WiFi security - Clarification sought....

I've recently upgraded part of my Home Network setup to incorporate
some wireless devices and have a few questions about wiFi security I'd
like clarifying.

If anyone could help I'd be most obliged.

First off, I'm aware that WEP isn't considered very secure but, rather
than leaving my WiFi network wide open, I've hidden the renamed SSID,
enabled WEP and MAC address filtering and set up Shared Key
Authentication. Furthermore, the Router / Access point has a built in
firewall, each machine is running some kind of Software Firewall, any
shared directories are protected by User-level security, and access
to any resource is dependent on the right credentials being supplied.
The Everyone group has very limited access and the Guest account is
disabled on each machine.

Taking into account the above considerations, what is the likelihood
Of an unauthorised user being able to gain access to any of my files?

Also if someone was to gain access, what kind of information could be
intercepted?

Let's say I log on to my Router using one of my Wireless devices; is
my admin password thereon sent over the LAN in clear text?

What about my internet browsing? Can I still view, say, encrypted
sites such as my online banking service with relative impunity or
does the fact that I'm accessing it from a wireless device (albeit
from behind my router) compromise that security to any degree?

Apart from WPA (which I don't think my Router, laptop or PDA support)
what extra precautions can I take?

Can some sort of VPN or IPsec solution be setup to do this or is such
a solution not feasible in this situation?

One last thing, can anyone recommend a good wiFi intrusion detection
package?

Anyway, thanks for reading and thanks in advance for any advice you
may have to offer.

Cheers.

Mod.

Everything to do with security - wireless included - comes down to
your level of paranoia, and the value of the data you send around your
network....

On 10 Jan 2004 05:46:19 -0800, (E-Mail Removed) (Mod)
wrote:

>Taking into account the above considerations, what is the likelihood
>Of an unauthorised user being able to gain access to any of my files?

Very slim likelihood indeed. And the measures you have put in place
would most likely make a random attacker pick the next guy instead of
you for an easy life.

However, risk is measured by reference to the likelihood of an
unwanted occurence and the cost of that occurence.

You want to ask yourself is there anything on those machines that you
cannot afford someone to get hold of (e.g. banking passwords). If
there is, make sure these are on the wired-only parts of your network.

That said, you are probably more likely to have credit card details
pinched from your rubbish bin than from your wlan...

>Also if someone was to gain access, what kind of information could be
>intercepted?

Any packets which flow across the network, and the possibility to
connect to any devices that are shared (after fighting through the
access barriers you have set up).

>Let's say I log on to my Router using one of my Wireless devices; is
>my admin password thereon sent over the LAN in clear text?

Depends on the software/firmware used to manage the router. Probably
is encoded; probably isn't a strong encryption. There aren't that
many suppliers so it wouldn't be too hard to figure out how to crack
this encoding. Best advice, always manage from wired.

>What about my internet browsing? Can I still view, say, encrypted
>sites such as my online banking service with relative impunity or
>does the fact that I'm accessing it from a wireless device (albeit
>from behind my router) compromise that security to any degree?

Packets of data are being sent from the wap to your w-nic using only
wep encryption...so they can be read. The existence of the router
makes no difference to the vulnerability to wireless interception.

>Apart from WPA (which I don't think my Router, laptop or PDA support)
>what extra precautions can I take?

Make sure your WAP is central in your building and (preferably) away
from line of site to windows. Obvioulsy you need it positioned for
best coverage, but you may consider modifying slightly your laptop
position a small price if it means you can get that WAP away from
facing the street.

Above all, be mindful of what you are doing and that someone could be
trying to watch. For example, is it a big deal connecting your laptop
to the wired part of the net for 5 minutes whilst you connect to the
bank and download your statements? Makes the risk of interception
much smaller.

Obviously good anti virus software, regularly updated and regular full
scans.

Check out your network logs regularly if your hardware/software
maintains them.

>Can some sort of VPN or IPsec solution be setup to do this or is such
>a solution not feasible in this situation?

VPN works very well. There were threads about this recently with
links to a couple of articles about how to do it.

>One last thing, can anyone recommend a good wiFi intrusion detection
>package?

Not aware of one. I spy a hole in the market.

jay

In article <(E-Mail Removed) >,
(E-Mail Removed) says...
> I've recently upgraded part of my Home Network setup to incorporate
> some wireless devices and have a few questions about wiFi security I'd
> like clarifying.
>
> If anyone could help I'd be most obliged.
>
> First off, I'm aware that WEP isn't considered very secure but, rather
> than leaving my WiFi network wide open, I've hidden the renamed SSID,
> enabled WEP and MAC address filtering and set up Shared Key
> Authentication. Furthermore, the Router / Access point has a built in
> firewall, each machine is running some kind of Software Firewall, any
> shared directories are protected by User-level security, and access
> to any resource is dependent on the right credentials being supplied.
> The Everyone group has very limited access and the Guest account is
> disabled on each machine.
>
> Taking into account the above considerations, what is the likelihood
> Of an unauthorised user being able to gain access to any of my files?
>
Not much. THe MAC address filtering alone will stop many people.

> Also if someone was to gain access, what kind of information could be
> intercepted?
>
Alot. You can find plenty of apps to browse Windows hidden shares.
LAN Find is one.


--
Conor

If you try to fail and succeed, which have you done?

On Sat, 10 Jan 2004 17:33:40 -0000, Conor <(E-Mail Removed)>
wrote:

>> Taking into account the above considerations, what is the likelihood
>> Of an unauthorised user being able to gain access to any of my files?
>>
>Not much. THe MAC address filtering alone will stop many people.

Anyone able to crack the wep key can surely manage to run a program
which will spoof the mac address? My chosen favorite would be Cain.

jay

In article <(E-Mail Removed)>,
(E-Mail Removed) says...

> Anyone able to crack the wep key can surely manage to run a program
> which will spoof the mac address? My chosen favorite would be Cain.
>
But what are you going to change it too? It's only of any use if you
know what to spoof it to. TBH the average cracker is not going to be
interested in anything except corporate LANs.

--
Conor

If you try to fail and succeed, which have you done?

On Sat, 10 Jan 2004 22:52:26 -0000, Conor <(E-Mail Removed)>
wrote:

>But what are you going to change it too? It's only of any use if you
>know what to spoof it to.

Cain returns a list of connected computers including IP and MAC
addresses (and hidden shares and usernames and...). Pick one & try
its MAC address. If it doesn't work then it is in the wired part of
the network so try another... repeat until successful. Fairly easy
I'm afraid.

>TBH the average cracker is not going to be
>interested in anything except corporate LANs.

Very true. As I said in my post security always depends on your level
of paranoia. But just because you are paranoid doesn't stop someone
targetting you

jay

On
>
> First off, I'm aware that WEP isn't considered very secure but, rather
> than leaving my WiFi network wide open, I've hidden the renamed SSID,
> enabled WEP and MAC address filtering and set up Shared Key
> Authentication. Furthermore, the Router / Access point has a built in
> firewall, each machine is running some kind of Software Firewall, any
> shared directories are protected by User-level security, and access to
> any resource is dependent on the right credentials being supplied. The
> Everyone group has very limited access and the Guest account is disabled
> on each machine.

> Cheers.
>
> Mod.

You have done a damm sight more than most people. I would not worry.
Even Kevin Mitnik might trouble with your setup <G>.

Dave

--
And you were born knowing all about ms windows....??

In article <(E-Mail Removed)>,
(E-Mail Removed) says...

> Cain returns a list of connected computers including IP and MAC
> addresses (and hidden shares and usernames and...). Pick one & try
> its MAC address. If it doesn't work then it is in the wired part of
> the network so try another... repeat until successful. Fairly easy
> I'm afraid.

LOL, am I behind the times.

--
Conor

If you try to fail and succeed, which have you done?

Conor <(E-Mail Removed)> wrote in message news:<(E-Mail Removed) m>...
> In article <(E-Mail Removed)>,
> (E-Mail Removed) says...
>
> > Cain returns a list of connected computers including IP and MAC
> > addresses (and hidden shares and usernames and...). Pick one & try
> > its MAC address. If it doesn't work then it is in the wired part of
> > the network so try another... repeat until successful. Fairly easy
> > I'm afraid.
>
> LOL, am I behind the times.


Cheers Jay, Conor and Dave for your respective replies to my post and
for clarifying those points for me. I feel slightly less uneasy about
using this setup 'as is' now and just hope my router's WPA enabled
firmware be will available for download sometime soon.
Til then i'll abide by your suggestions and just hope there's no
Cain-savvy users round my way...
Thanks again all.
Mod.