Newbie, Help with some netowrk security worries, from the inside, please.....

Hi

I'm a student and live in a house with lots of lodgers, some of them
only 2 month stay overseas students with laptops. We have a wireless
internet connection that we all use which is in my name. I think I have
set up protection from the outside as best I can 128WEP and the router
(belkin) boasts firewall capabilities that I dont understand. I have
antivirus, spyware and wifi cracking programs (trend and lavasoft) and
am not aware of anything coming from the outside.

My real concern is that the people who come to stay (all of whom have
been great so far), could do anything on the internet and it would be
my fault, as the world would see my IP no? I have not used any
harddrive cleaning software on my pc so that if it ever needed to be
'examined' it would come up clean (of anything serious anyway).
Recently a lecturer of mine went to jail for child porn, it made me
realise that I cant just trust blindly the people whom i have
essentially given my identity. how can I protect myself? please help

btw, I have a desktop that i could dedicate to monitoring/firewall type
things if that would help

whoops, not wi fi cracking program. program that detects intruders.
sorry :s

"(E-Mail Removed)" <(E-Mail Removed)> wrote in
news:(E-Mail Removed) oups.com:

> Hi
>
> I'm a student and live in a house with lots of lodgers, some of them
> only 2 month stay overseas students with laptops. We have a wireless
> internet connection that we all use which is in my name. I think I have
> set up protection from the outside as best I can 128WEP and the router
> (belkin) boasts firewall capabilities that I dont understand. I have
> antivirus, spyware and wifi cracking programs (trend and lavasoft) and
> am not aware of anything coming from the outside.

>
> My real concern is that the people who come to stay (all of whom have
> been great so far), could do anything on the internet and it would be
> my fault, as the world would see my IP no? I have not used any
> harddrive cleaning software on my pc so that if it ever needed to be
> 'examined' it would come up clean (of anything serious anyway).
> Recently a lecturer of mine went to jail for child porn, it made me
> realise that I cant just trust blindly the people whom i have
> essentially given my identity. how can I protect myself? please help

Well do you have a NAT router that logs inbound and outbound traffic to
and from the router and a log viewer to accumulate and view the logs?
You'll need that to see what remote IP(s) are being connected to and to
what LAN IP(s)/machines behind the router are doing it.

Then you got take a remote IP and eneter it into the *whois serach* box
and find out what site is about.

http://www.arin.net/index.html

I doubt that the Belkin NAT router has logging.


> btw, I have a desktop that i could dedicate to monitoring/firewall type
> things if that would help.


Yes, that's all the Belkin is boasting is FW like capabilities and it's
not a FW appliance on the topic of *What does a FW do*.

If you had a situation where you had to stop inbound from a remote IP or
outbound from a LAN IP behind the router, you couldn't do it, since the
NAT router is not running true FW software like a FW appliance.

http://www.vicomsoft.com/knowledge/r...irewalls1.html

Most likely all you have is a NAT (no FW) router with some FW like
features that couldn't stop or control a fly if the fly had a dubious
nature about it or have any evidence (logs) that it wasn't you.

http://www.homenethelp.com/web/explain/about-NAT.asp

Maybe, you should look into a low-end FW appliance and plug a wireless
access point (WAP) into the router. You could turn that Belkin router
into a wire/WAP switch (most routers have a built in switch) and plug it
into FW applinace for better control of your situation.

http://www.homenethelp.com/web/expla...d-switches.asp


Yes, and you can use the desktop and point the router or FW appliance
logs to it and accumulate them and view the logs with a log viewer.

Duane

Wow, thanks for so much info Duane,

It'll take me a little while to fully get my head round everything you
said well enough to carry it out. I'm glad it sounds like I'll be able
to sort it though, I'll let you know how i get on.

Much Obliged,

rob ;oD

On 20 May 2005 06:01:14 -0700, "(E-Mail Removed)"
<(E-Mail Removed)> wrote:

>I'm a student and live in a house with lots of lodgers, some of them
>only 2 month stay overseas students with laptops. We have a wireless
>internet connection that we all use which is in my name. I think I have
>set up protection from the outside as best I can 128WEP and the router
>(belkin) boasts firewall capabilities that I dont understand. I have
>antivirus, spyware and wifi cracking programs (trend and lavasoft) and
>am not aware of anything coming from the outside.

See:
http://home.comcast.net/~jay.deboer/airsnare/
for wireless intrusion detection software.

>My real concern is that the people who come to stay (all of whom have
>been great so far), could do anything on the internet and it would be
>my fault, as the world would see my IP no?

Yes. The world sees everything coming from your IP address. The real
danger is in spyware. A clueless student arrives with a laptop that
has been taken over by a trojan horse program and gets used as an
inadvertent spam reflector or DDOS (distributed denial of service)
attack machine. If someone brings a new computah into the house, have
them demonstrate that they can pass a virus scan and a spyware scan.
If they don't have anything installed, have them run an online version
such as:
http://housecall.trendmicro.com/
I'll also assume that you have WEP security installed so that random
passerby's can't use your wireless.

>I have not used any
>harddrive cleaning software on my pc so that if it ever needed to be
>'examined' it would come up clean (of anything serious anyway).
>Recently a lecturer of mine went to jail for child porn, it made me
>realise that I cant just trust blindly the people whom i have
>essentially given my identity. how can I protect myself? please help

If it ever gets to the point where you PC is confiscated as evidence,
you're well beyond what can be done with additional software and
firewalls. You might look into what corporations and some libraries
do to prevent their employees from browsing "evil" web sites. Many
firewalls (i.e. Sonicwall) offer "content filtering" services, that
install a list of known bad sites in the router.
http://www.sonicwall.com/products/cfs.html
However, you're going to be very unpopular if you apply such software.

>btw, I have a desktop that i could dedicate to monitoring/firewall type
>things if that would help

Of course. Anyone with evil intentions will surely want to attack
your monitoring system. The easiest way to deal with such things is
to simply protect yourself with some light weight monitoring. My
Linksys BEFW11S4 router will generate SNMP "traps" that can be used to
log what everyone is doing. Other routers use "Syslog" to do the same
thing. The captured log files can be used to generate a report of who
was doing what at what time. I use:
http://www.logviewer.de.vu/
but only save about 3 days worth of log files. I'm less interested in
snooping on what people are doing as detecting trojans and viruses on
my wireless neighborhood network. Just tell your boarders that you
"log all web activity" and that if the police arrive with a search
warrant, they will be presented with the appropriate log files.

Here's a sample output for the last web page I looked at:

| 5/20/2005 09:20:38.265 Outbound TCP 192.168.1.10 1161 213.239.203.47 (www.logviewer.de.vu) 80 (http) Permit
| 5/20/2005 09:20:38.906 Outbound TCP 192.168.1.10 1162 80.190.246.107 (statistiq.com) 80 (http) Permit
| 5/20/2005 09:20:39.527 Outbound TCP 192.168.1.10 1163 213.202.241.70 (svs.sv.funpic.de) 80 (http) Permit
| 5/20/2005 09:20:40.118 Outbound TCP 192.168.1.10 1164 67.15.50.39 (c3.statcounter.com) 80 (http) Permit

It's a bit tricky identifying clients with DHCP, so I use the "static
DHCP" feature of the router to permanently assign an IP address to a
specific wireless client. 192.168.1.10 is always my desktop. It's
easy enough for a user to assign their own IP address or borrow
someone elses, but I also log changes to the ARP (address resolution
protocol) table with "arpwatch" to check for that.



--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558