Thread: How safe is my wireless home network
View Single Post
  #5 (permalink)  
Old 05-13-2007, 04:40 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: How safe is my wireless home network
"Petesmad" <pete@here.com> hath wroth:

>I have recently set up a home wireless network using a adsl2+router which
>was supplied by my isp. Which I have set up with a long wep key, not sure
>how great it is but just followed the manual.

WEP encryption can be cracked in a few seconds. Please switch to WPA
or WPA2 encryption.

There are two dangers.
1. Someone breaks your encryption key and then breaks into your
computah.
2. Someone sniffs your traffic and extracts logins, passwords, credit
card numbers, etc from the captured traffic.

>Having read a lot of reports of wireless networks being "hacked" into I
>started thinking how safe is my computer.

The basics are:
1. Good encryption system which means WPA or WPA2.
2. Selection of a good encryption pass phrase. Long and complex is
recommended as dictionary attacks will work or short phrases.
3. Change the router password. If your router does SNMP, change the
read and write community names.

There are also various "experts" that offer additional ways to secure
a wireless network. Methinks the suggestions are worthless and
usually cause more problems than they prevent:
<http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security>

Also, note that a reasonably clever 14 year old can extract your WPA
key from the Windoze registry in a few seconds. It's not necessary to
crack the key over the air if someone has access to your PC.
<http://www.wirelessdefence.org/Contents/Aircrack-ng_WinWzcook.htm>

>Can anyone offer any information in helping keep my wireless network safe.

See the FAQ at:
<http://wireless.wikia.com/wiki/Wi-Fi>
<http://www.metageek.net/Support/Docs/Recordings/Uniden_Cordless_Phone_and_Wi_Fi_Network/>
There's other stuff in there such as how to secure your laptop at a
wireless hotspot that might be of interest.

>All quite interesting stuff. I thought the best way of thinking about
>security is think what would the would be hacker do with that mindset I
>guess you could help protect yourself. Its a shame I understand very little
>about the subject :). How does this swarm of wirelss hackers do what they do
>?

I really don't want to supply a tutorial on how to do wireless
breaking and entry. You can find these yourself with Google.

In general, the average neighborhood hacker is not interested in
breaking into your computer and stealing your pornography collection.
What they want is to use your broadband connection for internet access
or to borrow your computer to store some of their junk. If really
evil, they'll grab some bank or credit card email, log a few
passwords, and try for identity theft. They can do it much easier by
just raiding your postal mailbox and grabbing some of those blank
checks the credit card companies send to sponsor identity theft
problems.

What you should be worrying about is crimeware, which is usually a
trojan horse program, installed on your computer for the purpose of
distributed denial of service attacks and the usual keystroke loggers
for identity theft. These will go right through a firewall because
they are downloaded via email or via a web browser. No amount of
wireless encryption is going to stop these. It has to be done by
maintaining updates and installing prophylactic software such as virus
and spyware scanners.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote