Jump to content

Wireless Internet security help needed

Azrael Strife

By Azrael Strife
in Off Topic

 Share

Recommended Posts

Azrael Strife Captain

Azrael Strife

Posted
Posted

I decided to set up a wireless network a few months ago, Belkin Router and Belkin Wireless adapter for my bedroom computer. Problem is as soon as I set it up, people started hooking up my network. I set up a password, which seemed long and hard enough, alphanumerical, WPA-PSK authentication method.

Despite all my efforts (getting longer passwords, changing them from time to time), people keep connecting.

 

For those of you learned into the topic, here's some technical data, maybe you can give me a hand of what the best config is to stop this.

 

Wireless Security
Using Encryption can help secure your wireless network. Only one type of security may be selected at a time. Therefore the customer must select a mode that is supported on all network devices on the wireless network. This Belkin product has 4 possible Security settings:

  1. Disabled. No encryption is enabled in this mode. Open networks where all users are welcome sometimes prefer to not enable encryption.
  2. WPA/WPA2-Personal(PSK). WPA means Wireless Protected Access. WPA/WPA2-Personal PSK is a recent standards-based security technique where each packet of information is encrypted with a different code, or key. Since the key is constantly changing, WPA/WPA2 is very secure. The encryption key is generated automatically from a string of characters called the Pass Phrase or the Pre-shared Key (PSK). Obviously the biggest security risk in WPA is if someone finds out your Pass Phrase.
	  * Authentication - Select the method supported by all clients.
		WPA-PSK uses TKIP or AES encryption.
		WPA2-PSK uses AES encryption.
		WPA-PSK + WPA2-PSK allows clients to use either WPA-PSK (with TKIP encryption) or WPA2-PSK (with AES encryption).
	  * Encryption Technique - If using WPA-PSK, select the desired Encryption method - TKIP or AES. WPA2-PSK always uses AES encryption. WPA-PSK + WPA2-PSK uses TKIP + AES.
	  * Pre-shared Key (PSK) - All clients must use the same PSK. The PSK can be any word or phrase from 8 up to 63 characters. Watch out for upper and lower case differences ("n" is different than "N".) Remember, the easiest way to break your security is for someone to guess your PSK. 
  3. 128-bit WEP. Until recently, 128-bit WEP (Wired Equivalent Privacy) was the standard for wireless encryption. If not all of your wireless devices support WPA, 128bit WEP still offers a very good security option. It will require you to enter hex digits (0~9, A~F), or else generate the keys by using the PassPhrase/Generate option.
  4. 64-bit WEP. This is similiar to 128-bit WEP, but not as powerful. Belkin only recommends 64-bit mode on networks where some devices do not support either WPA or 128bit WEP.

 

I thought about using 128bit WEP, but I've read somewhere that WEP was much unsafer than WPA, but I'm really in the dark about it, so I'll take any help I can get :D should I change to WEP?, or maybe use AES encryption? any suggestions about password generation? (the one I use is a randomly generated string of letters and numbers, mixing upper and lower case)

Link to comment
Share on other sites
Bomb Bloke Captain

Bomb Bloke

Posted
Posted

Wireless security isn't really my thing (I turned a NIC into a WAP once so I could play with my DS online, and then disabled the thing entirely), but I can remember a few things.

 

WEP is very unsecure in that anyone in range can collect your packets, and when he has enough, crack the authentification. It takes time but it can be done.

 

WEP128 is better in that it takes longer to crack, but as I understand it WPA is still king. Regardless though, something has to be wrong if people can access your network "right away".

 

Maybe you have a trojon of some sort logging your passwords as you type them in?

 

Finally, in case no one here can come up with something more likely, I'd recommend this forum. I had good luck there.

Link to comment
Share on other sites
Kret Lieutenant

Kret

Posted
Posted

With the right wireless adapter and software both WEP encryption methods can be cracked in under a minute if there's enough traffic generated through the wireless.

 

WPA is a huge leap forward in encryption security compared to these two.

 

Here's a few steps you should do to improve the wireless security:

  • Hide and rename the SSID of your wireless network. Your neighbours will still see there's a wireless conection, but they won't know it's SSID if it's hidden.
  • If you don't need it, disable DHCP and use static IP configuration. This would force anyone to start guessing the right TCP/IP settings to be of any use, altho they could use packet sniffer software to figure it out.
  • Most wireless APs including routers usually have an allowed/deny MAC list that you can edit. With this, even if they manage to crack the key, the AP won't allow any machine that doesn't match any of the MAC addresses to access the wireless network. You can find out your MAC address by typing 'ipconfig /all' at the windows command line.

Anyway, are you sure they're connecting to the device?

Link to comment
Share on other sites
Matri Lieutenant

Matri

Posted
Posted

Like Kret said, Keys, SSID, DHCP (although I wouldn't recommend it) and MAC list. It's still normal to be receiving connections, it's just them trying to break into network. I get it all the time over here, though the MAC stops them from actually getting in. You can verify this by checking your router's logs on how many wireless packets have been processed.

 

If all else fails... *meows innocently*

Link to comment
Share on other sites
Azrael Strife Captain

Azrael Strife

Posted
  • Author
Posted
With the right wireless adapter and software both WEP encryption methods can be cracked in under a minute if there's enough traffic generated through the wireless.

 

WPA is a huge leap forward in encryption security compared to these two.

 

Here's a few steps you should do to improve the wireless security:

  • Hide and rename the SSID of your wireless network. Your neighbours will still see there's a wireless conection, but they won't know it's SSID if it's hidden.
  • If you don't need it, disable DHCP and use static IP configuration. This would force anyone to start guessing the right TCP/IP settings to be of any use, altho they could use packet sniffer software to figure it out.
  • Most wireless APs including routers usually have an allowed/deny MAC list that you can edit. With this, even if they manage to crack the key, the AP won't allow any machine that doesn't match any of the MAC addresses to access the wireless network. You can find out your MAC address by typing 'ipconfig /all' at the windows command line.

Anyway, are you sure they're connecting to the device?

I'll try hiding the SSID, but about the MAC address, I have a little problem...

say my MAC address is "00:17:3f:fb:c7:b9", the problem is that when I try to add this MAC address to the filter list, the input field to enter the address will allow only up to "00:17:3f:fb:", see my problem? the "c7:b9" is missing and I cannot enter it :(

 

About them connecting, I was just checking the DHCP Client List and I saw an "unknown" connected, it happened from time to time (I changed the password to get them disconnected).

 

About the porn thing, I'd do it but I have no idea how to access computers in my network just like that otherwise it'd have already been done :D

Link to comment
Share on other sites
Bomb Bloke Captain

Bomb Bloke

Posted
Posted
About the porn thing, I'd do it but I have no idea how to access computers in my network just like that otherwise it'd have already been done :D

Load Windows Explorer (Windows key + E). Goto "My Network Places", then "Entire Network", then "Microsoft Windows Network".

 

From there it's easy enough to find any shares available. Granted, there might not be any, and if there are they might be password protected, but you'd be surprised how many people like to open up this hole thinking they'll be safe in their LAN.

 

(Yes, the shares are buried. Typically if you used them often you'd map them as network drives (via the Tools menu)).

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...