[clue-tech] wireless education for dummies (me)

Nate Duehr nate at natetech.com
Wed Dec 16 11:30:30 MST 2009 

On Wed, 16 Dec 2009 04:55 -0700, "Collins Richey" <crichey at gmail.com>
wrote:
> > Don't know what "doesn't want to work through the wired router means".  Does it get an address via DHCP, or are you assigning one, etc?
> >
> 
> The router is configured via a 192..... url. Unable to connect to the
> router to configure.

Interesting.  Even if you disconnect it from the rest of the LAN and
provision an in-range IP on your machine with a cross-over Ethernet
cable direct to it?

> I keep reading that the wireless encryption is immenently crackable,
> so that would expose my entire network to kiddie crackers, or ???

Basically it is.  Especially WEP, even up to 128-bit.  WPA/WPA2 and TKIP
and all the fun and games are just a few steps ahead of the hackers.  At
least the latest round of fun and games is using AES.  If you read up on
the various tactics, most are "key rotation" techniques... even though
the key is hackable, you need a LOT of seed data to break SOME of these
protocols, and if the key keeps changing, it's hard to get that data. 
But there's no doubt that some bad or good guy will publish a way to
break the newer "stuff" eventually, if you just look at it as a
never-ending game of cat and mouse.

This starts to head into a different issue: Wireless security, more than
just the "simpler" questions of getting your network running at home.

Here's some of my somewhat random thoughts on the topic...

- If someone gets on my wireless network (into my private-side network),
what can they see? Do I use any insecure file sharing or other protocols
that aren't authenticated, even BETWEEN my various machines?  I can
avoid that.

- If someone gets on my wireless network and then goes out to the real
world, do I care?  Obviously if they're naughty hacker types using my
bandwidth to do bad things, I do... so... next question is...

- Can I see that they did get in, if they make no effort at all to cover
their tracks? Obviously if they got in and they're trying to hide,
they'll find a way... deleting router logs, whatever.

- Do I pass traffic unencrypted over wireless or wired networks
internally that shouldn't be? (Example, if someone's on my network
monitoring and I'm accessing a bank account, that's probably via
HTTPS/SSL, so... pretty good.  Etc.  This one, you can be as "secure" or
"insecure" as you like.

- How "big" of a target am I? I live in a house with pretty good
distance between houses. My WiFi device is PURPOSELY in the basement of
the house. 2.4 GHz gets absorbed passing through through dirt (water,
specifically), and while 5.8 GHz is a little better it's even more
distance limited by the regular free-space path-loss at the higher
frequency.  The point is... keep your RF coverage to where you need to
use the network. Mine doesn't even consistently make it out of my back
yard, but the central basement location covers the 2nd floor just fine.

- How many other "sucker" targets are in the area? A little of your own
sniffing with WiFi sniffing tools is a good idea anyway (choose wisely
on your channels in use so you have the least interference with
neighbors), but you also learn how many completely unsecured access
points there are in your 'hood.  How many are still on the factory
default usernames and passwords, etc.  The more "easy" targets, the less
likely a script-kiddie looking for bandwidth to upload photos to his
website, or worse behavior... is going to even bother with your network.
 You have a lock on the door, and the neighbor doesn't.  The reality is,
the more densely populated area you live in, the more likely there's
LOTS easier ways for someone screwing around to get WiFi bandwidth than
via your properly-secured router.

Then, after all of the above, always keep the cardinal rule in mind... 

- NOTHING on radios/RF/wireless is secure.  NOTHING.  With the right
gear, anyone can eventually read your data.  Cell phones?  P'shaw...
easy with $500 worth of completely legitimate test equipment from eBay. 
WiFi with the latest toys is actually MORE secure.  (Chew on that one
mentally for a moment and think of all the business transactions and
"secrets" passed via cell phones every day.)

Okey dokey... that's some stuff to think about.  It's a really broad
topic...

Nate

More information about the clue-tech mailing list