I've got my lan cables in little stick-on plastic channel running from 2nd floor to basement, and to several rooms. It's not utterly ugly, but it ain't pretty. I'm just not ready for the kind of poking, drilling and breakage that would be needed to hide the wires inside the walls. However, my wife was just wondering, out loud, how the existing cable runs will look to potential home-buyers if we put the house on the market this spring. Actually, she was asking in that tone that women reserve for phrases like: "You're not going to wear that shirt with those pants, are you?" Neither one of us wants to be without net and internet for any length of time, so I've just started thinking about wireless lan. I've also read about war-driving and stealing residential wireless access and getting hapless owners in trouble with their ISPs for spamming and cracking done via hit-and-run pirated wireless. And I certainly don't want anybody downloading kiddy-pron through my ISP account. So, is the current generation of wireless lan stuff (router/gateways and wireless nics, etc.) well protected, by default? I want to stick with DHCP and avoid static IP if I can -- I occasionally bring home different laptops from the office. I'm not supposed to monkey with extra profiles on the office machines, and they're all set up for DHCP. What's the mechanism that's used to ensure that somebody driving past my house can't grab a connection to my ISP if I deploy a wireless lan? Is exclusivity/ privacy based on MAC addresses or on certificate exchange? or.... what? Your words of enlightenment will be appreciated. Regards, /kevin
elefino wrote:
I've got my lan cables in little stick-on plastic channel running from 2nd floor to basement, and to several rooms. It's not utterly ugly, but it ain't pretty. I'm just not ready for the kind of poking, drilling and breakage that would be needed to hide the wires inside the walls. However, my wife was just wondering, out loud, how the existing cable runs will look to potential home-buyers if we put the house on the market this spring. Actually, she was asking in that tone that women reserve for phrases like: "You're not going to wear that shirt with those pants, are you?"
Neither one of us wants to be without net and internet for any length of time, so I've just started thinking about wireless lan. I've also read about war-driving and stealing residential wireless access and getting hapless owners in trouble with their ISPs for spamming and cracking done via hit-and-run pirated wireless. And I certainly don't want anybody downloading kiddy-pron through my ISP account.
So, is the current generation of wireless lan stuff (router/gateways and wireless nics, etc.) well protected, by default? I want to stick with DHCP and avoid static IP if I can -- I occasionally bring home different laptops from the office. I'm not supposed to monkey with extra profiles on the office machines, and they're all set up for DHCP. What's the mechanism that's used to ensure that somebody driving past my house can't grab a connection to my ISP if I deploy a wireless lan? Is exclusivity/ privacy based on MAC addresses or on certificate exchange? or.... what?
You'll want to use 128 bit WEP and change the keys occasionally.
On Sat, 2004-01-31 at 22:46, James Knott wrote:
elefino wrote:
So, is the current generation of wireless lan stuff (router/gateways and wireless nics, etc.) well protected, by default? I want to stick with DHCP and avoid static IP if I can -- I occasionally bring home different laptops from the office. I'm not supposed to monkey with extra profiles on the office machines, and they're all set up for DHCP. What's the mechanism that's used to ensure that somebody driving past my house can't grab a connection to my ISP if I deploy a wireless lan? Is exclusivity/ privacy based on MAC addresses or on certificate exchange? or.... what?
You'll want to use 128 bit WEP and change the keys occasionally.
I would also recommend you disable SSID broadcast and lock down your
node to the MAC addresses of the devices you will be using. While it is
unlikely someone would really spend the time needed to capture enough
packets to break the WEP encryption it is possible. You can leave DHCP
setup.
In addition I would suggest you use ssh if possible for important
communications such as accessing email or logging into servers to
protect your passwords.
Paranoia is your friend.
--
Scot L. Harris
Scot L. Harris wrote:
On Sat, 2004-01-31 at 22:46, James Knott wrote:
elefino wrote:
So, is the current generation of wireless lan stuff (router/gateways and wireless nics, etc.) well protected, by default? I want to stick with DHCP and avoid static IP if I can -- I occasionally bring home different laptops from the office. I'm not supposed to monkey with extra profiles on the office machines, and they're all set up for DHCP. What's the mechanism that's used to ensure that somebody driving past my house can't grab a connection to my ISP if I deploy a wireless lan? Is exclusivity/ privacy based on MAC addresses or on certificate exchange? or.... what?
You'll want to use 128 bit WEP and change the keys occasionally.
I would also recommend you disable SSID broadcast and lock down your node to the MAC addresses of the devices you will be using. While it is unlikely someone would really spend the time needed to capture enough packets to break the WEP encryption it is possible. You can leave DHCP setup.
In addition I would suggest you use ssh if possible for important communications such as accessing email or logging into servers to protect your passwords.
Paranoia is your friend.
My wireless access is outside my firewall and requires using a vpn to connect to my network.
On February 1, 2004 07:37, James Knott wrote:
My wireless access is outside my firewall and requires using a vpn to connect to my network.
I was not referring to a wireless connection to the internet. I was referring to a wireless LAN in my house, which then connects to my ISP via ADSL landline. From that perspective, my ISP access (the ADSL modem) is outside my firewall, too. Thanks, /kevin
So, is the current generation of wireless lan stuff (router/gateways and wireless nics, etc.) well protected, by default? I want to stick with DHCP and avoid static IP if I can -- I occasionally bring home different laptops from the office. I'm not supposed to monkey with extra profiles on the office machines, and they're all set up for DHCP. What's the mechanism that's used to ensure that somebody driving past my house can't grab a connection to my ISP if I deploy a wireless lan? Is exclusivity/ privacy based on MAC addresses or on certificate exchange? or.... what?
You'll want to use 128 bit WEP and change the keys occasionally.
Yea, occasional key change is good, but using static ip is also good. However, on campus, we need to login inorder to use the internet. I wonder how that is done. Anyoen know? I could use this as my 3rd security barrier. henry
On Mon, 2004-02-02 at 11:46, Henry Tang wrote:
You'll want to use 128 bit WEP and change the keys occasionally.
Yea, occasional key change is good, but using static ip is also good. However, on campus, we need to login inorder to use the internet. I wonder how that is done. Anyoen know? I could use this as my 3rd security barrier.
henry
Most likely an authenticating proxy server. -- Ken Schneider unix user since 1989 linux user since 1994 SuSE user since 1998 (5.2)
Henry Tang wrote:
So, is the current generation of wireless lan stuff (router/gateways and wireless nics, etc.) well protected, by default? I want to stick with DHCP and avoid static IP if I can -- I occasionally bring home different laptops from the office. I'm not supposed to monkey with extra profiles on the office machines, and they're all set up for DHCP. What's the mechanism that's used to ensure that somebody driving past my house can't grab a connection to my ISP if I deploy a wireless lan? Is exclusivity/ privacy based on MAC addresses or on certificate exchange? or.... what?
You'll want to use 128 bit WEP and change the keys occasionally.
Yea, occasional key change is good, but using static ip is also good. However, on campus, we need to login inorder to use the internet. I wonder how that is done. Anyoen know? I could use this as my 3rd security barrier.
What does static IP accomplish? It doesn't take much monitoring to determine the valid address range.
You'll want to use 128 bit WEP and change the keys occasionally.
Yea, occasional key change is good, but using static ip is also good. However, on campus, we need to login inorder to use the internet. I wonder how that is done. Anyoen know? I could use this as my 3rd security barrier.
What does static IP accomplish? It doesn't take much monitoring to determine the valid address range.
Oops not static ip, manual assigned ip. henry
James Knott wrote:
Henry Tang wrote:
So, is the current generation of wireless lan stuff (router/gateways and wireless nics, etc.) well protected, by default? I want to stick with DHCP and avoid static IP if I can -- I occasionally bring home different laptops from the office. I'm not supposed to monkey with extra profiles on the office machines, and they're all set up for DHCP. What's the mechanism that's used to ensure that somebody driving past my house can't grab a connection to my ISP if I deploy a wireless lan? Is exclusivity/ privacy based on MAC addresses or on certificate exchange? or.... what?
You'll want to use 128 bit WEP and change the keys occasionally.
[snip]
What does static IP accomplish? It doesn't take much monitoring to determine the valid address range.
The IP ranges in the various IP classes designated for private use are not routed ie no router will pass your private LAN IP onto the outside world. That's how it is in wired networks so can someone confirm for me. -- The Little Helper ======================================================================== Hylton Conacher - Licenced ex-Windows user (apart from Quicken) Registered Linux user # 229959 at http://counter.li.org Using SuSE 9.0 with KDE 3.1 ========================================================================
Hylton Conacher (ZR1HPC) wrote:
James Knott wrote:
Henry Tang wrote:
snips
What does static IP accomplish? It doesn't take much monitoring to determine the valid address range.
I can see a (small) advantage with using static IP-addresses : the router could block all but those static addresses, coupled with the MAC-addresses (is this possible ?). But an intruder can easily spoof these.
The IP ranges in the various IP classes designated for private use are not routed ie no router will pass your private LAN IP onto the outside world.
If an intruder can get at your internal network, he can use your (wireless) router to get to the public internet if that's what he's after. Or mess around in your internal network.
That's how it is in wired networks so can someone confirm for me.
-- Met vriendelijke groeten, Koenraad Lelong R&D Manager ACE electronics n.v.
participants (7)
-
elefino
-
Henry Tang
-
Hylton Conacher (ZR1HPC)
-
James Knott
-
Kenneth Schneider
-
Koenraad Lelong
-
Scot L. Harris