Houckham
Member
Registered: 29th May 03
Location: Newcastle upon Tyne
User status: Offline
|
i have a question. obviously its rather easy to set up 2 wireless routers in this sort of configuration... (bridged)
but i want the bridge to be secure.
what are my options? 
VPN etc...
|
Houckham
Member
Registered: 29th May 03
Location: Newcastle upon Tyne
User status: Offline
|
and as jodi just said "hardwire it" 
... its got to be Wireless! 
|
Nismo
Member
Registered: 12th Sep 02
User status: Offline
|
i belive its WEP authentication?
cant remember off the top of my head, there should be an option on the router its self to set authentication or MAC address authentication.
|
TimS
Member
Registered: 29th Jan 05
Location: Brignorth, Shropshire
User status: Offline
|
A couple of things
Use a wireless base station that provides built-in security, Start by making sure you use a wireless base station, gateway, or router that provides built-in security features. By providing wireless security protocols and a built-in firewall.
Then use Wired Equivalent Protocol (WEP) Wired Equivalent Protocol (WEP) is a wireless security protocol that helps protect your information by using a security setting (called a WEP key) to encode, or encrypt, all network traffic before transmitting it over the airwaves. This helps prevent unauthorized users from accessing the data as it is being transmitted.
or even better use Wi-Fi Protected Access™ (WPA) WPA is a stronger form of wireless security
Like WEP, WPA uses security settings to encrypt and decrypt data that is transmitted over the network.
However, instead of using one static security key for encryption as WEP does, WPA uses Temporal Key Integrity Protocol (TKIP) to dynamically generate a new key for every packet and generate different sets of keys for each computer.
Then other little things like;
Position wireless components away from windows and toward the center of your home to decrease the strength of the radio signal outside your intended coverage area.
Make sure you follow general security guidelines to protect all parts of your network, not just the wireless segment.
|
drunkenfool
Member
Registered: 7th Feb 03
Location: Hereford Drives: Audi R8 V8
User status: Offline
|
use MAC address blocking if the network isnt too big, and if your routersupports it
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
quote:
Originally posted by Houckham
i have a question. obviously its rather easy to set up 2 wireless routers in this sort of configuration... (bridged)
but i want the bridge to be secure.
what are my options?
VPN etc...
The most obvious solution for security would be a IPSEC tunnel (yeah vpn), it would provide the most security along with filtering by MAC address.
Alot of routers have a bridging function, but its normally just repeating the signal or using WEP isnt brilliant but will do the job I guess 
Depends how paranoid you are.
|
Houckham
Member
Registered: 29th May 03
Location: Newcastle upon Tyne
User status: Offline
|
cheers everyone
|
Melville
Member
Registered: 4th Jun 03
Location: Newcastle upon Tyne
User status: Offline
|
what does it need to be secure for they only make kitchens 
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
because nobody likes people sniffing their cleartext traffic. 
|
Houckham
Member
Registered: 29th May 03
Location: Newcastle upon Tyne
User status: Offline
|
quote:
Originally posted by Melville
what does it need to be secure for they only make kitchens
hahahaha
well they do have a legal obligation to keep the data of the clients they keep on their computer systems secure.
|
Melville
Member
Registered: 4th Jun 03
Location: Newcastle upon Tyne
User status: Offline
|
perhaps advise them to go back to a manual system then?? Caused me less hassle that way
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
Turn DHCP off, WEP on, filter by MAC etc.
If you're paranoid, wire it.
|
Foz
Member
Registered: 8th May 02
Location: Bristol
User status: Offline
|
i pick up next doors wireless connection from my wireless pmsl, quite amusing they dont have a firewall or any protection.
|
Houckham
Member
Registered: 29th May 03
Location: Newcastle upon Tyne
User status: Offline
|
|
Dan B
Member
Registered: 25th Feb 01
User status: Offline
|
quote:
Originally posted by willay
...or using WEP isnt brilliant but will do the job I guess
Depends how paranoid you are.
Just checking, but how more secure would you want wireless encryption to be, with a WEP-key that has 13,471,428,653,161,560,586,981,973,426,176 possible combinations? For anyone who doesn't know, 128-bit WEP uses a 26-character key with 22 possibilities for each character.
Assuming a single computer could "brute-force" attempt 100 keys per second, you're still looking at a potential maximum of 4,271,762,003,158,790,140,468 years to break through it. Feel like waiting that long? 
[Edited on 16-02-2005 by Dan B]
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
quote:
Originally posted by Dan B
quote:
Originally posted by willay
...or using WEP isnt brilliant but will do the job I guess
Depends how paranoid you are.
Just checking, but how more secure would you want wireless encryption to be, with a WEP-key that has 13,471,428,653,161,560,586,981,973,426,176 possible combinations? For anyone who doesn't know, 128-bit WEP uses a 26-character key with 22 possibilities for each character.
Assuming a single computer could "brute-force" attempt 100 keys per second, you're still looking at a potential maximum of 4,271,762,003,158,790,140,468 years to break through it. Feel like waiting that long?
[Edited on 16-02-2005 by Dan B]
Thats not quite as hard as it really is now is it. All you need is a program, ehich is easily obtainable. Apart from breaking the 40 bit keys progs don't use dictionary attacks. They use FMS attacks.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
tbh, you would use a big array of servers going at it and marking combinations of a list so not to duplicate etc...tbh i bet you could get it down to a month or so....
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
This place sells kitchens and the data is valuable enough to spend a month analysing it?
You'd need to be sat there nearly as long to get enough data to FMS it...
|
Houckham
Member
Registered: 29th May 03
Location: Newcastle upon Tyne
User status: Offline
|
quote:
Originally posted by Ian
This place sells kitchens and the data is valuable enough to spend a month analysing it?
You'd need to be sat there nearly as long to get enough data to FMS it...
yeah i just dont want anyone using their internet connection and getting hold of their files... obvisouly the genious hackers among us will have no problem. lol
i just wanna keep mr joe bloggs out! 
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
quote:
Originally posted by Dan B
quote:
Originally posted by willay
...or using WEP isnt brilliant but will do the job I guess
Depends how paranoid you are.
Just checking, but how more secure would you want wireless encryption to be, with a WEP-key that has 13,471,428,653,161,560,586,981,973,426,176 possible combinations? For anyone who doesn't know, 128-bit WEP uses a 26-character key with 22 possibilities for each character.
Assuming a single computer could "brute-force" attempt 100 keys per second, you're still looking at a potential maximum of 4,271,762,003,158,790,140,468 years to break through it. Feel like waiting that long?
[Edited on 16-02-2005 by Dan B]
Theres enough papers out shownig how weak the WEP encryption is, once you have sniffed enough packets it doesnt take much processing power to crack it.
People that actually sell security solutions would tell you to GTF with WEP no question about it, nothing beats a good solid IPSEC tunnel.
I'm suprise this came from you Dan, you're normally one of the more clued up posters.
So how secure would I want my wireless connection to be? secure enough to keep people out
[Edited on 17-02-2005 by willay]
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
quote:
Originally posted by Houckham
quote:
Originally posted by Ian
This place sells kitchens and the data is valuable enough to spend a month analysing it?
You'd need to be sat there nearly as long to get enough data to FMS it...
yeah i just dont want anyone using their internet connection and getting hold of their files... obvisouly the genious hackers among us will have no problem. lol
i just wanna keep mr joe bloggs out!
Okay to keep joe bloggs out I'd suggest,
Largest wep key you can take (last time I installed some gear it was 256bit)
Filtering by mac address
Change all default passwords to admin login and change deault SSID's.
That will keep Mr bloggs out.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
cracking wep.
Quick howto from a shell
http://www.burngreave.net/node.php?id=285
AirSnort
http://airsnort.shmoo.com/
WEPcrack
http://wepcrack.sourceforge.net/
Weaknesses in the Key Scheduling Algorithm of RC4
http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf
|
