Security

Discussion in 'Home Networking' started by Roy Amin, Oct 10, 2005.

  1. WEP is simply an encryption algothrim. Your network is effectively open
    to abuse (however limiting the MAC address does help, just make sure
    outsiders cannot query your computer for its MAC address)

    For more protection set up a RADIUS server.

    I would suggest buying a copy of Windows 2K server or 2003 server.
    'Depends if you have the money' ;-)


    The likelyness of anyone breaking into your HOME network and finding
    anything good would be pointless, just use whatever is available to you,
    but I would suggest the RADIUS server solution.

    Saying that, MAC address' can be spoofed/snatched, so Anti-spoofing
    features would be good.


    --
    Kind Regards,

    Alex Davies
    TGTBT Media Web Design & Hosting Services

    http://www.tgtbt-online.com
     
    TGTBT Media Web Design & Hosting Services, Oct 30, 2006
    #41
    1. Advertisements

  2. Roy Amin

    John Navas Guest

    Sorry, but that's meaningless -- MAC spoofing is trivial, and thus MAC
    filtering is essentially pointless.
    Overkill for most home users. WPA-PSK works quite well if you keep the
    key secret.
    I would suggest something cheaper, easier to administer, and more
    robust.
    Sorry again, but it's quite possible for someone breaking in to steal
    your identity, and use that to steal a considerable amount of assets.
    For most users I would suggest WPA-PSK.
    Sorry again, but no practical way to do that.
     
    John Navas, Oct 30, 2006
    #42
    1. Advertisements



  3. LOL Are you saying that these features are not available? .e.g MAC
    Anti-spoof, MAC HIDEING, and that it is impossible to secure a network?

    I work with computers all day long, we (Signature Networks) provide
    Reading (Madejski) football stadium, Lincoln university and Harefield
    hospital with their networks!

    you would THINK THAT I KNOW WHAT I AM ON ABOUT! *SCREAMS*


    So what do you suggest?

    As you have failed to contruct a CONSTRUCTIVE CRITICISM, just managed to
    criticise. Which I find rather derogatory.

    However, your mention of identity theft is a valid point, but with these
    features, how would initial intrusion be possible? It is denying at
    LAYER 2 of the OSI model!

    --
    Kind Regards,

    Alex Davies
    IT & Networking Solutions Developer for Signature Networks

    TGTBT Media Web Design & Hosting Services

    http://www.tgtbt-online.com
     
    TGTBT Media Web Design & Hosting Services, Oct 31, 2006
    #43
  4. Roy Amin

    John Navas Guest

    What I'm actually saying is that MAC addresses are sent in the clear
    (You know that, right?), so there's no practical way to "HIDE" them.
    (Can you prove me wrong?) The best you can do is MAC spoof detection,
    but that's impractical for typical home users.
    I would hope so, but apparently not (no offense intended).
    You really don't know? Or are you just trying to argue?
    I wrote: "For most users I would suggest WPA-PSK." You missed that?
    The only truly effective protections for typical home users are (a) WPA,
    (b) personal firewalls, and (c) isolation (if in the router, but
    unfortunately not available in most low-end products).
     
    John Navas, Oct 31, 2006
    #44

  5. Why is it impractical ?


    ONLY ANSWER: They are not informed of how it works and never get a
    chance to understand it, it's why forums are a place to ask questions,
    they expect good results, and if they want good results, they have to be
    taught to understand it.

    Do you see my concept ? of making computer users more informed?





    I was trying to invoke what your suggestion was.



    No I read it, but as you stated 'I can break into them' so how is it
    secure if it doesnt work for security! lol

    My general security concept is: 'Prevention a.k.a isolation is the best
    way'


    We are talking about making it as secure as possible.

    The reason why home networking is generally so bad, is because people
    just dont know or understand how to do things, thats why I was
    introducing rather cheap industrial ways of implementing network
    security.




    Well I essentially started out as a home user, just as we all did!

    Again, Concept: Without information, they would never know how it's
    possible!


    --
    Kind Regards,

    Alex Davies
    IT & Networking Solutions Developer for Signature Networks

    TGTBT Media Web Design & Hosting Services

    http://www.tgtbt-online.com
     
    TGTBT Media Web Design & Hosting Services, Oct 31, 2006
    #45
  6. Roy Amin

    John Navas Guest

    REAL ANSWER: Because it's way too hard for them to do. They shouldn't
    have to learn much of anything, any more than they should have to learn
    much of anything to (say) drive a car -- the anti-lock brakes and
    airbags just work, without having to be taught.
    Nope. I think that's wildly unrealistic.
    I said nothing of the kind. WPA-PSK (with a strong passphrase) is quite
    secure.
    My general security concept (for typical users) is: 'Make it easy and
    practical enough that they will actually do it'
    I'm talking about making it workable.
    Those ways are neither cheap nor practical for typical home users.
     
    John Navas, Nov 1, 2006
    #46


  7. Oops sorry John, I was getting confused with another post:



    "Wireless networks are the most insecure networks around. If I wanted I
    could gain access to a 128bit encrypted wireless network within 2-3hours
    depending on how many IVs are being transmitted. WEP is the most
    insecure encryption available. I would strongly reccomend ethernet
    rather than wireless. " By C DENVER


    I am aware and agree with making it user friendly, however, what about
    the users who do actually know a bit and want to learn more ?

    If they don't they would ignore this post anyway!


    I mean the 'average person' of the world dont know how to use
    NEWSGROUPS.

    They hear about 'this person doing this, and they want to have that, so
    this is how'

    Its the rarely documented stuff for users, I am simply answering the
    questions put forward, with a solution that would work provided the
    person knew / could figure out how to configure it.

    Its a little like web design, im sick of seeing really easy to use
    websites that all look the same, graphically stunning but of no actual
    use.

    Then we have the opposite, really awful design but full of useful
    things, which is hard to use because of the design.


    I would say what i suggested was 'happy medium / intermediate computer
    user advice'

    If they can set up a wireless AP, setting up RADIUS isnt MUCH harder.


    I would agree with you, WPA should be sufficient for most novice users,
    however if you wish to go a 'step further', learn and PROTECT your
    network with more than just encryption, get a RADIUS setup!


    Did you know: driving a car, you have to know/do much much more than
    what you obviously think, in order to pass your driving test these days!

    Basic troubleshooting is common, Basic concepts are what I work and
    develop with.

    Most things I know are either from corporate training or hands on
    experience(self taught)

    --
    Kind Regards,

    Alex Davies
    IT & Networking Solutions Developer for Signature Networks

    TGTBT Media Web Design & Hosting Services

    http://www.tgtbt-online.com
     
    TGTBT Media Web Design & Hosting Services, Nov 1, 2006
    #47
  8. Roy Amin

    John Navas Guest

    Apples and oranges:
    * WEP (no matter what the key) ISN'T secure.
    * WPA (with a strong passphrase) IS secure.
    I think setting up a RADIUS server is much harder than deploying an AP.
    For those that need RADIUS, I recommend a wireless router with RADIUS
    (PEAP) built in (e.g., ZyXEL ZyAIR G-2000). As usual, you tend to get
    what you pay for, although still far less expensive than setting up a
    "Windows 2K server or 2003 server".
    RADIUS doesn't make WPA more secure. It's just more flexible and robust
    than PSK. Different issues.
     
    John Navas, Nov 1, 2006
    #48
  9. Roy Amin

    Dave J. Guest

    I'm sorry to jump in on an old thread but this caught my eye as I was
    updating on this group. How could I (as a fairly untypical home
    experimenter) implement 'MAC spoof detection' It's an IDS I've not heard
    of. Thanks if you can be bothered :)

    Perhaps it's no more than detecting two simultaneous uses of the same MAC
    and a difference in latency between the two?? Surely not possible unless
    the genuine MAC is also active at the time of the spoofing?

    Quite a deep interest, a response would be greatly appreciated though I do
    know the fastish turnaround here.

    Dave J.
     
    Dave J., Nov 19, 2006
    #49
  10. Roy Amin

    John Navas Guest

    Google "mac spoofing detection".
     
    John Navas, Nov 19, 2006
    #50
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.