Journal IO ERROR's Journal: How not to secure your wireless access point 4
If you bought one of those shiny new 802.11{abg} access points so you could be lazy and use your laptop in bed without a bunch of cords dangling all over the place, you have a decision to make. Do you want your neighbors and random strangers using your Internet connection?
If you decide you don't want other people using your connection, then don't do these things:
- Hide your SSID. Your access point will broadcast it anyway whenever your computer associates, and if you're using Windows XP then it associates every few seconds.
- Use MAC filtering. Your access point will broadcast valid MAC addresses whenever those stations are in use, and anybody can pick those up and change their MAC address to match yours.
- Use WEP. It's easy enough to crack that anybody listening can recover your WEP key in a fairly short time if you actually use your wireless connection for anything.
- Use a Microsoft access point. Microsoft access points will gladly send their WEP key to anybody who asks, making WEP completely useless.
- Use LEAP. It is based on Microsoft CHAP and a poor implementation at that. It's easy to crack.
Hm, what's the point of enabling all that security if it's so easy to get around? Here are some other things you might try:
- Turn off the access point's DHCP server. Won't do you much good, since somebody can just "borrow" your IP address when you aren't using it or use an unused IP address in your subnet.
- Reorient the access point's antenna. Then you'll just have the people on the other side of your apartment using it.
Hm, you may as well just take the damn thing back and get a refund, and suffer the Ethernet cord.
Or, just avoid the issue entirely. (Score:1)
Securing Wireless (Score:1)
Tell me, and this is not a troll, can wireless be secured at all? People around me start using it (even though they're suspicious, because I don't) and it would be nice to be able to reply "it cannot be secured" in addition to my "I don't know about wireless, leave me alone".
Executive Summary Re:Securing Wireless (Score:2)
Aside from that, hiding your SSID is useless, MAC filtering isn't much better, and WEP, while useful, isn't as secure as it should be. Cisco's LEAP got hacked, and EAP/TLS isn't common enough yet. And you won't find those last two on a residential AP anyway.
Re:Executive Summary Re:Securing Wireless (Score:1)