wruckman
Ruckman.net
join:2007-10-25
Northwood, OH
 ·RoadRunner Cable
| Hmmm
Always secure your personal networks regardless of what some other fools do. Just because the airport leaves their WIFI open doesn't mean you have to leave your personal network and data at risk. And when you are on a open WIFI use a VPN and high grade encryption. Not too bright Bruce... |
|
Jeffrey
Bye George, 1937-2008
Premium
join:2002-12-24
Long Island
clubs:
 ·magicjack.com
 ·Verizon FIOS
·Vonage
| said by wruckman  :Always secure your personal networks regardless of what some other fools do. Just because the airport leaves their WIFI open doesn't mean you have to leave your personal network and data at risk. And when you are on a open WIFI use a VPN and high grade encryption. Not too bright Bruce... said by PeteC2 :...what's the point? It is easy enough to at least decently restrict access to your wireless broadband...so why the heck wouldn't you? What possible "good" would come out of not securing it? I have to agree with the both of you. What's the point of not securing it since securing it is so easy?
What if someone does sit outside of your home with a packet sniffer, or goes to websites deemed to be illegal?
--
And so castles made of sand, slip into the sea, eventually.
I'm the Dude. So that's what you call me. You know, that or, uh, His Dudeness, or uh, Duder, or El Duderino if you're not into the whole brevity thing. |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| Wruckman, the quotation in the blurb has the answer for you:
quote:
I'm also unmoved by those who say I'm putting my own data at risk... I configure my computer to be secure regardless of the network it's on...
This is a world-reknowned security expert saying this. It also applies for anyone who's knowledgable and careful enough to be confident of their computer security. Anyone who's not in that category should encrypt their wireless.
And Jeffrey, "What's the point of not securing it" is answered in the article: he wants to offer internet to neighbors and guests as a courtesy.
I agree there can be good reasons against this - abusive users; ISP that charges by amount of traffic (or has caps). Packet sniffing is a risk to other users, and to the AP owner if he uses a laptop, but not to the AP owner if he uses ethernet.
The illegal-activity risk is the one which I don't think Schenier addresses adequately. He admits "investigation could be time-consuming and expensive... might have your computer equipment seized... you might end up being charged despite your innocence..." His only answers are that it's unlikely and that open wireless would be a good defense. |
|
Jeffrey
Bye George, 1937-2008
Premium
join:2002-12-24
Long Island
clubs:
·magicjack.com
·Verizon FIOS
·Vonage
| said by swhx7 :Wruckman, the quotation in the blurb has the answer for you: quote:
I'm also unmoved by those who say I'm putting my own data at risk... I configure my computer to be secure regardless of the network it's on...
This is a world-reknowned security expert saying this. It also applies for anyone who's knowledgable and careful enough to be confident of their computer security. Anyone who's not in that category should encrypt their wireless. And Jeffrey, "What's the point of not securing it" is answered in the article: he wants to offer internet to neighbors and guests as a courtesy. That's great of him, but probably against the TOS of his ISP. For me, I wouldn't do it because my neighbors are jerks, but that's different story for a different time.
--
And so castles made of sand, slip into the sea, eventually.
I'm the Dude. So that's what you call me. You know, that or, uh, His Dudeness, or uh, Duder, or El Duderino if you're not into the whole brevity thing. |
|
Jerm
join:2000-04-10
Richland, WA
| reply to Jeffrey
Paranoia at it's best.
In my house I can pick up three or four different networks with my laptop. My own network is unsecured, but I watch the logs just to see if anyone logs on. The past couple years I've only found two or three times where someone logged on, and even then it was brief.
I have a 3' 24db parabolic grid antenna (2-6db is a "normal" antenna) in my attic with a 500mW amplifier (35mW is a "normal" wifi card) and with that combo I can pick up 48 different wireless networks! About half show up as unsecured. I think my own network is hardly a target to worry about in that case! |
|
cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
| reply to swhx7
said by swhx7 :Packet sniffing is a risk to other users, and to the AP owner if he uses a laptop, but not to the AP owner if he uses ethernet. This is untrue. Programs like ettercap-ng can easily perform packet sniffing attacks against switched ethernet—even when the attacker is connected via a wireless access point. Managed ethernet switches (like this one) can recognize and block some of these these attacks, but I've never seen consumer grade gear that can do it. The problem can also be solved by placing the AP outside a properly configured firewall, but this is impossible with the all-in-one combination wired/wireless routers that most people use.
These kinds of attacks can pose a substantial threat to businesses that offer free wi-fi by just plugging in an AP into their existing wired network. Intruders can use this connection to attack wired devices, such as point-of-sale terminals, with ease.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? |
|
Jeffrey
Bye George, 1937-2008
Premium
join:2002-12-24
Long Island
clubs:
·magicjack.com
·Verizon FIOS
·Vonage
| reply to Jerm
said by Jerm :Paranoia at it's best. In my house I can pick up three or four different networks with my laptop. My own network is unsecured, but I watch the logs just to see if anyone logs on. The past couple years I've only found two or three times where someone logged on, and even then it was brief. I have a 3' 24db parabolic grid antenna (2-6db is a "normal" antenna) in my attic with a 500mW amplifier (35mW is a "normal" wifi card) and with that combo I can pick up 48 different wireless networks! About half show up as unsecured. I think my own network is hardly a target to worry about in that case! I wouldn't go as far as saying it's paranoia. I just think it's an irresponsible message to send out to the casual reader.
Your network may not be the target, but someone else's out there might be.
There is too much trickery and theivery in the world these days as it is--I'm not going to give anyone (and I wouldn't recommend anyone) free access to my AP. Don't hurt yourself on your antenna. 
--
And so castles made of sand, slip into the sea, eventually.
I'm the Dude. So that's what you call me. You know, that or, uh, His Dudeness, or uh, Duder, or El Duderino if you're not into the whole brevity thing. |
|
en102
Canadian, eh?
join:2001-01-26
Valencia, CA
·RoadRunner Cable
 ·DSL EXTREME
·DSL EXTREME
| reply to Jeffrey
Maybe he's the one doing the hacking...
a) Letting your average person connect to his WiFi, and gathering all the data off their laptop/pc.
b) Sniffing for passwords, credit card info, etc.
c) Becoming what most ISP's are... a reseller of your point-click data and browsing habits.
--
Canada = Hollywood North |
|
wazhere2600
@rr.com
| reply to wruckman
You my friend live life with a false sense of security.
Any wireless connection (secured or not) can be accessed. The tools available for anyone even a Script Kiddie make it quite an easy task.
I agree with the first post that you need to secure your computer for all access points, airports and the like.
A very difficult task for you Windoze users
If you have good running firewall logging at your home network, in the event that someone does abuse your network (pedophiles,torrent users...) you can prove with the logs who had the ip and what they did.
To make it simple, it's not bad to secure your AP but dont think you are secure. SECURE YOUR DATA and PC. Ever heard of encryption for sensitive data. |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| reply to cbs228
Would you explain more?
Let's say Alice uses a wired desktop; her packets go to and from a switch/router and from there to/from internet. Bob with a laptop connects to an access point, the AP is connected to the same switch. How can Bob capture Alice's packets? Are you assuming a different topology? |
|
cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
| There are several ways an attacker could go about doing this, and the most common one is ARP spoofing. The Address Resolution Protocol (ARP) is the method that machines use to determine the exact layer 2 (ethernet/wifi) address to route IP traffic to. When Alice goes to send a packet to the internet, here is what happens:
•Alice's computer has an IP address of 192.168.0.2 and an ethernet address of 00:00:00:00:00:00. She's planning on sending a packet to 1.1.1.1, and because that address isn't on her local network she must send it to her router. She knows (from DHCP) that her router has an IP address of 192.168.0.1, but she doesn't know what ethernet address to send it to.
•Alice broadcasts a message to the entire LAN asking, "who has 192.168.0.1?" This is called an ARP request.
•The router responds with the reply, "I am 99:99:99:99:99:99, and I have 192.168.0.1." This is an ARP reply.
•Alice then addresses her packet to send to IP address 1.1.1.1 and ethernet address 99:99:99:99:99:99, and the router forwards it on to its destination.
The kicker is that ARP replies can be faked—if Bob can say that he has 192.168.0.1 before the router does, Alice's computer will think that Bob is the router. Most machines will even accept ARP replies at any time, even when they already have an ethernet address on file. (This is a feature, not a bug.) Since wifi and ethernet share the same physical addresses—again, this is also by design—this attack can be used on ethernet LANs from a wireless access point.
This is only one of several attacks against ethernet LANs, and the bottom line is this: Don't let machines on your LAN that you don't trust. Unless you can set up something like a Virtual LAN, don't even think about running an unsecured AP.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? |
|
