OT: MSN Messenger

Seconded !

In message , AstraVanMan writes

Getting it working is one thing. Getting it secure is something completely different. In my experience, the best way to break a perfectly working wireless network is to try to get WEP working on it.

At the very least, you need to lock down the MAC addresses on the access point/router (assuming it's not an Ad-hoc network) and enable WEP in 'Shared Key' mode if you can get it to work without tearing too much of your hair out. Either of these will defeat the vast majority of potential abusers, but they won't stop someone who really knows what they're doing. WPA (an alternative to WEP) is supposed to be 'totally secure' but a lot of hardware doesn't support it and I don't think the earlier versions of Windows do either. Besides, they reckoned WEP was 'totally secure' until someone proved that it could be cracked in a matter of minutes.

Once you have everything set up and all of the PCs working, turn off the access point's SSID (if it will let you.) This will stop it from advertising its presence to all and sundry, so with a bit of luck you won't attract attention in the first place.

If all of the above is too much hassle, then at least try running something like 'Airsnare' (it's a free download, Google will find it.) It won't stop someone from remotely abusing your network, but at least it will inform you if they do.

It's a detail that many people overlook, but you leave yourself open to neighbours stealing your bandwidth if you don't. Worse still, someone could abuse your Internet account in a way that might just bring plod knocking at your door.

Of course, if you live in the middle of nowhere, you can probably safely ignore the whole thing.

It's the only one I wil use TBH.

errrr thirded? :o)

All sounds like excellent advice - thanks a lot. One thing - what's WEP?

Security is definitely the next thing on the list though - people using our bandwidth is one thing, using it for illegal purposes which could, like you say, is far more serious. As is the potential for people to hack into our computers. Mind you, with my own PC, I click "disable radio" whenever I'm away from the computer, so it's disconnected just as before if I'm not around.

Peter

Get Circumcised to e-mail me

WEP = Wireless encyption protocol, your router will have it as an option. It's normally pretty simple to enable WEP.

Nb before some pedant picks up on it WEP is sometimes known as Wireless Equivalent Privacy.

No intention of being pedantic, but the orignal meaning is "Wired Equivalent Privacy." The wording is crucial if the intention is to be understood - they're saying "Don't worry about this new-fangled technology, it's just as secure as your old wired network" *Cough* Bullshit! *Cough*

The vulnerability of WEP is the fact that it constantly uses the same key. My understanding is that if you monitor the encrypted packets for long enough, patterns become apparent, eventually giving away the key.

WPA gets around this by using a constantly changing key. To use an on-topic analogy, it's like the difference between the old fixed code radio remote car alarms, and the newer ones that use a rolling code.

They're touting WPA as totally secure, but then it wasn't long ago that they were saying the same about WEP. I'd be very surprised if it was genuinely uncrackable - what remains to be seen is whether cracking it is within the capabilities of a determined, knowledgable individual. No degree of encryption can wholly make up for the fact that you're broadcasting your data to all and sundry, rather than keeping it safely tucked away in wires inside your building.

Back to practicalities: WEP is much easier to set up if you have at least one cabled connection to the router/access point. The reason for this is simple: At some point you *will* c*ck up one of the settings, rendering the router inaccessible by wireless. If you can only configure the router via wireless, this means sticking a paperclip in the reset hole to restore the factory defaults and starting the whole configuration process from scratch. With a cabled connection, you can just go back in and change whatever it was that you did wrong.

How paranoid are you feeling? How safe are your wires?

cheers, clive

David Thornber ( snipped-for-privacy@thornber.demon.co.uk) gurgled happily, sounding much like they were saying :

never actually working, IME.

Personally, I'm not that paranoid. That's why I can live with MAC address lock-down and WEP, even though I know they're not foolproof. If my data was sensitive enough for me to be worried about wired security, I wouldn't consider any wireless connection, regardless of supposed encryption strength.

My thoughts exactly, inasmuch that if somebody on our street really wants to see what I'm doing online... heh well it's hardly exciting. :)

I'll have to take your word for it because (looks at shoes and mutters) I haven't actually tried it. My old access point didn't support WPA, and when I bought the combined access point/modem/router (which I believe does) I simply configured it to use the same wireless security settings so I didn't have to bugger around with the clients too much.

Maybe one day I'll give it a try, though if what you're saying is correct, maybe I shouldn't.