WEP vs. Using MAC Filter for security question

Status
Not open for further replies.
I have 2 wired desktops and one wireless laptop. I am having a problem with making a connection when I use WEP. If I instead use the "MAC Filter" option on my Belkin Router to set the MAC #'s of only the computers that I wish to allow to connect to my network, wouldn't this in effect keep hackers out so that I do not need to use WEP?
 
Hi
Well, doing the mac only thing will keep ppl out for a shorter period of time than if you ran the wep and mac thing. Tools are available (to tools that want to hack your stuff) that will make short work of unencrypted wifi traffic. If you live in a rural area this might not matter much as there's a reduced risk of being noticed and targeted. If you live in a urban area you will probably be noticed. And then there are tools such as the ones I know who like to drive through town with tools running in their laptops, conected to gps, so they can log the wifi ap's of an entire town and make a map showing all.
 
CrashDummy said:
I have 2 wired desktops and one wireless laptop. I am having a problem with making a connection when I use WEP. If I instead use the "MAC Filter" option on my Belkin Router to set the MAC #'s of only the computers that I wish to allow to connect to my network, wouldn't this in effect keep hackers out so that I do not need to use WEP?

MAC filtering isn't anymore secure than WEP. MAC addresses for NICs can be changed on the fly using software - which opens up plenty of doors for hackers.

But all in all, WEP and/or MAC filtering are very good deterrents, because most hax0rs (and especially casual ease droppers) will go onto the next unprotected WiFi access point.
 
I say do both:

MAC
WEP
or
WPA-AES

or if you have those new security features like WPA-AES along with MAC filter.
 
As already said, the MAC filter is only a minor obstacle to a determined intruder. Furthermore, if you don't use encryption like WEP or WPA, then most of your own network traffic is visible to everyone meaning that your passwords and traffic content are broadcast plaintext to everyone in your wifi radius.
 
Locks keep honest folk honest

The book on securing wireless:
1) position your AP so that you dont broadcast beyond your area - eliminate as much radiation leakage as possible.
2) change your SSID - possibly change it regularly.
3) dont broadcast your SSID - these 2 items lower your profile. Remember that an open WAP broadcasting linksys is code for please use me.
4) use WPA, not WEP & rotate the key - WEP can be broken in minutes. There are numerous articles on cracking WEP & WPA, but if your passphrase is long enough (20 chars min), and you only have a few clients, WPA can be good enough. The more clients you have, the greater the risk.
6) change user (if you can) and certainly the password.
7) if you must allow unauth'd traffic, establish trusted & untrusted VLANs.
8) turn it off when you're not using it.
9) if your clients start getting kicked, suspect a break-in attempt & change everything. The first step in cracking "secured" wireless is to get the SSID, and the 2nd easiest way to do this is to force clients to re-auth. Each auth request sends the SSID in clear text. The easiest way is to social it.
10) dont write your keys or SSIDs down. Keep control of your laptop.

The secret to security is to balance the lock against the value of the goods (information) behind the door, and to avoid making the door so shiny it attracts attention.
 
Change the SSID true you should do that in any case. Give it a name that you give your network (workgroup or mylocal.domain for home users).

Some WR also give you the option to block the SSID from being broadcast and shown on programs like passmark wireless mon.

As for the keys there are many options you can try. Just remember what keys or method you choose, because if you mess up you'll have to start all over again.
 
Here's the WiFi Security Outline ...

YosefM said:
The book on securing wireless:
  1. 1) position your AP so that you dont broadcast beyond your area - eliminate as much radiation leakage as possible.
  2. 2) change your SSID - possibly change it regularly.
  3. 3) dont broadcast your SSID - these 2 items lower your profile. Remember that an open WAP broadcasting linksys is code for please use me.
  4. 4) use WPA, not WEP & rotate the key - WEP can be broken in minutes. There are numerous articles on cracking WEP & WPA, but if your passphrase is long enough (20 chars min), and you only have a few clients, WPA can be good enough. The more clients you have, the greater the risk.
  5. 6) change user (if you can) and certainly the password.
  6. 7) if you must allow unauth'd traffic, establish trusted & untrusted VLANs.
  7. 8) turn it off when you're not using it.
  8. 9) if your clients start getting kicked, suspect a break-in attempt & change everything. The first step in cracking "secured" wireless is to get the SSID, and the 2nd easiest way to do this is to force clients to re-auth. Each auth request sends the SSID in clear text. The easiest way is to social it.
  9. 10) dont write your keys or SSIDs down. Keep control of your laptop.
As YosefM said:

The secret to security is to balance the lock against the value of the goods (information) behind the door, and to avoid making the door so shiny it attracts attention.

:approve:GREAT POST, YosefM!:approve:

(imo: this ought to be a Sticky AND an entry in Problems Solved )
 
Thanks for all the good info. Now that you made me paranoid I have a few more questions.....

I sometimes log on to my neighbor's wifi open signal....but I never see any of their data comunications..... So is special software needed? Exactly where does one go, or what keys are pressed if a neighbor wanted to peek. And exactly what kind of stuff is open for curious neighbors (not so much professional hackers) to see. Could emails be seen, or would you be able to tell what websites the person visited, or can you see im's typed in chat rooms? What about any banking transactions online?

Can a curious neighbor with hardly any computer savvy see that stuff without special software? (IF they need special software, is that readily available for a small price?)
 
Whatever your neighbour does, it's his/her business. We will not help you eavesdrop on them.
 
No, no one here is going to help you or anyone spy on other people. I am posting this to make people aware of the dangers of wireless (and wired too).

CrashDummy said:
special software needed?
Yes. And a high quality wifi adapter.
And exactly what kind of stuff is open for curious neighbors (not so much professional hackers) to see. Could emails be seen, or would you be able to tell what websites the person visited, or can you see im's typed in chat rooms? What about any banking transactions online?
Everything that is not encrypted can be seen. That includes most email. (Most web mail services encrypt the authentication process, but the content is still trasmitted in plaintext). Most websites do not use secure authentication, so your passwords and usernames are plaintext. All non-https website content is plaintext. Virtually all FTP traffic is plaintext. All DNS queries are plaintext (so one can see what servers you use). IRC is usually plaintext, instant messaging and other chat solutions may be plaintext. Internet is rather transparent really :)

Banks and other money-related services do use encryption, so you don't have to worry aboyut that.

Can a curious neighbor with hardly any computer savvy see that stuff without special software? (IF they need special software, is that readily available for a small price?)
You can get the tools for free. It does take some effort to use that stuff, but one can find script kiddie guides online if he so desires.
 
the burden of learning

I hope you realize that, having requested & gained this knowledge, you are now obligated to assist your neighbor in locking you out of their network?

Seriously, help 'em out - you might just gain a friend.
 
i have an older linksys 802.11b wireless router (I know i need to upgrade to at least g). I use WEP, MAC address and have broadcat SSID disabled. With my comps off, I still see activity lights on cable modem and router flashing. So, is there a montoring prgram or some way to see if unauthorized users are accessing my network?
 
Do you have an activity light for wireless too? If that one is blinking, then I would be worried.

Some routers allow you to view active wireless clients and/or active TCP connections.

The traffic between the modem and the router is just normal internet background radiation. Keepalive signals, broadcasts, random sweeping port scans - nothing to worry about really.
 
fish4specs said:
i have an older linksys 802.11b wireless router (I know i need to upgrade to at least g). I use WEP, MAC address and have broadcat SSID disabled. With my comps off, I still see activity lights on cable modem and router flashing. So, is there a montoring prgram or some way to see if unauthorized users are accessing my network?
Remember, the Inet is a public highway and there's always traffic on it.

specifically, your subnet on the ISP has more than just you on it, and
therefore the NIC cards in all this hardware are seeing it and flash lights to
show the device(s) are working ok :)
 
CrashDummy said:
Thanks for all the good info. Now that you made me paranoid I have a few more questions.....

I sometimes log on to my neighbor's wifi open signal....but I never see any of their data comunications..... So is special software needed? Exactly where does one go, or what keys are pressed if a neighbor wanted to peek. And exactly what kind of stuff is open for curious neighbors (not so much professional hackers) to see. Could emails be seen, or would you be able to tell what websites the person visited, or can you see im's typed in chat rooms? What about any banking transactions online?

Can a curious neighbor with hardly any computer savvy see that stuff without special software? (IF they need special software, is that readily available for a small price?)

If you're concerned about your neighbor spying on you, then there's probably nothing to worry about. Extracting information from indescriminately broadcasted packets requires someone who is very knowledgable and specialized software. Your average neighbor hasn't a clue....
 
Home Network Infrastruture

I use passmark wireless mon to monitor my wireless network connections, you can do a lot with it also. But you can see what others in your surrounding area were you live would see if they had the same installed on their system.

Broadcasting:

Status
SSID
MAC
SPEED
Encrypt
Signal Strenght
Channel

etc...

as seen here:

wlanmonscreen.png
 
Using AM Radio Station to get a good wireless signal

There is another way to improve your wireless signal in your dwelling by using an AM radio on a station where there is no talk, no music just to get a clear channel with not static interference. So the idea is to place that wireless router in the basement where you get a clear station. This will give you the best possible signal in your dwelling.

Which would be EXCELLENT, then Very Good, Good...

So far so good in my case...

On two floors the signal is is EXCELLENT on the third it's Very Good!
 
Thanks Rick and others.... good to know that it is not all that easy to spy for a casual neighbor user. That makes me feel a little better. And no to Didude and Notsue.... i have no desire to spy on neighbors....could care less about what poop my neighbors might have in their puters or emails ....heck, i don't even listen to their phone conversations anymore.
 
poertner_1274 said:
Now that's funny....

I once encountered a glitch involving my dialup internet and my cordless phone. what I could do was dial up for the net, while it was dialing, turn on my cordless phone and then pull out the base station power.

From this, somehow the signal got screwed up and I could listen to a phone conversation of someone up the road. I actually recognized the voice and would estimate the distance to be at least 100m away. I was also able to reproduce this behavior at different times on different occasions.

Was cool for a while except they weren't very interesting.

And WEP is hardly even security, A dedicated hacker can easily crack a wep signal quickly with almost no traffic. On my own network when I didnt actually use the wireless, but it was enabled. I setup a dedicated computer running a windows wep program and just left if for 2 weeks and it got my key no problem at all. this was with NO TRAFFIC, so you can think of the difference it would make with even the slightest amount. Go for WPA-2 as it is alot harder to crack, or at least use no standard keystrokes such as the Pi character as this makes it alot harder.
 
There are so many wide-open networks avaialble in both rural and non-rural areas, neighborhoods, apartment complexes, etc., that GENERALLY, if you have sone kind of encryption, any "hacker" that might want to see what you have going on will most likely bypass your SSID and look for an unsecured one. You have to remember, that if you can readily connect to your neighbor's signal and gain internet access and general access to their network, they most likely are not computer savvy themselves and don't have a clue as to what you are doing or even on their network. We could have the which securoty is better debate all day, but some is better than none and if you are a general computer user/internet browsing type of person (which greater than 90% of people are) and you are not dabbling in illegal activities, you should have not to much to worry about.
 
I myself find that MAC filtering and disabling of the SSID broadcast to be a waste. I force WPA2 only and use a 63 randomized character for my pass phrase. I wish anyone luck that wants to waste time trying tot crack it. Here's a good place to generate a random 63-character pass phrase: http://www.yellowpipe.com/yis/tools/WPA_key/generator.php

Mictlantecuhtli said:
Does XP (or whatever you use) support WPA2? It's better than normal WPA.

Requires KB893357 to be installed and then it will support WPA2.

http://support.microsoft.com/kb/893357
 
Status
Not open for further replies.
Back