how to check

Where can I check to make sure if, when and by who illegal login (attempts)
where made?

(PC Win2KSP4 and notebook Vista wi-fi networked using router-modem with WPA
secure connection)



--
regards,

|\ /|
| \/ |@rk
\../
\/os

There isn't.

Even besides that there is no way to know "who" because personal
identification is not a requirement to "login",...it is just a WPA Key.

Even besides that since the "login" failed there is nothing to "know"
anyway. At best you might get a MAC addess (an IP# would not have been
granted untill successful), but if that is ever visible anywhere would
depend on the wireless router-modem device you have and what it is capable
of showing you. Personally I don't know of any that do or where you would
look.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Linea Recta" <(E-Mail Removed)> wrote in message
news:483d59f9$0$14358$(E-Mail Removed)...
> Where can I check to make sure if, when and by who illegal login
> (attempts) where made?
>
> (PC Win2KSP4 and notebook Vista wi-fi networked using router-modem with
> WPA secure connection)
>
>
>
> --
> regards,
>
> |\ /|
> | \/ |@rk
> \../
> \/os
>
>

"Phillip Windell" <(E-Mail Removed)> schreef in bericht
news:(E-Mail Removed)...
> There isn't.
>
> Even besides that there is no way to know "who" because personal
> identification is not a requirement to "login",...it is just a WPA Key.
>
> Even besides that since the "login" failed there is nothing to "know"
> anyway. At best you might get a MAC addess (an IP# would not have been
> granted untill successful), but if that is ever visible anywhere would
> depend on the wireless router-modem device you have and what it is capable
> of showing you. Personally I don't know of any that do or where you would
> look.


So you mean there is no way ever to know if security has been hacked???
(until days later when your bank account gets robbed of course). That do'nt
sound good to me...





--
regards,

|\ /|
| \/ |@rk
\../
\/os

"Linea Recta" <(E-Mail Removed)> wrote in message
news:483da1cb$0$14345$(E-Mail Removed)...
> So you mean there is no way ever to know if security has been hacked???
> (until days later when your bank account gets robbed of course). That
> do'nt sound good to me...

Hmm,.."hacked"? That's one of those "fuzzy meaning" words.

It's like this. They either discovered your WPA key,..or they didn't.

If they did not,...then no connection was ever made, they never saw
anything, never connected to anything, never done anything,...so there is
nothing to see.

If they did discover the WPA Key then they connected to the LAN in the
normal way anybody would that you would have given the key to would have
connected. So at they point they connected normally, nothing was "broken"
or "damaged",...so there is no "trail" to find.

Remember that the WPA Key only protects the *Radio Connection* to the WAP or
WRtr. It does nothing for the rest of the LAN. Think about this,...how
would you protect your stuff from someone crawling in through a window and
physically plugging a laptop into a network jack?

Well aside from locking the windows, you would:
1. Rename the Administrator account on all machines to something random.
Keep a record, don't lose it
2. Change the Administrator password on all machines to something complex,
and make every machine different. By default this password is blank, and
everyone out there knows it. Keep a record, don't lose it.
3. Have your own password for your own user account set to a complex
password,...blank does count as complex :-) Keep a record, don't lose it.
4. Disable the Guest Account on all machines if it is not already.
5. Do not have Shares on any machine with permissions to
"Everyone",...especially not "Full Control".
6. Another *optional* thing you can do is change the default IP Range of
the LAN from the normal 192.168.1.0 or 192.168.0.0 to something else like
192.168.231.0. Then disable DHCP on the "router" and manually (statically)
assign the IP Specs of all the machines on your LAN. Now, not only will
they not get an address automatically, but they will have a difficult time
knowing what IP# would be a valid one for the LAN. Now,..I could still
figure out something that would work eventually,...but your average idiot
would not.

Now if someone gets a machine on your LAN (wired -vs- wireless is
irrelevant) then, assuming you did not do #6, the worst they would do is
steal some bandwidth by "borrowing" your Internet Connection. But if you
did #6 they would probably totally fail and their machine would do nothing
but talk to itself.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

First of all, thanks very much for your insights.
I'm quite novice at networking, let alone wireless and dito security. Having
said that, I seem to have it all up and running smoothly. But... as I'm not
a born optimist I tend to keep investigating in possible security risks.


"Phillip Windell" <(E-Mail Removed)> schreef in bericht
news:%(E-Mail Removed)...
> "Linea Recta" <(E-Mail Removed)> wrote in message
> news:483da1cb$0$14345$(E-Mail Removed)...
> > So you mean there is no way ever to know if security has been hacked???
> > (until days later when your bank account gets robbed of course). That
> > do'nt sound good to me...
>
> Hmm,.."hacked"? That's one of those "fuzzy meaning" words.
>
> It's like this. They either discovered your WPA key,..or they didn't.
>
> If they did not,...then no connection was ever made, they never saw
> anything, never connected to anything, never done anything,...so there is
> nothing to see.
>
> If they did discover the WPA Key then they connected to the LAN in the
> normal way anybody would that you would have given the key to would have
> connected. So at they point they connected normally, nothing was "broken"
> or "damaged",...so there is no "trail" to find.


I would have thought there to be some way to log legitimate connections
also?


>
> Remember that the WPA Key only protects the *Radio Connection* to the WAP
or
> WRtr. It does nothing for the rest of the LAN. Think about this,...how
> would you protect your stuff from someone crawling in through a window and
> physically plugging a laptop into a network jack?


I have thought about that, so I use BIOS passwords and Windows login
passwords in my computers in case people break into the house in situation
when I'm not at home.


>
> Well aside from locking the windows, you would:
> 1. Rename the Administrator account on all machines to something random.
> Keep a record, don't lose it


OK, some work for me here...


> 2. Change the Administrator password on all machines to something complex,
> and make every machine different.


That 'll weigh down on my brain cells...


> By default this password is blank, and
> everyone out there knows it. Keep a record, don't lose it.
> 3. Have your own password for your own user account set to a complex
> password,...blank does count as complex :-) Keep a record, don't lose it.
> 4. Disable the Guest Account on all machines if it is not already.


Another task on my list... I believe Guest is generated by default
automatically. I hope removing this will have no adverse implications?


> 5. Do not have Shares on any machine with permissions to
> "Everyone",...especially not "Full Control".


Another issue I have to get into.


> 6. Another *optional* thing you can do is change the default IP Range of
> the LAN from the normal 192.168.1.0 or 192.168.0.0 to something else like
> 192.168.231.0. Then disable DHCP on the "router" and manually (statically)
> assign the IP Specs of all the machines on your LAN. Now, not only will
> they not get an address automatically, but they will have a difficult time


And I'm afraid I will get a difficult time myself, keeping my legitimate
connections working... I'll have to spend some time digging into the cryptic
router settings :-(


> knowing what IP# would be a valid one for the LAN. Now,..I could still
> figure out something that would work eventually,...but your average idiot
> would not.


Aha... Hope I'm not one of them...


>
> Now if someone gets a machine on your LAN (wired -vs- wireless is
> irrelevant) then, assuming you did not do #6, the worst they would do is
> steal some bandwidth by "borrowing" your Internet Connection. But if you
> did #6 they would probably totally fail and their machine would do nothing
> but talk to itself.


Not yet a guru... just in the process of becoming one.


--
regards,

|\ /|
| \/ |@rk
\../
\/os

Hi
All Internet connections are full of "noise", and so is the air ways that
are used for Wireless.
If one would look at the Router logs it might be full of unaccounted traffic
(especially Cable Internet connection).
Most of it is just noise or unintentional attempt to make connection and
should be ignored (like the traffic on the street, the only thing that you
can do is to keep yourself safe).
The way an End-User can combat it, is to use both Router (or Wireless
Router) combined with Software Firewall on each computer, and to secure the
Wireless at level WPA and above.
From the weakest to the strongest, Wireless security capacity is.
No Security
MAC______(Band Aid if nothing else is available).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP and did not updated it you would have to download
the WPA2 patch from Microsoft. http://support.microsoft.com/kb/893357
The documentation of your Wireless devices (Wireless Router, and Wireless
Computer's Card) should state the type of security that is available with
your Wireless hardware.
All devices MUST be set to the same security level using the same pass
phrase.
Therefore the security must be set according what ever is the best possible
of one of the Wireless devices.
I.e. even if most of your system might be capable to be configured to the
max. with WPA2, but one device is only capable to be configured to max . of
WEP, to whole system must be configured to WEP.
If you need more good security and one device (like a Wireless card that can
do WEP only) is holding better security for the whole Network, replace the
device with a better one.
Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html
The Core differences between WEP, WPA, and WPA2 -
http://www.ezlan.net/wpa_wep.html
Jack (MVP-Networking).



"Linea Recta" <(E-Mail Removed)> wrote in message
news:483dc899$0$14349$(E-Mail Removed)...
> First of all, thanks very much for your insights.
> I'm quite novice at networking, let alone wireless and dito security.
> Having
> said that, I seem to have it all up and running smoothly. But... as I'm
> not
> a born optimist I tend to keep investigating in possible security risks.
>
>
> "Phillip Windell" <(E-Mail Removed)> schreef in bericht
> news:%(E-Mail Removed)...
>> "Linea Recta" <(E-Mail Removed)> wrote in message
>> news:483da1cb$0$14345$(E-Mail Removed)...
>> > So you mean there is no way ever to know if security has been hacked???
>> > (until days later when your bank account gets robbed of course). That
>> > do'nt sound good to me...
>>
>> Hmm,.."hacked"? That's one of those "fuzzy meaning" words.
>>
>> It's like this. They either discovered your WPA key,..or they didn't.
>>
>> If they did not,...then no connection was ever made, they never saw
>> anything, never connected to anything, never done anything,...so there is
>> nothing to see.
>>
>> If they did discover the WPA Key then they connected to the LAN in the
>> normal way anybody would that you would have given the key to would have
>> connected. So at they point they connected normally, nothing was
>> "broken"
>> or "damaged",...so there is no "trail" to find.
>
>
> I would have thought there to be some way to log legitimate connections
> also?
>
>
>>
>> Remember that the WPA Key only protects the *Radio Connection* to the WAP
> or
>> WRtr. It does nothing for the rest of the LAN. Think about this,...how
>> would you protect your stuff from someone crawling in through a window
>> and
>> physically plugging a laptop into a network jack?
>
>
> I have thought about that, so I use BIOS passwords and Windows login
> passwords in my computers in case people break into the house in situation
> when I'm not at home.
>
>
>>
>> Well aside from locking the windows, you would:
>> 1. Rename the Administrator account on all machines to something random.
>> Keep a record, don't lose it
>
>
> OK, some work for me here...
>
>
>> 2. Change the Administrator password on all machines to something
>> complex,
>> and make every machine different.
>
>
> That 'll weigh down on my brain cells...
>
>
>> By default this password is blank, and
>> everyone out there knows it. Keep a record, don't lose it.
>> 3. Have your own password for your own user account set to a complex
>> password,...blank does count as complex :-) Keep a record, don't lose
>> it.
>> 4. Disable the Guest Account on all machines if it is not already.
>
>
> Another task on my list... I believe Guest is generated by default
> automatically. I hope removing this will have no adverse implications?
>
>
>> 5. Do not have Shares on any machine with permissions to
>> "Everyone",...especially not "Full Control".
>
>
> Another issue I have to get into.
>
>
>> 6. Another *optional* thing you can do is change the default IP Range of
>> the LAN from the normal 192.168.1.0 or 192.168.0.0 to something else like
>> 192.168.231.0. Then disable DHCP on the "router" and manually
>> (statically)
>> assign the IP Specs of all the machines on your LAN. Now, not only will
>> they not get an address automatically, but they will have a difficult
>> time
>
>
> And I'm afraid I will get a difficult time myself, keeping my legitimate
> connections working... I'll have to spend some time digging into the
> cryptic
> router settings :-(
>
>
>> knowing what IP# would be a valid one for the LAN. Now,..I could still
>> figure out something that would work eventually,...but your average idiot
>> would not.
>
>
> Aha... Hope I'm not one of them...
>
>
>>
>> Now if someone gets a machine on your LAN (wired -vs- wireless is
>> irrelevant) then, assuming you did not do #6, the worst they would do is
>> steal some bandwidth by "borrowing" your Internet Connection. But if you
>> did #6 they would probably totally fail and their machine would do
>> nothing
>> but talk to itself.
>
>
> Not yet a guru... just in the process of becoming one.
>
>
> --
> regards,
>
> |\ /|
> | \/ |@rk
> \../
> \/os
>
>

"Linea Recta" <(E-Mail Removed)> wrote in message
news:483d59f9$0$14358$(E-Mail Removed)...
> Where can I check to make sure if, when and by who illegal login
> (attempts) where made?
>
> (PC Win2KSP4 and notebook Vista wi-fi networked using router-modem with
> WPA secure connection)

Install a hidden camera.
Otherwise, you can't know who attempted incorrect login, because
they tried somebody other's credentials.

--PA

"Linea Recta" <(E-Mail Removed)> wrote in message
news:483dc899$0$14349$(E-Mail Removed)...
> First of all, thanks very much for your insights.
> I'm quite novice at networking, let alone wireless and dito security.
> Having
> said that, I seem to have it all up and running smoothly. But... as I'm
> not
> a born optimist I tend to keep investigating in possible security risks.

I am pretty much a hardcore pessimist, but am also a "realist" at the same
time. So I don't chase ghosts and see "hackers under every rock". Most
intrusion detection mechanism (what few exist in what few products that have
any that are really useful) only tell you when something was successfully
blocked,...which doesn't matter because it was,...blocked. They don't tell
you about something successful,...because it was,...successful,...and
therefore apears as normal proper behavor so there is nothing to trigger an
alert.

The era of "Star Trek" has not arrived. What you see in the movies is not
true. You don't have an investigator sit at a machine,..do a little
"ticketa-ticketa" on the keyboard and have a picture popup of the hacker
with his size, weight, hair color, and full color picture,..and tell you
where his computer is sitting within a 10 square foot range. That only
happens on CSI Miami.

> I would have thought there to be some way to log legitimate connections
> also?

Define a "connection". It isn't that simple. Connecting to the WAP Radio
is not a connection to the LAN (like in my little IP trick I mentioned), the
person has to also get a legitment IP Config to function on the LAN. So you
have a Radio Connnection to the WAP, then a second IP-based connection to
the DHCP Service via broadcasting, then you have the third connection to the
LAN after a IP Config is received. So you have 3 connections already, and
you still haven't connected to any resources yet.

There are connections within connections, connections on top of
connections, connections beside connections, there are connections at Layer1
(Radio or physical cable), at Layer2 (virtual circuits created within
switchs), Layer3 (the IP# level) and Layer4 (port addresses), and well above
and beyond those Layers with communication between Applications. So what
are you going to log? Where are you going to store billions of log entries
and be able to sort them to find anything useful?

> I have thought about that, so I use BIOS passwords and Windows login
> passwords in my computers in case people break into the house in situation
> when I'm not at home.

In reality, then they'd just steal the whole machine, pull the hard drive
out of the machine and put it in another machine to read it. That's how the
police (in real life) bust people commiting computer based crimes.

>> 2. Change the Administrator password on all machines to something
>> complex,
>> and make every machine different.
>
>
> That 'll weigh down on my brain cells...

....and the intruders...

> Another task on my list... I believe Guest is generated by default
> automatically. I hope removing this will have no adverse implications?

Disable it,..not delete it. Don't delete "built" in accounts.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------