Square Mile

[DGR]

Roy, RichardB,

Advice taken and implemented !! SSID broadcast is now off - and wireless access is only permitted to the devices that should be using it. AND - I won't be doing any bank stuff over the wireless part of the net - I'll stick to the hardwired bit for that!!

Thanks for your help!!

Dylan...

[roycruse]

There is a way to make safe your banking over the wireless network as long as you have a pc or server that is on the hard-wred part of the network.

The 128bit encryption used by WEP is actually very hard to crack - but wirelees networks typically transmit a lot of very empty packets just syaing "hello im here" and stuff like that. Its these "weak" packets that make the encryption easy to break - if every network packet was complex and full - no one would ever be able to break the 128 bit encryption with brute force.

So how to make the data secure - using a VPN (Virtual Private Network)

You set up incomming connections on your hard wired pc to accept VPN connections then set up a VPN client connection from your laptop to your PC making sure that in the advanced settings of the connection you have the "Use default gateway on the remote network" ticked.

Now any trafic going over the wireless network is double 128 bit encrypted (no one is going to break that) the packets will then be unencryted by your pc and reach your online banking server with no less security than if you were doing it from a hard-wired network...

Sorry if that was boring or over everyones head - but if anyone wants further instructions on setting this up - let me know...

[DGR]

If I follow what you are saying ( ) - then as my wireless hub and router are the same thing I can't do that (i.e. doesn't go through the hard wired PC or a server).

Would the VPN have to go from PC to PC? I can still use the wireless gateway with the Laptop when the hardwired PC is still switched off.

D...

[roycruse]

This is how it works

The packets of data would go by VPN (strongly encrypted) through the wireless connection to the router (which is also a wireless accesspoint bridging the wireless and the wired networks together) then through the wired connection to your PC where it would be decrypted and then go back from the PC through the wired connection to the router and then out via adsl to the internet.

Of course this is all assuming that your PC is wired to the router by a lan cable and is not wireless too ! Other wise forget it !!

[laser]

Quote:

Originally Posted by Richard B

Locking down your access point to specified MAC addresses (the unique IDs on each of the wireless network adapters on each of your own PCs) stops an unauthorised PC attaching to your router and accessing the other machines in your house and/or your internet connection. Hackers can still "snoop" on your broadcated data though (see previous two points).

MAc address filtering is not as secure as you think, it is very easy to capture a mac address from a data packet and then clone that mac address to enable access.

DGR,

If you have a linksys router, i would suggest that you set up WPA on it as it is a lot more secure than WEP. It is suprisingly easy to crack WEP as roycruse. We were shown in our lectures at university just how easy it is!!! as soon as i got home i stopped using WEP and used WPA atraight away.

Ny probs let me know

Rich

[codprawn]

Quote:

Originally Posted by roycruse

The 128bit encryption used by WEP is actually very hard to crack - but wirelees networks typically transmit a lot of very empty packets just syaing "hello im here" and stuff like that. Its these "weak" packets that make the encryption easy to break - if every network packet was complex and full - no one would ever be able to break the 128 bit encryption with brute force.

It is much easier to target the (A+3,FF,x) etc packets but not essential - techniques are evolving pretty fast now - weplab is getting pretty good.

Agree with the VPN method - works fine.

[codprawn]

Quote:

Originally Posted by laser

MAc address filtering is not as secure as you think, it is very easy to capture a mac address from a data packet and then clone that mac address to enable access.


Rich

So true - great fun though.......

The BIGGEST problem(or advantage) of wireless networks is that anyone messing about is TOTALLY untraceable if they use their heads!!!

The only real security is not to have one or to line your room with fine mesh!!!

[laser]

have u used that weplab program codprawn? Looks very interesting, mite take a look it for this year of uni, also given me some ideas on what to base my final year project on

[DGR]

The desktop is wired through a LAN to the router - so will look at setting up a VPN using WPA. I should be sorted by 2007... ... then I can try to work out how to get my X-Box to work.........