Home > Privacy, Security > Are You Indulging In Unprotected Wireless?Are You Indulging In Unprotected Wireless? Submitted by Scott 2004-09-07 Privacy, Security 29 CommentsWireless PCs and wireless laptops are being increasingly used in both business and the home. . . Unfortunately, in the enthusiasm with which people have adopted wireless, the question of security has been seriously overlooked.About The Author David AdamsFollow me on Twitter @david_adams 29 Comments 2004-09-07 5:53 pm So I’m over at my parents house using what I thought was the wireless on their router, when lo and behold I happen to be browsing network neighborhood and start seeing files that I know my parents don’t have on their computer. It turns out that I had been using the neighbors wireless everytime I came over. They both have linksys routers, but my parents don’t have wireless. I always thought the signal strength was a little weak. 2004-09-07 6:09 pm gotta love free access from unknowing people. 🙂 2004-09-07 6:24 pm …and my girlfriends neighbor also has an open wireless router. I told windows to use our “preferred” wireless router, but occasionaly it’ll jump on to the neighbors router. But hey, thanks for the open systems. In my parents neighbors case, since my parents don’t have a wireless router, its nice that I don’t have to plug into a dataport on one of the wall jacks(the house came wired). I would never cause any mischief on their home lan, I’m just looking for some wireless internet loving. 2004-09-07 6:29 pm I will never understand what possesses people to use wireless networking without even enabling WEP or WPA…yes, encryption can be (sometimes frightfully easily) broken, but at least it’s SOMETHING. 2004-09-07 6:41 pm //yes, encryption can be (sometimes frightfully easily) broken//I use a 64-bit WEP key on my wireless router at home. Just how easy is it for someone to crack that key? Are we talking a few minutes? Or hours?Hopefully, it would take long enough for me to notice someone sitting in their car outside my house, laptop at the ready … 2004-09-07 6:53 pm …people should enable mac address filtering and if they’re going to do that its trivial to enable WEP, but we’re forgetting that mom and pop have enough problems just running windows. Heck most people just leave the default admin user/password. I was able to get into my parents neighbors web interface router management. I didn’t mess with anything because I have no desire to be malevolent towards people that are already providing me with free wireless. 2004-09-07 6:54 pm Yeah, you’ll notice some strange dude sitting outside your house in his car for hours on end, but how about your neighbors? Are they far enough away so that the signal strenght is too weak? 2004-09-07 6:58 pm I left my access point open. I don’t care if someone else uses it. I keep my systems updated and secure anyway, so a firewall isn’t really needed. If I find someone using too much of my bandwidth, I will just adjust the traffic shaping. 2004-09-07 7:10 pm I agree with you on the MAC address filtering. That’s how I do it (in conjunction with 128-bit WEP) at work and at home. I’m going to have to scrap the wireless at work soon, though…the company decided that it isn’t worth the security risk. I work for a drug development branch of a pharm company, so I understand their decision, but it was nice to be able to ssh into my servers with my PDA while walking around the building if I wanted to. Sigh… 2004-09-07 7:13 pm You know, Rockwell asked a pretty good question…how long would it take for someone to break 64-bit or 128-bit encryption? I’ve never really given it a try. 2004-09-07 7:22 pm The unknowing home user usually isn’t the one who sets up the wireless network. They bring their geek friend or tech-savvy kid in to do it for them in most cases. Even so, I think it would be a good idea to walk the user through setting up (at least) WEP or WPA; they could wizard the hell out of it if they wanted. My netgear router practically set itself up (at least before I started tweaking it, but it was in a useable state and had all its ports closed and stealthed by default). If they can automate that, then surely they could walk the user through what is usually a 3 or 4 step process. The user has to log into the admin interface to set the thing up anyway, so what would it hurt to give them a couple of steps? 2004-09-07 7:57 pm bullshit…..most wireless routers come out of the box fully open….and most home users just plug the thing in and go. 2004-09-07 8:03 pm Is there a reason you are being so hostile? There’s no need for it.I didn’t say that all routers come out of the box closed. Mine happened to set itself up that way (it actually kind of surprised me). I was just saying that if the setup process and closing and stealthing of ports can be automated that well on the router that I bought, it should be fairly simple to add a couple of steps. 2004-09-07 8:23 pm * mac address filtering at my wireless router.* zonealarm on each windows laptop. (clamwin for antivir)* only SSH running on each linux laptop. (clamd for antivir)* linux server is on fast ethernet – no wireless.this setup will probably need more work on a cracker’s end than breaking WEP, which BTW takes only a few seconds once you’ve collected enough number of packets.dont need no fvcking WEP or WPA or other broken crap that marketing has tried pushing down our throats for the last 4 years. 2004-09-07 8:29 pm I agree that machines should be locked down behind the firewall with a software firewall, unneeded services disabled, etc. That’s how I run my networks too. I just run WEP to add another layer…the more layers someone has to circumvent, the better. 2004-09-07 11:44 pm I left my access point open. I don’t care if someone else uses it.>>Okay, so say that I’m surfing on *your* wireless and I’m downloading kiddie porn, or pirated IP or perhaps I’m just doing the sorts of file transfers that eat up your alotted bandwidth.Guess where the trail of where the files went stops? Guess who the phone/cable company thinks used their monthly bandwidth alotment.—I’m using 3rd party wireless adapter for one of my home comptuers. No matter what I do I can’t get it to play nice with WEP 128bit encryption. (It says my password isn’t right, no matter what I do.)You bet your butt I locked my network down to 3 machines at that point, firewalled everything extra good and tight on the 2 wireless machines, and that I do *nothing* financial when surfing on a wireless connection. 2004-09-07 11:51 pm MAC addresses are trivial to spoof. 2004-09-08 12:16 am On my home network, I enable WPA with a sufficiently long key and turn on MAC filtering. That’s about all I care to do because I very much doubt anyone will be trying to break onto my network.I really would have no idea how I would go about securing a larger network that contains more important data. I mean, is there even a WiFi encryption method that hasn’t been broken?I suppose security in any form is a misnomer; just a term to make people feel better. Everything and anything can be broken into, given enough desire and time. 2004-09-08 12:16 am its amazing… how many people will buy the marketing and isntall one of these… which of course must run as soon as they are switched on otherwise customes complain.when i moved to my current abode.. i waited weeks for a wired connection.. in the meantime i had access to someone elses wireless… no password… and recentyl durign a power cut.. i only had light from my laptop battery powered screen… adn guess what?a second open wireless lan appeared! thanks for the choice.. i wonder if bonded downloads over wirless has been attempted? 2004-09-08 12:24 am Well for me if someone spends the effort to spoof a MAC adress and break the 128-bit wep encryption then have at it. I can’t figure out why anyone would want to spend that much time just to poke around on my home measly home newtwork. I can see spending the effort to break into a corporation. But it would seem to me that it would be less trouble to hack a box connected to the internet somewhere. 2004-09-08 12:53 am -Intercept a packet with airsnort or kismet-Read the MAC Address that is in plain view-Spoof itMAC filtering is handy against people who dont know what theyre doing (or people unintentionally connecting ^_^), but any script kiddie knows how to get a MAC and spoof it. 2004-09-08 1:29 am I know there’s a tad more risk, but I really enjoy my combo wired and wireless network at home. I spent the time right away and closed everything, changed passwords, and enabled WPA as well as MAC address filtering.When I fired up my laptop with the new wifi card, I saw my network as well as a neighbor’s. From the network name, “Muscleman” it was easy to figure it was the arrogant neighbor, so I let him know and helped him lock down his network. I can only imagine how long he had it running wide open. 2004-09-08 3:40 am WEP is for wimps. We run our wireless nets completely unprotected. If the security of our systems isn’t enough to protect us then we have no place on the internet. So I’m running a Linux network and routing it through this totally insecure wireless net on my laptop. To my knowledge I haven’t been rooted yet.But I know none of my local content-storing servers have been compromised. 2004-09-08 4:32 am I use a 64-bit WEP key on my wireless router at home. Just how easy is it for someone to crack that key? Are we talking a few minutes? Or hours? 64-bit could probably be broken pretty quickly. You can break 128-bit in 5 hours at the most. It only takes a minute once you have enough packets but it will take you a few hours to collect enought packets, at least for 128-bit encryption. 2004-09-08 4:36 am I really would have no idea how I would go about securing a larger network that contains more important data. I mean, is there even a WiFi encryption method that hasn’t been broken? To my knowledge AES hasn’t been broken yet but it is not supported by many cards, by the time it is the implementation will probably be broken. 2004-09-08 5:39 am Their encryption is insufficient.The only way to use it currently is to have your own encryption running over the link on the lowest layer possible and block anything else.But most people don’t even know this and yet everyone is starting to use it. This is very scary.It seems to me that our world is turning into a “Hackers” dreamworld of endless open connections much akin to a cyberpunk novel. Whereas before current wireless networking, things where much more secure (even with MS). 2004-09-08 8:14 am Modem-router > WiFi Router > Local areaEthernet cable *from modem-router* to PCPC is locked down and firewalled, wifi is just used for internet on the laptop.Running the system “open” only exposes the laptop, which is only used for surfing and also firewalled.Running a public access point is a service!! I hope people enjoy mine. 2004-09-08 3:39 pm … looking at how only 1 of my neighbors is wep encrypted and MAC locked, and there’s 3 other networks I can use at will if I wanted to…The wardrivers and script kiddies will hit them first.I’ll sit down and figure out the problem going on with that one machine and WEP one day, since there’s not a simple solution to the problem that doesn’t involve about $100 of hardware, I wager the odds are in my favor. 2004-09-08 11:10 pm I point out that my 802.11b network doesn’t work well enough to be broken into; I have enough trouble connecting my own machines. You’d have to be in my house to get a signal at all.