“Wireless access is all the rage. Wireless this, wireless that. Hot spots are turning up everywhere. Many are free. Many have absolutely no security. There are several in my neighborhood. I have no idea who is running them, but at least one is wide open.” Read the article at OnLamp. My Take: At my apartment complex there are 3 other wireless networks, except ours. Two of them are open! I even warned one of the guys to secure it, but he doesn’t seem to care! Funny how people don’t care about data security.
Secure Your Wireless with IPsec (FreeBSD)
Submitted by 04ds6.44 2004-11-01 Internet 14 Comments
It’s just that too many of them either don’t understand or don’t think it could happen to them. You have to explain how someone could easily spy the data going across their network and explain that it’s relatively easy to keep it secure w/ WPA.
A quick way to explain the severity of the problem is to say that someone could use their connection for more than just identity theft, but for illegal activities such as obtaining child pornography or launching denial of service attacks and that the blame for such activities would fall on the owner of the connection and there would be very little proof otherwise. Then explain that it’s not at all difficult to put some security up and show them how.
Consumer wireless routers should have encryption and MAC filtering enabled by default, IMO.
Nice article.Another project for the weekend heh.
For the Debian guys:Securing a wireless network point with Debian and FreeS/WAN http://www.pseudorandom.co.uk/2003/debian/ipsec/
People “into computers” think too much about security sometimes. What could be found on your regular Joe’s PC ?
– pictures of last family party (aunt Beth REALLY made a fool of herself!)
– a few humorous PowerPoint files
– some e-mail (“Hey ! How ya doin’ ?!”)
– Illegal MP3s
– Some porn
and that’s about it. So the question is not HOW to protect your PC but WHY ? Any sensitive data should never, ever be put into your PC !
Education is the answer, not some router’s firewall or something…
if their wireless access point does not have WPA then there is no point in securing it anyway.
I’ve explained this to my co-workers and my grandmother many times over. The issue isn’t “what can hackers find on your computer.” The real issue is “what can hackers DO with your computer.” Let’s see what someone can do with an pwn3d system:
host illegal files (RIAA music; kiddie porn)
None of the people I explained this to wanted their computer used for any of the above purposes. So yes, a firewall is the answer, as well as education.
People “into computers” think too much about security sometimes.
I see it as a neverending intellectual challenge.Fun at the same time.Although real security should be as comfortable as
possible so the vast majority can benefit from it.
Credit Card numbers
The itinerary for your next holiday
Where your kids go to school, what clubs they’re in, who their friends are…
(there’s a cheesey TV-movie thriller in this)
People have been arrested for using open wireless hubs to hack from.
People will never be educated about their PCs. Secure by default is the answer.
Wrong solution. The best and simplest (certainly open source) solution out there is OpenVPN. IPSec is just too much of a pain to set up and I don’t really have too much good to say about it.
Maybe slightly off topic so apologies.
The latest release of IPCOP v1.4 ( http://www.ipcop.org ) opensource firewall allows for a new wireless “blue zone” that can communicate using a VPN. The configuration is done via a web interface and looks to be rather easy. You can also SSH in and do the fun CLI config stuff as well.
I have a wireless router and firewall and have just recently installed the new IPCOP version but have not yet tried this feature so ymmv.
Here’s the wiki:
“You have to explain how someone could easily spy the data going across their network and explain that it’s relatively easy to keep it secure w/ WPA.”
Well, that all depends. I have to use WEP on my network as the wireless bridge on my PS2 doesn’t support WPA…
Most of the people posting do not understand their threat model. I use no encryption on my wireless at home and I don’t think it is any security risk whatsoever.
All the machines I have connected to the wireless are running no services. When I connect out I use ssh. When I use commerce sites, I am using SSL.
Protecting the bits moving from one of your machines to another is not a very serious threat. Keeping your machines patched is much more important.
Don’t get me wrong, IPSec is great. But my router does not support it, I don’t need it, and I have bigger security problems to deal with.
PS: My guess is most of the people here that have “secure” wireless are just using WEP without understanding that it is broken (see http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html )
I’m into computers and was careless and ran my network a few months or so without a firewall. I got a few messages on my FreeBSD box that someone tried to gain root access, I only changed my passwords, then after my box was sending so much spam. I had to take it off the network and wipe the hard drive. Being on the internet without a firewall and other security is like putting food in front of a dog, sooner or later he’s going to eat.
Anyone wants to see for themselves what’s out there run a system with intrusion detection, and check your log.
This thread is nuts,
If you don’t care about security, how about if someone uses your network to download a bunch of crap… some government somewhere (or worse, the RIAA) tracks it to your broadband connection… just what you would want… eh?
Better yet, someone could hack from your connection, leave traces everywhere just to be mean…
Then again, the tooth fairy leaves money behind… and santa leaves presents… I don’t mind leaving my doors unlocked… how about you?
Bastard operators be dammned!
Though Wireless security is definately an issue and this probably helps. It’s true as others mentioned that this isn’t a solution for the rest of us, but probably useful on a FreeBSD only network. My main concern (and why I haven’t set this up yet on my wireless net) is what about my friends who come over who have a Win2k, XP, or OSX laptop? I
In most cases a wireless network isn’t homogeneous and needs to have an easy way to allow access to new users which is why WEP and WPA is so popular, even if it’s less secure than IPSec.