Wireless security - at the PC card end.

Hi;

I've been running what I think is a secure network link for about
twelve months; and I've just had a thought that maybe I'm all wrong
;-)

I've got a simple wireless access point connected to my cable modem in
one room. In another, I've got my PC, with a wireless card in a PCI
slot.

The access point is, or should be, secure. I carefully ran the setup
software; and it only accepts two MAC addresses - my wireless card and
my modem; and it's running the 64 bit encryption. Okay - not the best
security available, but good enough to keep my neighbours at bay.

But my PC has only got Zonealarm on it. It runs the right encryption
to connect to the wireless access point; but I never had to set up any
specific security on the PC.

So, my question is, can someone simply bypass my access point, and
connect directly to my computer? Say, while Zonealarm is booting up?
Or worse, at any time at all?


Tim

Nope...

"Pikey" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> Hi;
>
> I've been running what I think is a secure network link for about
> twelve months; and I've just had a thought that maybe I'm all wrong
> ;-)
>
> I've got a simple wireless access point connected to my cable modem in
> one room. In another, I've got my PC, with a wireless card in a PCI
> slot.
>
> The access point is, or should be, secure. I carefully ran the setup
> software; and it only accepts two MAC addresses - my wireless card and
> my modem; and it's running the 64 bit encryption. Okay - not the best
> security available, but good enough to keep my neighbours at bay.
>
> But my PC has only got Zonealarm on it. It runs the right encryption
> to connect to the wireless access point; but I never had to set up any
> specific security on the PC.
>
> So, my question is, can someone simply bypass my access point, and
> connect directly to my computer? Say, while Zonealarm is booting up?
> Or worse, at any time at all?
>
>
> Tim

On 20 Mar 2005 14:00:43 -0800, (E-Mail Removed) (Pikey)
wrote:

>So, my question is, can someone simply bypass my access point, and
>connect directly to my computer? Say, while Zonealarm is booting up?
>Or worse, at any time at all?

Not easily. Access Points can be spoofed making you think that you're
connected to your access point, when in reality, you're connecting to
another. In order to do that, I would need to spoof the MAC address
and SSID of the access point. That's easy. If you have encryption
enabled, I would need to extract the WEP key or steal the WPA key.
The WEP key is fairly easy, but WPA is not. Even if I had all the
aformentioned, I would still need to get through your Zonealarm
firewall, which is difficult. It can sorta be done, but only with
extreme difficulty.

HostAP access point spoofing software:
http://hostap.epitest.fi

Man in the middle attack:
http://www.hackwire.com/comments.php...d=2&highlight=


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558

Many thanks, both.

WhenI first got wireless, I didn't bother to secure it until my wife
pointed out that if any of our neighbours decided to download child
pornography, it would me MY door the police would come knocking on! I
was having shivers at the thought that I might have been fooling myself
all this time!


Tim

Pikey <(E-Mail Removed)> wrote:
> Say, while Zonealarm is booting up?

The program in the startup folder is the user interface. It doesn't start
until you log in, so as to verify that you are authorized to make changes
to the firewall. Explained in
http://download.zonelabs.com/bin/med...t45_archWP.pdf

The firewall itself is %windows%\system\Zone Labs\vsmon.exe
which is running, and blocking connections, before login.
I have tested that morning. With a fresh reboot, I connected perfmon.msc
from a trusted computer to the laptop under test. I was able to see
vsmon.exe running. After I logged in, I could see iclient.exe running. An
untrusted computer was not able to connect before or after login.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5

Thanks Clarence - that's always vaguely worried me, even before I had a
wireless connection I wondered what might be going on while I was
waiting for Zonealarm's icon to appear in my system tray.


Tim