I'd just thought i'd share with you all the joy of getting the wireless working on the new laptop. No more hunched over the desk in the worlds most uncomfortable chair, and no more having to "hide away" in the back room just to write some posts.
All i need to do now is to find out whether the range will extend outside to the garage!
I don't suppose if anybody knows, what stops someone else logging into "my" wireless?
Dave
Several things you can do Dave
1) set an access control list on the router, so that only your kit can use it 2) Don't just use WEP to encrypt the data between your laptop and router, make sure that you are at least running WPA-PSK (Wi-Fi Protected Access Pre-Shared Key), with a good phrase as the key, not just a word. 3) Once you're up and running, stop broadcasting the SSIDI have a great piece of kit called Air Defense, and sitting in the front room, I can find 24 wireless access points, of which 3 are secure, and judging by the names in use, the majority of these have been supplied by ISP's. Keep meaning to go for wander and offer to sort it out for them (for a price of course)
Si
Filter by MAC address at the access point.
Have you got a light, Mac?
No, but I've got a dark brown overcoat.*
Stuart
Less reliable than current encryption methods, if I had to rely on one method I'd go for encryption, as MAC addresses can be changed on some cards, most of them in fact, but the software supplied generally doesn't allow it.
Death-Cab for Cutie ...I have it on the Gorilla LP :)
Karen
Dave R came up with the following;:
Mine can ... ;)
Nothing ... though you can seriously limit casual 'passers by' and cause professionals to think twice and move on.
Use the 'Access Control' register in the security settings (depends on kit and software) somewhere, to setup the mac addresses of wireless kit that can access the router and lock out all others. Use WPA-PSK, not WEP, and use an as long as feasible unrememberable passkey which uses alpha and numeric characters ... but be careful that you _know_ what it is. :) Hide the SSID once everything works. It'll still show up on your kit because it already 'knows' what it is, but others won't see it properly. Turn off the wireless bit when you've finished, if possible.
There are a number of softwares that can de-crypt almost anything, and WEP is a piece of pee to de-code, WPA-PSK is harder but still decipherable, given time. All you can do is limit your exposure and doing the above things means your setup is _probably_ much more secure than next-doors, so most casual hackers would simply move on to something easier, and quicker, to get into. There are so many open connections available there's absolutely no need to break into yours, unless you have enemies and/or you're paranoid ... ;)
I think it was "Bigshot"
Stuart
IIRC WPA has a cryptographic weakness when using passkeys, but it's only a problem with passkeys of less than 22 characters long. The pass key doesn't really have to be totally random characters, a phrase that you can remember is OK. While this is easier to guess than totally random characters, it's still strong enough to require them to spend a heck of a lot of time trying to break in. Checking for failed logins once a week will show up whether someone is trying to do this. Adding a few numbers onto the end and beginning of the phrase helps a lot, or even replacing the spaces in the phrase with a digit that forms a number you can remember.
It needs a fair amount of traffic to do it normally, the attacker might get lucky and get enough WEP IVs to start the cryptographic attack with just a few megabytes of information flowing, but I've normally seen several gigabytes of information needed in order to get enough IVs. That takes a while so for a residential user the main thing to fear is neighbours as they have enough time to leave their computers on and trying to break in.
WEP is still better than relying on mac address filtering. People underestimate the difficulty of breaking encryption, just because it can be done doesn't mean it's practical. WEP alone will stop anyone who doesn't really really want to break into *your* network. WPA will stop anyone who's not extremely extremely keen, but in a residential setting they'd be better off just smashing a window and stealing the computer, far easier.
Besides, unsecured wireless connections are a boon to those of us who have to work away from home sometimes, it's very useful to be able to get a free internet connection for reading our email ;-)
This is where I start getting that "let's keep our eye on the ball" feeling. For the purpose, simple filter on the MAC will be fine.
Trying to spoof, guess or sniff the acceptable MAC isn't something that anyone in their right mind would really want to do IMO. Yes, use other protection too if you like, but it's not necessary to view progress as our ability to complicate simplicity.
I leave an open wifi connection for all to use here. It is on the other side of anything else here, and has a content filter, but otherwise, fully open to anyone who wants to use it. Ove the last 12 odd months, only two of the neighbours have done so, and only then by accident.
It's the layering which adds to the security. It makes more problems for the bad guys.
Agreed, I use a four word phrase, the words of which would need a real stab in the dark to connect them, and intimate knowledge of one member of our family ...;)
Yup.
I saw an article from one of the trade fairs that showed WEP being cracked in a couple of minutes in a 'normal' browser style situation, have to dig it out again, and with very small amounts of data. I don't know the technicalities of it, but it was reckoned that so long as 'the target' is browsing and visiting different websites, it can be done quite easily and quickly.
LOL, true. I guess when you've seen it happen a few times, you err on the cautious side, but, like I said, "most casual hackers would simply move on to something easier, and quicker, to get into. There are so many open connections available there's absolutely no need to break into yours"
Heheheh, We're in Oswestry this weekend ... ;)
I did the same for a while, but given that moving to the next *room* makes the connection drop I dropped the whole wireless idea. I think there must be chickenwire in the walls!
Personally I think typing the same password into both ends of the link is easier still and more reliable, as you can then use different cards, so MAC filtering seems to be a waste of time.
Still, if that's what you've set up then fine ;-)
Not had any trouble getting the MACs in the past, my wireless gear is defunct now, must fire it up again sometime.
A WEP implementation can in theory be criminally stupid, in such a case, where they're supposed to be using a random number with good entropy, they could use a simple incrementing counter, meaning they can be broken extremely easily. I've never come across such an implementation though. I've also not read up on WEP anyway for a fair few months, as I don't tend to advise customers to use it.
There's some argument for leaving an open access point on your network too, what with the guilty-until-proven-innocent culture we're moving towards, and the way that things that are legal are being made illegal through the back door, it can be handy to have a get-out clause. Whether an open access point would help or not is another matter!
Oops, checked the LP, yes, Bigshot. Same LP, so many classics on that one.
Karen
I find getting access on the move a problem and cannot understand why B&Bs don't seem to offer something like the above.
How does is stand with a "normal" contract with an isp?
What dangers are there to the less technically competent?
How can you stop a "guest" from hogging bandwidth?
AJH
ISTR my ISP contract forbidding me from passing bandwidth on to others, although this might only be if I charge for it, can't remember. The concern is if someone starts doing something illegal from your connection, how do you then prove it's not you? In theory it has to be proven that it *is* you (innocent until proven guilty) but that doesn't seem to be the way things work any more.
Someone abusing the connection to do something illegal, or to hack your computer and get things like bank details etc for ID theft or to rob your account.
Bandwidth capping on the wireless router, this needs a firewall with the capability though.
In most cases, the act of "logging on" is considered enough to prove intent. However, how does one define "logging on" to an always-on connection? The only way would be to rigidly enforce a logon/logoff regime for all authorised users of the computer(s), and then produce the logs in the event of a query. That would however involve using Windows NT, 2000 or XP and ensuring that everyone was careful. Alternatively, firewall/router logs could show that the computer used wasn't in the normal run of your network - although with most using DHCP that would be difficult. XP home assumes everyone wants to be administrator, you can't even get home Linux users to logon as anything other than root, FFS!
Stuart
MotorsForum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.