[clue-tech] Wireless security again

Kevin Fenzi kevin at scrye.com
Mon May 16 21:33:36 MDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Collins" == Collins Richey <crichey at gmail.com> writes:

Collins> A friend just gave me a WRT54G unit which is working ok for
Collins> the two windows laptops in the household - both have builtin
Collins> .G functionality.  I haven't completed the setup to use Linux
Collins> (one of the laptops is dual boot).

Collins> I've setup the unit and the laptops for WEP 120bit security,
Collins> but I'm not really interested in leaving one these beasts
Collins> connected 24x7. My planned use of the unit is as follows

Collins> Cable Modem
Collins>       |
Collins>       V Hardwired 4-port router
Collins>       |
Collins>       +----------> Desktop PC 1 (Linux CentOS4 mostly)
Collins> (Firewall)
Collins>       |
Collins>       +----------> PC 2 (WinXP) (Windows firewall, ie not
Collins> much)
Collins>       |
Collins>       +----------> WRT54G (occasional use) <----> various
Collins> laptops | (none of the WRT54G hardwired connections used)
Collins>       |
Collins>       +-----------> (occaional use for laptops, etc.)
     
Collins> I'm just wondering what the real exposure is, since neither
Collins> of my regular PCs will ever be on the wireless connection. I
Collins> can train my wife and daughter never to do financial
Collins> transactions on the laptops, but how are the hardwired units
Collins> exposed?

Collins> Perhaps one of you gurus would like to expound on this?
                                                     
Well, as always you have to make trade offs, nothing is ever 100%
secure. 

What are you protecting against? 

Looking at the wireless side of things, while WEP isn't all that
secure and can be broken if the attacker can sniff enough traffic: 

- - Most people who want to just use a wireless connection would see the
WEP and just drive down the street to find an open access point. Much
like a casual car thief, if the door is locked they will just move on
to a unlocked car down the block. Also setting the wireless ESSID to
not broadcast would cause the casual user to just not see it and move
on. 

- - How far does your AP extend a usable signal? For example at my house
the houses adjoining mine, my driveway and the street right in front
of my house might get signal, but not much further. You can also set
the TX power on the wrt54g with any of the aftermarket
firmwares. Consider lowering it to cover only those areas you wish to
cover. 

- - If you are concerned with wireless traffic sniffing you might
consider going to something like the OpenWRT distribution on the
wrt54g and installing the openvpn package. Then run a vpn connection
from the laptops to the AP. 

- - You might also consider a openvpn connection to your firewall. Then
block all outgoing packets from the AP except openvpn packets. That
would prevent anyone not using a vpn from using your connection and
allow your traffic to be encrypted. 

If someone is targeting your specifically the wireless is likely not
the weakest point. Consider a tap to the wired ethernet, a key capture
dongle on any of the keyboards, spywire on any windows machines, etc. 

kevin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFCiWYT3imCezTjY0ERAnyzAKCaG0wSE0/oc/9cBNvpCzc9YXcAjQCfcCgy
EAFWkBL1nHMRa30V8kYqrao=
=K7vF
-----END PGP SIGNATURE-----

More information about the clue-tech mailing list