Go Wireless or NOT?

mobri09 · November 2004

I am new to the wireless world and I have an important concern that is interesting. I have a small workgroup network that was controlled by a 4 port wired router DI-704p until the router just died on me yesterday.
Ok, here we go: Since i am in the market for a notebook computer, I want to go wireless for the notebook computer in my house and still have my workgroup network NON Wireless, because of security purposes and performance. So instead of purchasing a regular router again i was thinking of getting the dlink DI-524 wireless router for my notebook and still have 4 ports for my workgroup network that wouldn't be wireless.
Here is the biggest factor though!
My next door neighbor is a computer guru and he is good, no doubt about that. The problem is were not friends and I'm extremely afraid he would be able to compromise my network if i set it up this way. My question is what are my options for me if i go down this path...? I just have basic knowledge right now in the wireless enviroment and i just want to be on the safe track here. I have valuable info on my network at the present time. Is there a possible way that i could just make the notebook use the wireless enviroment and have my workgroup network be totally isolated from the wireless activity. I believe if it's possible to get into the wireless router then he would be able to access my non wireless workgroup network! All the info and tips will definitely help! Thanks for your time everyone, like always! Hopefully i put this thread in the correct forum!

Gawd · November 2004

Well, Definatly your gonna want to enable either WPA or WEP Encryption with a very difficult password. Although, if he is right next door, he can just leave his computer running there doing brute attacks and eventually(Could takes weeks, months, etc.) he would be able to crack it.
Im not completly sure about seperating the Wireless Notebook and the Wired LAN, With a router shouldnt you just be able to create 2 VLANS? Dunno if that is enough to do the trick.

Gawd

Gawd · November 2004

One more thing, if you have the option, you should disable the broadcast of your ssid so you dont tip him off of your wireless network.
Ive never tried it, but I believe that makes the wireless network sort of invisible.

Gawd

spudnik · November 2004

Simple secure it by MAC address access only

eastp · November 2004

spudnik wrote:

Simple secure it by MAC address access only

This is not sufficient since MAC addresses are sent in the clear as required by the 802.11 specification. As a result, in wireless LANs that use MAC authentication, a network attacker might be able to subvert the MAC authentication process by "spoofing" a valid MAC address.

MAC address spoofing is possible in 802.11 network interface cards (NICs) that allow the universally administered address (UAA) to be overwritten with a locally administered address (LAA). A network attacker can use a protocol analyzer to determine a valid MAC address in the business support system (BSS) and an LAA-compliant NIC with which to spoof the valid MAC address.

I suggest that you read up on security about wireless LAN’s and there FLAWS, before implementing one

drewm320 · November 2004

I'm not sure about that particular model, but some wireless AP/routers allow you to control the transmit power and consequently the range of the device. If you fiddle with that you can probably adjust the range to the point where you can't connect with your laptop from outside your house.

Also most home AP/routers have a HTTP configuration interface with a standard tcp port and login. Be sure to change both of those.

Combine that with WEP (change the key at least once a month, more if you have heavy traffic) and MAC filtering and a hidden ssid and you will probably make your system hard enough to crack that he won't bother.

mobri09 · November 2004

Thanks for all of your information, but like most of you said...I should and I am going to do more research before i go through with this.

Gawd · November 2004

On the same subject. On a p2p network w/ winxp machines, is there a way to kind of monitor if someone is connected to your wireless ap?

Gawd

triple J · November 2004

Two tips:

1. Put the access point on the side nearest to the neighbor, then use reflectors to reflect the signal away from his house. An added bonus is that you'll have some signal gain into your house.

2. If you have XP machines you can implement IPsec on all communications. Even if he cracks the WEP or WPA there'll be another layer of encryption for him to break. It's easy using mmc and the IPsec snap-ins.

I think if you use those measures along with changing your WEP key often enough you'll be in good shape. It would be easier for him to break in and just use the computers then to crack the network.

Gawd · November 2004

heh. yea, How are your door locks?

Gawd

mobri09 · November 2004

hahah

Well I made a decision of just purchasing another dlink wired router for now and keeping my network the same until i further research this wireless technology. Thanks again for all the valuable information everybody!

cliffjag1987 · November 2004

You can use the IEEE 802.11 G or IEEE 802.11 I.

For this you don't have to worry that he can your info. It is fully ENCRYPTED and takes about yearssssssssss to DECRYPT it.
802.11 i just became a standard and i can advice you to go with that one

Gawd · November 2004

I dunno what 802.11i is. But with an easy password it can take seconds to decrypt. With a hard password of Letters, Numbers and Special Characters it could be hours, days, weeks, months, etc. All depends on luck really.

Gawd

Mrock4 · November 2004

802.11i introduced the RSN (Robust Secure Network) protocol, and uses EAP (Extensible Authentication Protocol) as end-to-end transport for authentication from the NIC to the WAP. It uses CCMP encryption, which is based on the AES encryption algorithm. It's basically designed to fill in security holes that the previous protocol's missed. Still not unbeatable, but better.

cliffjag1987 · November 2004

Gawd Posted: Fri Nov 26, 2004 9:53 pm Post subject:

I dunno what 802.11i is. But with an easy password it can take seconds to decrypt. With a hard password of Letters, Numbers and Special Characters it could be hours, days, weeks, months, etc. All depends on luck really.

Gawd

For sure if somebody know the username & password it will be easy. Thats why when you fill in your username & password and authenticate its fully encrypted. Means it will be very very hard to decrypt. Its just like the NOT wirelless networks , if somebody know the password it will be very easy to access the network.

Gawd · November 2004

Yea, What I meant tho, is that if you dont use a very hard password, like something from the dictionary, and app like airsnort will cracks it extremly fast.
What programs like airsnort do is attack it with a dictionary file, if that dont work, it goes to brute attacks of random characters.

Gawd

RussS · November 2004

You want 8 charachters for a reasonably strong password

Th0m@S2! is an example of a strong password that would take a reasonable time for a password cracker to figure out. For places where they have high security where they require strong passwards and have password life of 1 - 3 months they often don't use passwords, but use pass phrases ... "Been @ Long Time Since ! Rock & Rolled"
That pass phrase would be virtually uncrackable even using a supercomputer. However, it the user always used Led Zepplin for his pass phrases he would be susceptible to social engineering.

mobri09 · November 2004

I would assume many people forget there passwords because there so complex sometimes, I know I would!

Gawd · November 2004

yup.. mine is random letters, numbers, variations of caps, etc. it is about 20 characters and has no meaning to me. lol.

Gawd

Computer_Wizz_Pizzaguy · November 2004

I am in the Nebraska Air Guard.... my take on wireless is that until the military finds a way to use it, I'm out. I use the same logic on all the patches for windows, or any other system. We have an agency that tests them before can use them

.

Kinda nice if you ask me.

skully93 · November 2004

Gawd wrote:

One more thing, if you have the option, you should disable the broadcast of your ssid so you dont tip him off of your wireless network.
Ive never tried it, but I believe that makes the wireless network sort of invisible.

Gawd

It definitely helps. Unless he has a Linux box set up for the purpose, hiding the SSID will make it more difficult. I'm in a similar situation, with people all around me just aching to leech my connection.

The other end of it, just don't tell him it's there. There are plenty of utilities built in to most OS to see what users are accessing what, so don't let a bad neighbor put you off.

I know the administration of my simple Linksys router is very nice, and even little ol' me with little exp. was able to secure it enough to where a good friend couldn't see it.

Go Wireless or NOT?

Comments