If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#21
|
|||
|
|||
WiFi security issues? Newbie ? for W7
RayLopez99 wrote in
: On Dec 19, 11:24*pm, Dustin wrote: That's probably because you are a newbie. G Dude, just type "how do I setup a secure wifi network?" in google. You'll get *all* of those questions answered in a very helpful fashion. Newbie style; so you will have no trouble understanding it. If you have questions after doing this, then present them to the appropriate place. Say, a networking newsgroup? Thanks. After reading this article: http://www.labnol.org/internet/secur...i-network/1054 9/ I've concluded a wireless network is inherently insecure. Might not end up using it at home. I have wireless disabled presently; Only use it when it's not feasable to run a hardline. Practical question: when at airports, Starbucks, etc, and you want to send an email, do you do so with impunity or with the chance somebody can steal your password when you log on? I might end up just using the laptop at such "public" places so I need more info on what to do there. I've answered as much as i'm going to do so; as I see you've crossposted this all over the place... Very trollish behavior... btw. Also what is the usenet group for networking? I use Google Groups and could not find any. I found an alt.comp.networking.routers newsgroup on this server.. Your milage may vary. -- Hackers are generally only very weakly motivated by conventional rewards such as social approval or money. They tend to be attracted by challenges and excited by interesting toys, and to judge the interest of work or other activities in terms of the challenges offered and the toys they get to play with. |
#22
|
|||
|
|||
WiFi security issues? Newbie ? for W7
David Brown wrote in
: You may /think/ that you haven't shared your files, but if I can see your computer on a network (and wireless networks are easily cracked - WPA in seconds, WPA2 takes several minutes) I can type "net use x: \\computer\c$ /user:Administrator" and try to guess your password. Using Linux rather than Windows makes such an attack easier to automate, but it can be done with Windows too. I think you meant wep was cracked in seconds. Please provide reference urls discussing WPA cracked in seconds. I'd like to learn more. Thanks. Those hidden shares can be disabled. They aren't available on these machines here; for example. Obviously enabling the windows firewall will make such a simple attack very much harder - but certainly not impossible. A hardware based firewall which filters netbios requests helps nicely too. -- Hackers are generally only very weakly motivated by conventional rewards such as social approval or money. They tend to be attracted by challenges and excited by interesting toys, and to judge the interest of work or other activities in terms of the challenges offered and the toys they get to play with. |
#23
|
|||
|
|||
WiFi security issues? Newbie ? for W7
On 21/12/2010 06:19, Dustin wrote:
David wrote in : You may /think/ that you haven't shared your files, but if I can see your computer on a network (and wireless networks are easily cracked - WPA in seconds, WPA2 takes several minutes) I can type "net use x: \\computer\c$ /user:Administrator" and try to guess your password. Using Linux rather than Windows makes such an attack easier to automate, but it can be done with Windows too. I think you meant wep was cracked in seconds. Please provide reference urls discussing WPA cracked in seconds. I'd like to learn more. Thanks. Note - I haven't tried this myself. You may be right that it is just WEP that can be cracked in seconds. WPA and WPA2 cracking seems to be done using dictionary attacks on the pre-shared keys - thus it can be fast or slow depending on the quality of the password chosen. The WPA/WPA2 cracking is done by capturing a few packets (not many are needed, apparently) and running the cracking off-line. With big rainbow tables and a fast cracker computer, this often won't take long. If you are using "enterprise" WPA rather than pre-shared key WPA, it's a different matter - cracking is pretty much infeasible. Those hidden shares can be disabled. They aren't available on these machines here; for example. Yes, but how many people know how to do that - even if they know the hidden shares exist in the first place? Obviously enabling the windows firewall will make such a simple attack very much harder - but certainly not impossible. A hardware based firewall which filters netbios requests helps nicely too. Absolutely true - hardware firewalls are far more effective than windows softwrae firewalls for blocking unwanted external traffic. Software firewalls on windows are good for limiting outgoing traffic from specific programs, but not good enough to protect from external attacks. |
#24
|
|||
|
|||
WiFi security issues? Newbie ? for W7
David Brown wrote:
On 20/12/10 15:46, mm wrote: On Sun, 19 Dec 2010 02:38:52 -0800 (PST), RayLopez99 wrote: 3) What if, assuming I get wireless for the home (like I say right now I got everything at home wired, but I might switch to wireless now that I got this new laptop), you find that a neighbor is sharing your wireless connection? I hear this is possible, but does that person need a password? I got a laptop from Ebay about 3 years ago. I should have started shopping earlier, and had to buy what was available, and it arrived only 3 days before i was to leave on a long trip to Asia. It came with 3 methods of internet, a port that accepted a phone cord, a PC port (PCMCIA) that accepted the included Network Jack card and the included wireless card. One of them required installing software, so I was doing that. I didn't have DSL yet, so I was going to have to use a flashdrive to transport files from my desk computer to the laptop. Half way through doing that, I noticed that my laptop was dl'ing my email and my newsgroups! It turned out I was using one of my neighbors' broadband/wireless. It's a good thing, too, because it saved me a lot of time I needed for packing, etc. When I got back two months later, there was a password on her account. AIUI, I didn't cost her anything. I didn't even slow her down. I've run my network without encryption or a password for some of the time since, and so far, I'm the only MM2005 listed in the phone book. So I guess no one has stolen my identity yet. I think they do. If I give them a password, will they be able to read my files on my hard drive, or just be able to share my internet connection? I thought files, directories, and printers had to be checked as Shared before even you can read those files or use the printer on your own network, and you have to have the password too. So as long as I don't put any files in my one Shared directory, I thought I was safe. Yes? Is that correct? I'm assuming you are using Windows. /Everything/ is shared by default - you have to specifically disable the file sharing service to stop it. Not in my experience. Getting file sharing to work on a windows LAN requires that you do a lot of configuration, starting with turning netbios on, then exporting various things as shares, and finishing with removing most of the firewalling that is the default way of working. In particular, there are a number of "default shares" that are (AFAIK) always enabled in windows unless the whole file sharing service is disabled - you don't need to explicitly share them. For every drive, there is a share named "c$", "d$", etc., that is available to any user with Administrator privileges. These default shares are hidden, in the sense that they don't show up in normal network browsing or "net view \\computer", but you can connect to them easily enough. You may /think/ that you haven't shared your files, but if I can see your computer on a network (and wireless networks are easily cracked - WPA in seconds, WPA2 takes several minutes) I think it takes a bit longer than that.. I can type "net use x: \\computer\c$ /user:Administrator" and try to guess your password. Using Linux rather than Windows makes such an attack easier to automate, but it can be done with Windows too. So that's two passwords to fight past, and hope the man has indeed got windows netbios on, and the firewall off..which if he is a domestic single user he will not have enabled either of. Obviously enabling the windows firewall will make such a simple attack very much harder - but certainly not impossible. Windows is utter crap, but it's not THAT crappy. |
#25
|
|||
|
|||
WiFi security issues? Newbie ? for W7
David Brown wrote:
On 21/12/2010 06:19, Dustin wrote: David wrote in : You may /think/ that you haven't shared your files, but if I can see your computer on a network (and wireless networks are easily cracked - WPA in seconds, WPA2 takes several minutes) I can type "net use x: \\computer\c$ /user:Administrator" and try to guess your password. Using Linux rather than Windows makes such an attack easier to automate, but it can be done with Windows too. I think you meant wep was cracked in seconds. Please provide reference urls discussing WPA cracked in seconds. I'd like to learn more. Thanks. Note - I haven't tried this myself. You may be right that it is just WEP that can be cracked in seconds. WPA and WPA2 cracking seems to be done using dictionary attacks on the pre-shared keys - thus it can be fast or slow depending on the quality of the password chosen. The WPA/WPA2 cracking is done by capturing a few packets (not many are needed, apparently) and running the cracking off-line. With big rainbow tables and a fast cracker computer, this often won't take long. If you are using "enterprise" WPA rather than pre-shared key WPA, it's a different matter - cracking is pretty much infeasible. Those hidden shares can be disabled. They aren't available on these machines here; for example. Yes, but how many people know how to do that - even if they know the hidden shares exist in the first place? Obviously enabling the windows firewall will make such a simple attack very much harder - but certainly not impossible. A hardware based firewall which filters netbios requests helps nicely too. Absolutely true - hardware firewalls are far more effective than windows softwrae firewalls for blocking unwanted external traffic. Software firewalls on windows are good for limiting outgoing traffic from specific programs, but not good enough to protect from external attacks. they are certainly good enough to repel all but the most determined hackers. But who expects the NSA to come sniffing round in a black van stuffed with supercomputers and packet sniffers? Not me, Osama ;-) |
#26
|
|||
|
|||
WiFi security issues? Newbie ? for W7
wrote in
: [...] Practical question: when at airports, Starbucks, etc, and you want to send an email, do you do so with impunity or with the chance somebody can steal your password when you log on? I might end up just using the laptop at such "public" places so I need more info on what to do there. Use a Blackberry, their service encrypts everything. But if you can't afford one, then: If the public place offers wired terminals for your use, use those to access the web-mail portal, and make sure your account is set to "leave messages on server" so that you can get the mail at home later. If you want a copy on your laptop, add your address as BCC, you'll receive a copy next time you get home. Personally, I never use my laptop for web access or e-mail in a public place. If you insist on using your laptop, the best you can do is increase the hassle factor for anyone who wants to get your password and e-mail. That's already been done: AFAIK, all ISP's require encrypted passwords these days. An encrypted p/w is a little (but not much) more difficult to use. Your address is more useful, but these days it's easier to generate addresses. (1) IOW, don't sweat it too much. OTOH, since the e-mail itself can be intercepted, you might want to be careful what you write. Just keep in mind that Homeland Security now has the authority to intercept all e-mails from and to the USA. They do it, too. So do the usual suspects in other parts of the world, and those that haven't done so either haven't done the authorising legislation yet, or can't afford the hardware and software. All web traffic is compromised in this sense. Public key encryption is a good way to make it very difficult for someone else to read your mail (PGP is one method). However, just using it is likely to make the authorities pay attention to you: if you're hiding something, you have something of interest to hide, you see.... (1) A spammer can generate addresses from names the same way your ISP does when it offers suggestions for your new e-mail address. The spammer will have already generated your address, in fact. I mean, look at it: I bet there is a raylopez89..., a raylopez56..., etc and so on and so forth. HTH Wolf K. |
#27
|
|||
|
|||
WiFi security issues? Newbie ? for W7
On 12/21/2010 9:15 AM, The Natural Philosopher wrote:
David Brown wrote: On 21/12/2010 06:19, Dustin wrote: David wrote in : You may /think/ that you haven't shared your files, but if I can see your computer on a network (and wireless networks are easily cracked - WPA in seconds, WPA2 takes several minutes) I can type "net use x: \\computer\c$ /user:Administrator" and try to guess your password. Using Linux rather than Windows makes such an attack easier to automate, but it can be done with Windows too. I think you meant wep was cracked in seconds. Please provide reference urls discussing WPA cracked in seconds. I'd like to learn more. Thanks. Note - I haven't tried this myself. You may be right that it is just WEP that can be cracked in seconds. WPA and WPA2 cracking seems to be done using dictionary attacks on the pre-shared keys - thus it can be fast or slow depending on the quality of the password chosen. The WPA/WPA2 cracking is done by capturing a few packets (not many are needed, apparently) and running the cracking off-line. With big rainbow tables and a fast cracker computer, this often won't take long. If you are using "enterprise" WPA rather than pre-shared key WPA, it's a different matter - cracking is pretty much infeasible. Those hidden shares can be disabled. They aren't available on these machines here; for example. Yes, but how many people know how to do that - even if they know the hidden shares exist in the first place? Obviously enabling the windows firewall will make such a simple attack very much harder - but certainly not impossible. A hardware based firewall which filters netbios requests helps nicely too. Absolutely true - hardware firewalls are far more effective than windows softwrae firewalls for blocking unwanted external traffic. Software firewalls on windows are good for limiting outgoing traffic from specific programs, but not good enough to protect from external attacks. they are certainly good enough to repel all but the most determined hackers. But who expects the NSA to come sniffing round in a black van stuffed with supercomputers and packet sniffers? Not me, Osama ;-) Are you trying to say that everyone is not interested in everything I do? I'm going to go and cry now....... |
#28
|
|||
|
|||
WiFi security issues? Newbie ? for W7
TVeblen wrote:
On 12/21/2010 9:15 AM, The Natural Philosopher wrote: But who expects the NSA to come sniffing round in a black van stuffed with supercomputers and packet sniffers? Not me, Osama ;-) Are you trying to say that everyone is not interested in everything I do? I'm going to go and cry now....... No. Merely that the ones who are, are not likely to be clever enough to find out. ;=-) |
#29
|
|||
|
|||
WiFi security issues? Newbie ? for W7
On 21/12/2010 15:12, The Natural Philosopher wrote:
David Brown wrote: On 20/12/10 15:46, mm wrote: On Sun, 19 Dec 2010 02:38:52 -0800 (PST), RayLopez99 wrote: 3) What if, assuming I get wireless for the home (like I say right now I got everything at home wired, but I might switch to wireless now that I got this new laptop), you find that a neighbor is sharing your wireless connection? I hear this is possible, but does that person need a password? I got a laptop from Ebay about 3 years ago. I should have started shopping earlier, and had to buy what was available, and it arrived only 3 days before i was to leave on a long trip to Asia. It came with 3 methods of internet, a port that accepted a phone cord, a PC port (PCMCIA) that accepted the included Network Jack card and the included wireless card. One of them required installing software, so I was doing that. I didn't have DSL yet, so I was going to have to use a flashdrive to transport files from my desk computer to the laptop. Half way through doing that, I noticed that my laptop was dl'ing my email and my newsgroups! It turned out I was using one of my neighbors' broadband/wireless. It's a good thing, too, because it saved me a lot of time I needed for packing, etc. When I got back two months later, there was a password on her account. AIUI, I didn't cost her anything. I didn't even slow her down. I've run my network without encryption or a password for some of the time since, and so far, I'm the only MM2005 listed in the phone book. So I guess no one has stolen my identity yet. I think they do. If I give them a password, will they be able to read my files on my hard drive, or just be able to share my internet connection? I thought files, directories, and printers had to be checked as Shared before even you can read those files or use the printer on your own network, and you have to have the password too. So as long as I don't put any files in my one Shared directory, I thought I was safe. Yes? Is that correct? I'm assuming you are using Windows. /Everything/ is shared by default - you have to specifically disable the file sharing service to stop it. Not in my experience. Getting file sharing to work on a windows LAN requires that you do a lot of configuration, starting with turning netbios on, then exporting various things as shares, and finishing with removing most of the firewalling that is the default way of working. I happily agree that you have to turn off the firewall (or at least add an exception) before shares (hidden administrator shares or otherwise) are accessible. But assuming you've done that, I've never had to do anything else to get sharing working. One thing that may make a difference is "home" and "professional" versions of windows - I have only ever used "professional" versions. So if "home" versions take more effort and configurations, then I'll have to take your word for it. I also have fairly limited experience of windows after XP. I've managed to avoid Vista almost entirely, and my impression of Win 7 is that it works, but looks a mess and does things differently for no apparent reason. So if things are different in Win 7, then again I don't know. In particular, there are a number of "default shares" that are (AFAIK) always enabled in windows unless the whole file sharing service is disabled - you don't need to explicitly share them. For every drive, there is a share named "c$", "d$", etc., that is available to any user with Administrator privileges. These default shares are hidden, in the sense that they don't show up in normal network browsing or "net view \\computer", but you can connect to them easily enough. You may /think/ that you haven't shared your files, but if I can see your computer on a network (and wireless networks are easily cracked - WPA in seconds, WPA2 takes several minutes) I think it takes a bit longer than that.. For WEP, it doesn't take long. For WPA and WPA, it depends a lot on the pre-shared key and whether or not you use pre-calculated tables. I can type "net use x: \\computer\c$ /user:Administrator" and try to guess your password. Using Linux rather than Windows makes such an attack easier to automate, but it can be done with Windows too. So that's two passwords to fight past, and hope the man has indeed got windows netbios on, and the firewall off..which if he is a domestic single user he will not have enabled either of. I'm just warning about possible weak points in security - nothing more. Many people have poor passwords (or no passwords at all). Many people have their firewalls disabled without realising the issues this has. And I think most people have the administrative shares enabled, because they never knew such a thing existed. This all adds up to many people being susceptible to hacks through these shares. For people who understand about security, it can be hard to appreciate how insecure many windows systems are. But the millions of zombie machines around the world that testify to poor security. (I know that attacks via wireless networks are not the main cause of these zombies - the point is that people regularly disable or abuse the security features they have.) Obviously enabling the windows firewall will make such a simple attack very much harder - but certainly not impossible. Windows is utter crap, but it's not THAT crappy. Windows software firewall is far from impenetrable. There are many common attack strategies. It comes with holes - not every port is blocked by default. There are flaws in the implementation of the windows networking system - these are regularly fixed, and new ones are found. People use third-party software firewalls - in my opinion, these often lead to more vulnerabilities than windows own firewall, as they add layers of complication that introduce new bugs and then new security flaws. But one of the biggest flaws is that people get so many pop-ups (especially with third-party firewalls) or have so many problems getting things like bittorrent to work that they disable the whole firewall. I prefer to be paranoid - I use a hardware firewall between windows machines and the internet. But if that's not possible, then the standard windows firewall, when properly configured (i.e., no inappropriate exceptions), is good enough for short-term usage. It is not perfect, but it is seldom the weakest link. |
#30
|
|||
|
|||
WiFi security issues? Newbie ? for W7
David Brown wrote:
I prefer to be paranoid - I use a hardware firewall between windows machines and the internet. But if that's not possible, then the standard windows firewall, when properly configured (i.e., no inappropriate exceptions), is good enough for short-term usage. It is not perfect, but it is seldom the weakest link. I agree,. I prefer to be paranoid. No windows machines at all AND a hardware router. But my remarks were from an XP installation a few years back inside a firewalled network. I could not get the machines to talk nice to an appliance that was supposed to be a visible share on the network. Firewall. It took a fair bit to even get the machines to talk to each OTHER. maybe they had 'home' on them. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Laptop wont connect to WiFi network with security settings | M | Dell Computers | 14 | October 13th 08 04:19 PM |
M3A32-MVP DELUXE/WIFI-AP wifi problem | vc | Asus Motherboards | 2 | February 15th 08 03:29 AM |
security issues caused by virtualization of the AMD CPU and the Vista | Stanley | AMD Thunderbird Processors | 1 | September 18th 07 05:01 PM |
SP2 Security issues to be aware of | Haggard the Horrendous | Asus Motherboards | 3 | September 27th 04 02:58 AM |
Issues with Norton Internet Security and SATA drives? | Hm | Homebuilt PC's | 1 | January 21st 04 03:12 PM |