Security Of Home Network

Conor108

I have set up a wireless network at home using that USB key method under Network Connections. Now from the laptop I can access shared folders on the desktop wirelessly but Im (parranoid-ely) worried about how secure it is. Is there someway I can test how secure it is? The wifi is WPA2 encrypted and all that jazz but I dont know alot about security.

Thanks

NullZer0

For a home connection, the best thing to do is use WPA2 and define your laptop/wireless devices mac addresses on the router so that only they can connect.

Also turn off the SSID broadcast so other people cant see it.

Moriarty

Use WPA2 encryption and as long a password made of random characters as you can cope with (eg, something like gEmuqun3@2#pRepruY6pReCRat-!uXe6P$5UFr@=ujenu=ruc-) and you'll be fine. Remember that you should only need to enter the password once if you tick the 'remember password' box, so it's not much effort to go to.

Don't bother with filtering by mac address or turning off SSID broadcast, both are trivial to get around and invariably just end up causing you more hassle.

NullZer0

Moriarty wrote: »

Don't bother with filtering by mac address or turning off SSID broadcast, both are trivial to get around and invariably just end up causing you more hassle.

This is what can make the difference between a good network admin and a great network admin. By turning off the SSID and filtering by Mac address you are decreasing the surface for attack.

How many average users know how to spoof a mac address?
If someone really wanted to gain access to WPA2 a quick google search would turn back this http://www.shawnhogan.com/2006/08/how-to-crack-128-bit-wireless-networks.html and many others

ntlbell

iRock wrote: »

This is what can make the difference between a good network admin and a great network admin. By turning off the SSID and filtering by Mac address you are decreasing the surface for attack.

How many average users know how to spoof a mac address?
If someone really wanted to gain access to WPA2 a quick google search would turn back this http://www.shawnhogan.com/2006/08/how-to-crack-128-bit-wireless-networks.html and many others

The difference between a good net admin and a great one lol

I suppose if he moves HTTP ports to port 81 and changes SMTP banners to show tomy toy laptop SMTPD he will be AWESOME?

This is why I have started to read less and less of tech the standard of muppetry has just gone through the roof; it's getting pretty close to After Hours now

NullZer0

ntlbell wrote: »

The difference between a good net admin and a great one lol

I suppose if he moves HTTP ports to port 81 and changes SMTP banners to show tomy toy laptop SMTPD he will be AWESOME?

This is why I have started to read less and less of tech the standard of muppetry has just gone through the roof; it's getting pretty close to After Hours now

So you don't agree that the network would be more secure?
Believe me I've learned from mistakes.

Aw well, guess you showed me.

ntlbell

iRock wrote: »

So you don't agree that the network would be more secure?
Believe me I've learned from mistakes.

I don't see how it makes it anymore secure no maybe you could enlighten me.

But if you look here for a bit of amusement

(the top 6 dumbest ways to secure a network )

You made the top two you're on your way to greatness.

lolz

NullZer0

ntlbell wrote: »

I don't see how it makes it anymore secure no maybe you could enlighten me.

But if you look here for a bit of amusement

(the top 6 dumbest ways to secure a network )

You made the top two you're on your way to greatness.

lolz

I respect your point but the original post was "Security Of Home Network" - Home Network. In typical home setups the first problem you'll probably have is a neighbour connecting (say in an apartment block) so I would say use WPA2, hide the SSID (the typical user isn't going to go look for it), and limit by Mac address too.


At the same time I'm glad I didn't say

Just use 802.11a or Bluetooth

Maybe someday I will be as knowledgeable as you and start reading zdnet blogs.

The FACT is that the above measure still lower the area for attack.


What would you recommend? A radius server in his kitchen?

rmacm

iRock wrote: »

How many average users know how to spoof a mac address?
If someone really wanted to gain access to WPA2 a quick google search would turn back this http://www.shawnhogan.com/2006/08/how-to-crack-128-bit-wireless-networks.html and many others

He was using WEP in that article not WPA.

iRock wrote: »

I respect your point but the original post was "Security Of Home Network" - Home Network. In typical home setups the first problem you'll probably have is a neighbour connecting (say in an apartment block) so I would say use WPA2, hide the SSID (the typical user isn't going to go look for it), and limit by Mac address too.

The FACT is that the above measure still lower the area for attack.

What would you recommend? A radius server in his kitchen?

WPA2 with a strong passphrase should be sufficient for home users for the moment. Hiding the SSID and using MAC filtering doesn't really reduce the attack surface as someone who really wants to spoof a MAC address will do so. When it comes to SSID hiding all you're doing is disabling one of the mechanisms by which it is broadcast as that blog that ntlbell references.

It doesn't really matter if it's a home network or not who says the person living beside you isn't a network engineer who cracks wireless networks for a living?

ntlbell

iRock wrote: »

I respect your point but the original post was "Security Of Home Network" - Home Network. In typical home setups the first problem you'll probably have is a neighbour connecting (say in an apartment block) so I would say use WPA2, hide the SSID (the typical user isn't going to go look for it), and limit by Mac address too.


At the same time I'm glad I didn't say

Maybe someday I will be as knowledgeable as you and start reading zdnet blogs.

The FACT is that the above measure still lower the area for attack.


What would you recommend? A radius server in his kitchen?

No as it's a HOME network he more than likley hasn't got the key to the city to hide and the chances of people camping outside his house or neighbours spending time on cracking his wpa2 key or faking mac address's to see his CV or his grannys collection of roseydendrum photo's is pretty slim.

Now he all ready he said he was using wpa2 to encrypt the wifi now. if there is neighbours or other apartments around what difference does it make if the WPA2 is setup correctly? you do understand that when you choose to hide the SSID it can be still seen yea? and still does get broadcasted across the network right? you get this? so turning it off does sweet F A? right?

I don't know what a typical user is but taken joe pc he more than likley won't be trying to crack your wireless so the fact he can see it or not makes little no difference if he is someone who might try just about every tool you use to do it will pick up the SSID regardless of you turn it on or off

penny dropping?

faking a mac with these tools takes a few seconds and they can see the ssid with the same tool

so what does your soloution add?

nothing is the answer

maybe if you read something as "dumbed down" as a cnet blog you might get some clue

NullZer0

Ok, point made. I see what you mean.
I think a less sarcastic approach would have been better though.

About spoofing the Mac address, without going into to much detail wouldn't the attacker need to know the Mac to spoof or does the tool try random sequences (I assume not)

accensi0n

iRock wrote: »

Ok, point made. I see what you mean.
I think a less sarcastic approach would have been better though.

About spoofing the Mac address, without going into to much detail wouldn't the attacker need to know the Mac to spoof or does the tool try random sequences (I assume not)

You can use a sniffing tool to see associated MAC addresses.