Go Wireless or NOT?
I am new to the wireless world and I have an important concern that is interesting. I have a small workgroup network that was controlled by a 4 port wired router DI-704p until the router just died on me yesterday.
Ok, here we go: Since i am in the market for a notebook computer, I want to go wireless for the notebook computer in my house and still have my workgroup network NON Wireless, because of security purposes and performance. So instead of purchasing a regular router again i was thinking of getting the dlink DI-524 wireless router for my notebook and still have 4 ports for my workgroup network that wouldn't be wireless.
Here is the biggest factor though!
My next door neighbor is a computer guru and he is good, no doubt about that. The problem is were not friends and I'm extremely afraid he would be able to compromise my network if i set it up this way. My question is what are my options for me if i go down this path...? I just have basic knowledge right now in the wireless enviroment and i just want to be on the safe track here. I have valuable info on my network at the present time. Is there a possible way that i could just make the notebook use the wireless enviroment and have my workgroup network be totally isolated from the wireless activity. I believe if it's possible to get into the wireless router then he would be able to access my non wireless workgroup network! All the info and tips will definitely help! Thanks for your time everyone, like always! Hopefully i put this thread in the correct forum!
Ok, here we go: Since i am in the market for a notebook computer, I want to go wireless for the notebook computer in my house and still have my workgroup network NON Wireless, because of security purposes and performance. So instead of purchasing a regular router again i was thinking of getting the dlink DI-524 wireless router for my notebook and still have 4 ports for my workgroup network that wouldn't be wireless.
Here is the biggest factor though!
My next door neighbor is a computer guru and he is good, no doubt about that. The problem is were not friends and I'm extremely afraid he would be able to compromise my network if i set it up this way. My question is what are my options for me if i go down this path...? I just have basic knowledge right now in the wireless enviroment and i just want to be on the safe track here. I have valuable info on my network at the present time. Is there a possible way that i could just make the notebook use the wireless enviroment and have my workgroup network be totally isolated from the wireless activity. I believe if it's possible to get into the wireless router then he would be able to access my non wireless workgroup network! All the info and tips will definitely help! Thanks for your time everyone, like always! Hopefully i put this thread in the correct forum!
Comments
-
Gawd Member Posts: 132Well, Definatly your gonna want to enable either WPA or WEP Encryption with a very difficult password. Although, if he is right next door, he can just leave his computer running there doing brute attacks and eventually(Could takes weeks, months, etc.) he would be able to crack it.
Im not completly sure about seperating the Wireless Notebook and the Wired LAN, With a router shouldnt you just be able to create 2 VLANS? Dunno if that is enough to do the trick.
Gawd -
Gawd Member Posts: 132One more thing, if you have the option, you should disable the broadcast of your ssid so you dont tip him off of your wireless network.
Ive never tried it, but I believe that makes the wireless network sort of invisible.
Gawd -
eastp Member Posts: 179spudnik wrote:Simple secure it by MAC address access only
MAC address spoofing is possible in 802.11 network interface cards (NICs) that allow the universally administered address (UAA) to be overwritten with a locally administered address (LAA). A network attacker can use a protocol analyzer to determine a valid MAC address in the business support system (BSS) and an LAA-compliant NIC with which to spoof the valid MAC address.
I suggest that you read up on security about wireless LAN’s and there FLAWS, before implementing oneMultitasking:
Screwing up several things at once. -
drewm320 Member Posts: 68 ■■□□□□□□□□I'm not sure about that particular model, but some wireless AP/routers allow you to control the transmit power and consequently the range of the device. If you fiddle with that you can probably adjust the range to the point where you can't connect with your laptop from outside your house.
Also most home AP/routers have a HTTP configuration interface with a standard tcp port and login. Be sure to change both of those.
Combine that with WEP (change the key at least once a month, more if you have heavy traffic) and MAC filtering and a hidden ssid and you will probably make your system hard enough to crack that he won't bother. -
mobri09 Users Awaiting Email Confirmation Posts: 723Thanks for all of your information, but like most of you said...I should and I am going to do more research before i go through with this.
-
Gawd Member Posts: 132On the same subject. On a p2p network w/ winxp machines, is there a way to kind of monitor if someone is connected to your wireless ap?
Gawd -
triple J Member Posts: 20 ■□□□□□□□□□Two tips:
1. Put the access point on the side nearest to the neighbor, then use reflectors to reflect the signal away from his house. An added bonus is that you'll have some signal gain into your house.
2. If you have XP machines you can implement IPsec on all communications. Even if he cracks the WEP or WPA there'll be another layer of encryption for him to break. It's easy using mmc and the IPsec snap-ins.
I think if you use those measures along with changing your WEP key often enough you'll be in good shape. It would be easier for him to break in and just use the computers then to crack the network. -
mobri09 Users Awaiting Email Confirmation Posts: 723hahah
Well I made a decision of just purchasing another dlink wired router for now and keeping my network the same until i further research this wireless technology. Thanks again for all the valuable information everybody! -
cliffjag1987 Member Posts: 206You can use the IEEE 802.11 G or IEEE 802.11 I.
For this you don't have to worry that he can your info. It is fully ENCRYPTED and takes about yearssssssssss to DECRYPT it.
802.11 i just became a standard and i can advice you to go with that one -
Gawd Member Posts: 132I dunno what 802.11i is. But with an easy password it can take seconds to decrypt. With a hard password of Letters, Numbers and Special Characters it could be hours, days, weeks, months, etc. All depends on luck really.
Gawd -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□802.11i introduced the RSN (Robust Secure Network) protocol, and uses EAP (Extensible Authentication Protocol) as end-to-end transport for authentication from the NIC to the WAP. It uses CCMP encryption, which is based on the AES encryption algorithm. It's basically designed to fill in security holes that the previous protocol's missed. Still not unbeatable, but better.
-
cliffjag1987 Member Posts: 206Gawd Posted: Fri Nov 26, 2004 9:53 pm Post subject:
I dunno what 802.11i is. But with an easy password it can take seconds to decrypt. With a hard password of Letters, Numbers and Special Characters it could be hours, days, weeks, months, etc. All depends on luck really.
Gawd
For sure if somebody know the username & password it will be easy. Thats why when you fill in your username & password and authenticate its fully encrypted. Means it will be very very hard to decrypt. Its just like the NOT wirelless networks , if somebody know the password it will be very easy to access the network. -
Gawd Member Posts: 132Yea, What I meant tho, is that if you dont use a very hard password, like something from the dictionary, and app like airsnort will cracks it extremly fast.
What programs like airsnort do is attack it with a dictionary file, if that dont work, it goes to brute attacks of random characters.
Gawd -
RussS Member Posts: 2,068 ■■■□□□□□□□You want 8 charachters for a reasonably strong password
Th0m@S2! is an example of a strong password that would take a reasonable time for a password cracker to figure out. For places where they have high security where they require strong passwards and have password life of 1 - 3 months they often don't use passwords, but use pass phrases ... "Been @ Long Time Since ! Rock & Rolled"
That pass phrase would be virtually uncrackable even using a supercomputer. However, it the user always used Led Zepplin for his pass phrases he would be susceptible to social engineering.www.supercross.com
FIM website of the year 2007 -
mobri09 Users Awaiting Email Confirmation Posts: 723I would assume many people forget there passwords because there so complex sometimes, I know I would!
-
Gawd Member Posts: 132yup.. mine is random letters, numbers, variations of caps, etc. it is about 20 characters and has no meaning to me. lol.
Gawd -
Computer_Wizz_Pizzaguy Member Posts: 60 ■■□□□□□□□□I am in the Nebraska Air Guard.... my take on wireless is that until the military finds a way to use it, I'm out. I use the same logic on all the patches for windows, or any other system. We have an agency that tests them before can use them .
Kinda nice if you ask me. -
skully93 Member Posts: 323 ■■■□□□□□□□Gawd wrote:One more thing, if you have the option, you should disable the broadcast of your ssid so you dont tip him off of your wireless network.
Ive never tried it, but I believe that makes the wireless network sort of invisible.
Gawd
It definitely helps. Unless he has a Linux box set up for the purpose, hiding the SSID will make it more difficult. I'm in a similar situation, with people all around me just aching to leech my connection.
The other end of it, just don't tell him it's there. There are plenty of utilities built in to most OS to see what users are accessing what, so don't let a bad neighbor put you off.
I know the administration of my simple Linksys router is very nice, and even little ol' me with little exp. was able to secure it enough to where a good friend couldn't see it.I do not have a psychiatrist and I do not want one, for the simple reason that if he listened to me long enough, he might become disturbed.
-- James Thurber