Are people just dumb?

Do people not realise that with a wireless network they are broadcasting information.

 

Some one else has set up a new wireless network near where I live. I have no idea where it is, but I can just pick it up. There is nothing they can do about that, however, it is unsecure. No wep or any of the many security, not even MAC addess filtering.

 

I was surfing on thier internet for quite a while.

 

Obviously some one didnt read the instructions because I have never seen a wireless product which doesnt expalin and give instructions on how to add security to the network.

They didnt even have a fire wall as I could see their hard drives.

 

Stuart

OH GOD, Ive such a lot to learn, ad so littletime to learn it!! :confused: :confused: :confused:

I sell some wicked firewalls and wireless security devices! club discounts! :)

 

http://www.ansecurity.com

 

its all geared towards corporates really, but check out these two little fellas...

 

http://www.fortinet.com/doc/FW60DS.pdf

 

and

 

http://www.juniper.net/products/integrated/ns_5series.html

 

(5GT Wireless)

 

enable you to control the traffic from your access point with "Proper" firewalling rather than just slapping it straight onto your LAN, these little chaps run pretty much the same operating system as the stonking £50k + corporate firewalls so are damn secure...

Oh no it's not. Due to the way XP works you can change your active MAC address by a registry change ! I have a hackers application that does it in seconds.

 

QUOTE]

 

You can also do this without a reg hack. Open your NIC's properties/configuration page found in Network Neighborhood/My Network Places (depending on OS), or through Device Manager. Click on the Advanced tab and you will see an option to put in an Administrative Address, in WinXP it's called "Locally Administered Address" bang your new MAC in there - sorted :)

Yep, tis true ! Ain't MicroShaft great ..........

this stuff is easily findable, easily installable, and should spur you on to make yourselves secure :-D

 

a very good article on wep and wpa differences and vulnerabilities

 

http://www.informit.com/articles/article.asp?p=369221

 

two programs for breaking wep

 

http://airsnort.sourceforge.net/

http://wepcrack.sourceforge.net/

 

information on breaking wpa

 

http://wifinetnews.com/archives/004428.html

 

info on interim ways to secure yourself

 

http://wifinetnews.com/archives/001034.html

Wepcracking! I never thought I'd see this when I set up the WLAN in the local hospital 5 years ago!! It was "safe as houses" back then!

 

this stuff is easily findable, easily installable, and should spur you on to make yourselves secure :-D

 

a very good article on wep and wpa differences and vulnerabilities

 

http://www.informit.com/articles/article.asp?p=369221

 

two programs for breaking wep

 

http://airsnort.sourceforge.net/

http://wepcrack.sourceforge.net/

 

information on breaking wpa

 

http://wifinetnews.com/archives/004428.html

 

info on interim ways to secure yourself

 

http://wifinetnews.com/archives/001034.html

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

Cyber Security Tip ST05-003

Securing Wireless Networks

 

Wireless networks are becoming increasingly popular, but they

introduce additional security risks. If you have a wireless network,

make sure to take appropriate precautions to protect your information.

 

How do wireless networks work?

 

As the name suggests, wireless networks, sometimes called WiFi, allow

you to connect to the internet without relying on wires. If your home,

office, airport, or even local coffee shop has a wireless connection,

you can access the network from anywhere that is within that wireless

area.

 

Wireless networks rely on radio waves rather than wires to connect

computers to the internet. A transmitter, known as a wireless access

point or gateway, is wired into an internet connection. This provides

a "hotspot" that transmits the connectivity over radio waves. Hotspots

have identifying information, including an item called an SSID

(service set identifier), that allow computers to locate them.

Computers that have a wireless card and have permission to access the

wireless frequency can take advantage of the network connection. Some

computers may automatically identify open wireless networks in a given

area, while others may require that you locate and manually enter

information such as the SSID.

 

What security threats are associated with wireless networks?

 

Because wireless networks do not require a wire between a computer and

the internet connection, it is possible for attackers who are within

range to hijack or intercept an unprotected connection. A practice

known as wardriving involves individuals equipped with a computer, a

wireless card, and a GPS device driving through areas in search of

wireless networks and identifying the specific coordinates of a

network location. This information is then usually posted online. Some

individuals who participate in or take advantage of wardriving have

malicious intent and could use this information to hijack your home

wireless network or intercept the connection between your computer and

a particular hotspot.

 

What can you do to minimize the risks to your wireless network?

 

* Change default passwords - Most network devices, including

wireless access points, are pre-configured with default

administrator passwords to simplify setup. These default passwords

are easily found online, so they don't provide any protection.

Changing default passwords makes it harder for attackers to take

control of the device (see Choosing and Protecting Passwords for

more information).

* Restrict access - Only allow authorized users to access your

network. Each piece of hardware connected to a network has a MAC

(media access control) address. You can restrict or allow access

to your network by filtering MAC addresses. Consult your user

documentation to get specific information about enabling these

features. There are also several technologies available that

require wireless users to authenticate before accessing the

network.

* Encrypt the data on your network - WEP (Wired Equivalent Privacy)

and WPA (Wi-Fi Protected Access) both encrypt information on

wireless devices. However, WEP has a number of security issues

that make it less effective than WPA, so you should specifically

look for gear that supports encryption via WPA. Encrypting the

data would prevent anyone who might be able to access your network

from viewing your data (see Understanding Encryption for more

information).

* Protect your SSID - To avoid outsiders easily accessing your

network, avoid publicizing your SSID. Consult your user

documentation to see if you can change the default SSID to make it

more difficult to guess.

* Install a firewall - While it is a good security practice to

install a firewall on your network, you should also install a

firewall directly on your wireless devices (a host-based

firewall). Attackers who can directly tap into your wireless

network may be able to circumvent your network firewall--a

host-based firewall will add a layer of protection to the data on

your computer (see Understanding Firewalls for more information).

* Maintain anti-virus software - You can reduce the damage attackers

may be able to inflict on your network and wireless computer by

installing anti-virus software and keeping your virus definitions

up to date (see Understanding Anti-Virus Software for more

information). Many of these programs also have additional features

that may protect against or detect spyware and Trojan horses (see

Recognizing and Avoiding Spyware and Why is Cyber Security a

Problem? for more information).

_________________________________________________________________

 

Authors: Mindi McDowell, Allen Householder, Matt Lytle

_________________________________________________________________

 

Produced 2005 by US-CERT, a government organization.

 

Note: This tip was previously published and is being re-distributed

to increase awareness.

 

Terms of use

 

 

This document can also be found at

 

 

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit .

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

 

iQEVAwUBR6oM7vRFkHkM87XOAQJuzAf/ZCSOGQFDv2OTLxbsMBuS4wEZb0yLTMkq

5OqjObGHFD/8LJBnNfB2QgGRXEB5AjH9OHeeyCn7Ys8BqpDQf0O8E3hMK0bOKXEa

2ULAy+uYeW1TQFoiSuvgf1SOmYIW36p8qYtKQHTSKxAdpg14X3F1VLHCcEwVPLLV

ISIYtY8GY1Nhn84j18SpjpEm9pXhdOg0i3unRs6n2TuRliQvCJccYY919gANksOk

w+EXsUhsq/V6kGMTRCZgzrLh/k7KI9SRnmQloANV1NA5yB0SosqbPeFS+0Q3JQgO

3xgoUqcTaDg6+48N8oe+1JCdgNv/x0qQtA1aNKg+PxJbagOJrlKd+g==

=wENE

-----END PGP SIGNATURE-----