Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 12-08-2006, 09:02 AM
Erik
Guest
 
Posts: n/a
Default using wireless internet without security

Some families in my neighbourhood are using wireless internet without any
security.



I know that using security (password or Mac-address filtering) is often
advisable, but I would like to know better what risks are involved by having
an open wireless network:

1) Can virus spread across a wireless network between computers which are
only sharing the internet connection?



2) Is it possible for users sharing an internet connection to gain access to
files on other computers sharing the connection?



Thank you

Erik





Reply With Quote
  #2 (permalink)  
Old 12-08-2006, 03:24 PM
Todd H.
Guest
 
Posts: n/a
Default Re: using wireless internet without security

"Erik" <erikbach-fjerndette-@stofanet.dk> writes:

> Some families in my neighbourhood are using wireless internet without any
> security.
>
>
>
> I know that using security (password or Mac-address filtering) is often
> advisable


MAC filtering is very easily bypassed by anyone other than casual
snoopers. The same can be said of WEP encryption which can be
broken in minutes using freely available tools.

>, but I would like to know better what risks are involved by having
> an open wireless network:
>
> 1) Can virus spread across a wireless network between computers which are
> only sharing the internet connection?


Absolutely, but that's an issue orthogonal to the whole wireless
equation, and more a risk of putting a group of computer on the same
network.

However, if you lack a hardware firewall or home office router today,
you'll be adding no additional risk of network based piece of malware
spreading to you from the internet right now. If you have a "software
firewall" or are using windows firewall on your machine already, and
if you configure it not to trust computers on your local area network,
you'll be in as good a shape as you are against internet based attacks
today.

> 2) Is it possible for users sharing an internet connection to gain access to
> files on other computers sharing the connection?


Absolutely. With similar caveats above though. The difference
between an internet based threat and one of a local area network is
often in how the packet filter software ("software firewall") is
configured. Many of these programs trust the computers on your LAN
implicitly, which if file sharing is being used, would leave them open
to a neighbor jumping on the open access point.

Other more worrisome things, however, would be johnny neighbor jumping
on the open access point, running script kiddie attacks against
goverment networks, then men in black start knocking on the front door
inquiring about the illegal hacking activity originating from that
internet connection.

If you want to frighten the neighbors into action, that's the threat
that's most compelling. And add that with directional antennas, the
attacker could be up to a mile away.

WPA security with a strong, random, long passphrase is what they
should implement. Don't bother with WEP or MAC based filtering, and
SSID hiding tends to cause the legitimate owner more headache in
getting legit computers configured than it provides in any obscurity.

Best Regards,
--
Todd H.
http://www.toddh.net/

Reply With Quote
  #3 (permalink)  
Old 12-11-2006, 10:38 AM
John Hyde
Guest
 
Posts: n/a
Default Re: using wireless internet without security

On 12/8/2006 7:24 AM, Todd H. wrote:
> "Erik" <erikbach-fjerndette-@stofanet.dk> writes:
>
>> Some families in my neighbourhood are using wireless internet without any
>> security.
>>
>><SNIP>


> WPA security with a strong, random, long passphrase is what they
> should implement. Don't bother with WEP or MAC based filtering,


Unless your hardware does not support WPA, then use what you have. Even
though it is easily broken, you should be using something until you
replace the hardware. And you *should* replace the hardware if it does
not support WPA

Reply With Quote
  #4 (permalink)  
Old 12-12-2006, 07:48 AM
John Hyde
Guest
 
Posts: n/a
Default Re: using wireless internet without security

On 12/11/2006 11:32 AM, Sebastian Gottschalk wrote:
> John Hyde wrote:
>
>>> WPA security with a strong, random, long passphrase is what they
>>> should implement. Don't bother with WEP or MAC based filtering,

>> Unless your hardware does not support WPA, then use what you have.

>
> What a nonsense.
>
>> Even though it is easily broken, you should be using something until you
>> replace the hardware.

>
> Because it's easily, it's not "something" at all.
>


You know the story about the bear? WEP is like the red sneakers. It
won't stop an even moderately deterined attacker, but it will keep the
neighbor kid who does not know about cracking tools out of it. Even an
attacker will likely go after the easy targets first. Besides, I did
say replace it, right?

Reply With Quote
  #5 (permalink)  
Old 12-12-2006, 10:49 PM
Roger Hammonds
Guest
 
Posts: n/a
Default Re: using wireless internet without security

What's all this other stuff in addition to "WPA"? I set my router to:
WPA-PSK [TKIP] + WPA2-PSK [AES] Does all that additional stuff add to
security?

Thanks
RH

Reply With Quote
  #6 (permalink)  
Old 12-13-2006, 12:29 AM
Todd H.
Guest
 
Posts: n/a
Default Re: using wireless internet without security

Roger Hammonds <roger@cox.net> writes:

> What's all this other stuff in addition to "WPA"? I set my router to:
> WPA-PSK [TKIP] + WPA2-PSK [AES] Does all that additional stuff add to
> security?


Not appreciably, no.

Biggest determining factor in your security using WPA with a
pre-shared key (PSK) is how long, random and complex the passphrase is
that you select for the pre-shared key.


--
Todd H.
http://www.toddh.net/

Reply With Quote
Reply


« DSL Modem w/ Verizon | Report of email addresses having abused remailers »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
1st PC build bryant.rossiter@gmail.com alt.comp.hardware 28 09-09-2006 10:04 PM
From Internet to Wireless Fidelity (Wi-Fi): A Study of Wi-Fi Public Hotspots Users. EsPUdeh@gmail.com alt.internet.wireless 1 07-31-2006 09:26 PM
Call For Chapter - Book in Enterprise IT Security : Invitation for chapter proposal Francine HERRMANN comp.security.misc 0 08-29-2005 06:00 PM
Hacking attempt? MoNk Wireless Networking Discussion 1 05-11-2005 10:21 AM


All times are GMT. The time now is 04:24 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45