+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Wireless Networks Thread, securing wireless network in Technical; It depends how secure you want it. I don't think MAC address filtering is generally considered to be highly secure ...
  1. #16
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: securing wireless network

    It depends how secure you want it. I don't think MAC address filtering is generally considered to be highly secure as any MAC address can be spoofed. A determined hacker should be able to get past MAC address filtering without much trouble. Having said that, it might slow down and possibly deter the casual opportunist.

    There's really no excuse for not using the highest level of WEP encryption available on you APs and Laptops. WEP adds another layer which, although no longer considered secure, will deter all but the serious hacker.

  2. #17

    Join Date
    Nov 2005
    Location
    Middlesbrough
    Posts
    402
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: securing wireless network

    If you're just using MAC address authentication on your wireless LAN the packets can still be sniffed with something like Ethereal as they are being transmitted unencrypted. This means all manner of data could be looked at by anyone! Yes MAC addresses can be spoofed fairly easily, but remember the attacker needs to know the MAC addresses on the allowed list first.

    At the very least I would encrypt the Wireless LAN with WEP and use MAC filtering!

    WEP does have weaknesses though, with enough time the key can be cracked, the last time I tried it though it took almost 2 weeks of packet sniffing! Still it is possible, look at what other encryption methods your AP's offer, something like WPA2 would be better as long as all your clients support it!

  3. #18

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: securing wireless network

    WEP decryption with the newest version of the (Linux!) cracking tools takes around an hour or a few million packets. Which ever comes first.

  4. #19
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: securing wireless network

    Quote Originally Posted by Geoff
    WEP decryption with the newest version of the (Linux!) cracking tools takes around an hour or a few million packets. Which ever comes first.
    Right... at which point you get the WEP key. So now you can sniff packets and get free Internet and potentially use password cracking tools.

    My point being that there is (or at least should be) a whole lot more security still to get through if you are after the serious data (pupil files, financial info). I think I'm right in saying that Windows passwords no longer travel across the wire unencrypted, so it should not be a trivial matter to obtain a password. I also believe it is possible to encrypt all network traffic using IPSec between Windows clients and servers. Doing that would mean that even if the wireless network was compromised, the data on the network and servers should still be safe. Don't know what kind of hit this would have on performance though. I assume encryption would be done symmetrically (same key to encrypt/decrypt) and key exchange using some form of public key transfer. (Bit out of my depth here!!)

  5. #20

    Join Date
    Jun 2005
    Posts
    223
    Thank Post
    6
    Thanked 8 Times in 8 Posts
    Rep Power
    30

    Re: securing wireless network

    I managed to get radius workin with a standard windows 2003 server domain. Its a bit of a pain tho' as you have to find AP and cards that support it (ours are a bit old and naff). The only thing you can't do without enterprise is automatic user certificate enrollment. So again, slight PITA cos you have to manually install user certs. on client machines.

  6. #21

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: securing wireless network

    I also believe it is possible to encrypt all network traffic using IPSec between Windows clients and servers. Doing that would mean that even if the wireless network was compromised, the data on the network and servers should still be safe.
    Well, access to the internet bandwidth is an end in itself.

    Even so, that doesn't protect you against people brute forcing account passwords. While passwords do use NTLMv2, usernames generally fly around in cleartext. Once you have a list of usernames to work with its much easier to find the ones with bad passwords. Once you have "Domain User" access you can thing about cracking Admin.

    Hopefully your IDS would of detected the intrusion long before things got to point though.

    Remeber not to discount other attack vectors though. Print Servers, Routers, Managed Switches, Standalone PCs not on the domain and Systems running other OS's need to be audited too as they are perfectly valid targets for an intruder.

    I prefer not letting people in in the first place. WPA with RADIUS is the way forward I think.

    One thing with your Certificate server. Its good practice to have it on a small laptop or other form of portable so you can physically lock it in your schools fireproof safe. Physical access to this machine basically gives full access over your entire network infrastructure.

  7. #22
    u8dmtm's Avatar
    Join Date
    Feb 2006
    Posts
    231
    Thank Post
    7
    Thanked 13 Times in 12 Posts
    Rep Power
    20

    Re: securing wireless network

    It is quite easy to spoof a MAC address - pretend to be something on your allowed list but is better than nothing. Couldn't you also use WEP / WPA or 802.11.x? WEP will work most widely but is the least secure. WPA requires that all your clients support it.

  8. #23

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: securing wireless network

    Yes, I think really the only way forward is to phase out your older equipment that won't do WPA/WPA2 and only buy new stuff that will.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Wireless Network away from LAN
    By gshaw in forum Wireless Networks
    Replies: 2
    Last Post: 19th December 2007, 01:16 PM
  2. Map network drives on wireless network
    By woody in forum Windows
    Replies: 24
    Last Post: 1st December 2007, 06:27 PM
  3. Wired & Wireless Securing
    By Samson in forum Wireless Networks
    Replies: 6
    Last Post: 14th August 2007, 10:47 PM
  4. Wireless Network
    By wesleyw in forum How do you do....it?
    Replies: 15
    Last Post: 3rd November 2006, 04:02 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •