oct 2, 2005
    #9
  10. Mr T

    Mr T Guest

    "mikeFNB" <> wrote in message
    news:RSM%e.299$...
    > 2nd that
    > best & simplest way
    >
    > mike
    >
    > "Mark" <> wrote in message
    > news:9sI%e.4569$...
    >>
    >> "Mr T" <> wrote in message
    >> news:JCx%e.4598$O%...
    >>>I have recently setup a wireless network with my laptop and 3 desktops.
    >>>At
    >>> present I have no security on my network. Can someone advise me what
    >>> security I need to setup on my network?
    >>> Thanks
    >>>
    >>> Mr T
    >>>
    >>>
    >>>

    >>
    >> The best thing to do is enable MAC address filtering on the access point.
    >> Add the MAC addresses of the wireless networkcards. This will make it
    >> much harder for any random passer to even connect to the AP network.
    >>

    >
    >


    Thanks to everyone who contributed sensible answers :)

    Mr T
     
    Mr T, Oct 2, 2005
    #10
  11. Mr T

    David Taylor Guest

    > 2nd that
    > best & simplest way


    So what security does MAC filtering bring to the table?

    It doesn't provide any encryption whatsoever.

    The valid MAC addresses are broadcast for anyone to sniff.

    If the objective is to prevent casual bypassers from connecting, then
    even 40 bit WEP has value here and even gives a slither of security.

    MAC filtering brings nothing useful from a security standpoint which was
    the original question.

    David.
     
    David Taylor, Oct 2, 2005
    #11
  12. Mr T

    Mr T Guest

    "David Taylor" <> wrote in message
    news:...
    >> 2nd that
    >> best & simplest way

    >
    > So what security does MAC filtering bring to the table?
    >
    > It doesn't provide any encryption whatsoever.
    >
    > The valid MAC addresses are broadcast for anyone to sniff.
    >
    > If the objective is to prevent casual bypassers from connecting, then
    > even 40 bit WEP has value here and even gives a slither of security.
    >
    > MAC filtering brings nothing useful from a security standpoint which was
    > the original question.
    >
    > David.


    Have you got any suggestions then please?

    Mr T
     
    Mr T, Oct 2, 2005
    #12
  13. Mr T

    David Taylor Guest

    > Have you got any suggestions then please?

    WPA with a strong passphrase (strong, non dictionary phrase, greater
    than 20 characters, non a-z characters.

    You haven't actually said what it is that you'd like to achieve from a
    security standpoint.

    David.
     
    David Taylor, Oct 2, 2005
    #13
  14. Mr T

    Mark Guest

    "David Taylor" <> wrote in message
    news:...
    >> 2nd that
    >> best & simplest way

    >
    > So what security does MAC filtering bring to the table?
    >
    > It doesn't provide any encryption whatsoever.
    >
    > The valid MAC addresses are broadcast for anyone to sniff.
    >
    > If the objective is to prevent casual bypassers from connecting, then
    > even 40 bit WEP has value here and even gives a slither of security.
    >
    > MAC filtering brings nothing useful from a security standpoint which was
    > the original question.
    >
    > David.


    Sure it does, If your next door neighbor can't access the AP because the MAC
    address isn't on the allowed list, then unless they go out their way to
    clone one of your wireless card's MAC address they're not going to get
    access by default. There for it is useful from a security standpoint.
    Not only that, but unless your neighbor knows you have a wireless AP and
    have cloned one of the MAC addresses, they won't even see it on the list of
    available networks to connect to.
    Sure, they can run a lot of tools, a large list can be found at
    www.wardrive.net/wardriving/tools. The OP might want to run a few of them on
    his network to check how secure is really is. These are the kind of tools
    crackers might be using to gain access to the network, but given enough
    time, even WEP and any key/pass phrase can be found if you sniff enough
    packets on the network.
     
    Mark, Oct 2, 2005
    #14
  15. Mr T

    David Taylor Guest

    > Sure it does, If your next door neighbor can't access the AP because the MAC
    > address isn't on the allowed list, then unless they go out their way to


    Again, even WEP, poor and cracked though it is, provides the same
    inability to associate with the AP *and* encrypts the payload.

    MAC filtering does not encrypt the payload so anyone within range gets
    to sniff the contect even if they haven't associated so tell me again,
    how MAC filtering brings any security to the OP's data?

    Don't confuse security with the inability to associate with an AP, it's
    not the same thing.

    > Not only that, but unless your neighbor knows you have a wireless AP and
    > have cloned one of the MAC addresses, they won't even see it on the list of
    > available networks to connect to.


    Turning on MAC filtering will not prevent the display of the SSID in XP
    or netstumbler and turning off SSID broadcasts does not prevent it being
    discovered by anyone with a sniffer or even just a copy of kismet or
    similar so tell me again, how MAC filtering secures a network because
    you did say just MAC filtering.

    > crackers might be using to gain access to the network, but given enough
    > time, even WEP and any key/pass phrase can be found if you sniff enough
    > packets on the network.


    Yes, 500,000 packets which can be captured in say 15 minutes. Without
    even WEP, no key to crack i.e. NO SECURITY!

    David.
     
    David Taylor, Oct 2, 2005
    #15
  16. Mr T

    Duane Arnold Guest

    Duane Arnold, Oct 3, 2005
    #16
  17. In article <>,
    David Taylor <> wrote:

    >Don't confuse security with the inability to associate with an AP, it's
    >not the same thing.


    it's one aspect of security, and MAC filtering gives you that aspect,
    which is all many people want.

    Just because you want *more* security doesn't mean MAC filtering is
    *no* security.

    -- Richard
     
    Richard Tobin, Oct 3, 2005
    #17
  18. Mr T

    David Taylor Guest

    > it's one aspect of security, and MAC filtering gives you that aspect,
    > which is all many people want.


    Well since the original poster hasn't said whether he wan't security or
    to just keep accidental stumblers off his network we won't know.

    > Just because you want *more* security doesn't mean MAC filtering is
    > *no* security.


    I'd just want some rather than nothing. MAC filtering prevents people
    from associating for the amount of time it takes them to run a sniffer
    and spoof their MAC address. That in my mind is no security from either
    association and certainly no security of the data packets in transit so
    I still call that no security.

    If you are happy with the illusion that MAC filtering provides your
    network with some security, i'm happy for you! :) Just let me know
    where you live. ;)

    David.
     
    David Taylor, Oct 3, 2005
    #18
  19. On 3 Oct 2005 16:36:49 GMT, (Richard Tobin)
    wrote:

    >Just because you want *more* security doesn't mean MAC filtering is
    >*no* security.
    >
    >-- Richard


    Ah, 5 newsgroups to crosspost. ntl internal groups dropped because my
    usenet news server doesn't carry them.

    I thought you might be amused to know that the original MAC address
    filtering feature was added to solve a problem with multiple access
    point systems. There was no way to pre-select which access point one
    would connect if all the SSID's were the same. This was a critical
    feature for WISP (wireless ISP service) and corporate WLAN's with
    fixed wireless desktops. With MAC address filtering one could nail
    down a connection to a specific access point and still have roaming
    among the other access points for laptops and PDA's. Eventually, this
    mutated into a security feature when blocking by MAC addresses was
    added. I don't think anyone originally intended it to be much of a
    security feature as everyone was counting on encryption to provide
    security.

    MAC address filtering for security is like locking your door with duct
    tape. It does present an obstacle, but is not a replacment for a good
    lock.

    --
    Jeff Liebermann -cruz.ca.us
    150 Felker St #D http://www.LearnByDestroying.com
    Santa Cruz CA 95060 http://802.11junk.com
    Skype: JeffLiebermann AE6KS 831-336-2558
     
    Jeff Liebermann, Oct 3, 2005
    #19
  20. Mr T

    Geoffrey Guest

    On Sun, 02 Oct 2005 11:20:40 GMT, David Taylor <>
    wrote:

    >> Have you got any suggestions then please?

    >
    >WPA with a strong passphrase (strong, non dictionary phrase, greater
    >than 20 characters, non a-z characters.
    >
    >You haven't actually said what it is that you'd like to achieve from a
    >security standpoint.
    >

    Be aware that you will incur a significant overhead by setting up
    encryption. IIRC it was about 30% when I last set one up at work.

    Personally I don't bother with any security on the wireless component
    of my network. If anyone is stealing my bandwidth it hasn't been
    noticable.

    Why do you think you need it?

    --
    Warning: Do not look directly into laser with remaining eye.
     
    Geoffrey, Oct 3, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    4
    Views:
    893
  2. Replies:
    0
    Views:
    782
  3. Rick Sears
    Replies:
    0
    Views:
    524
    Rick Sears
    Jul 29, 2003
  4. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    640
    COMSOLIT Messmer
    Sep 5, 2003
  5. Ablang
    Replies:
    2
    Views:
    605
    Gimpy
    Jun 10, 2006
Loading...

Share This Page