Re: wifi file sharing security
- From: hiprakhar <hiprakhar.3tvnjc@xxxxxxxxxxxxx>
- Date: Tue, 16 Jun 2009 19:41:23 +0530
Leonard Grey;4466012 Wrote:
"I'd wager that, if asked, a few of them might think a sniffer is a
glass for serving brandy."
That's a snifter.
---
Leonard Grey
Errare humanum est
Bruce Chambers wrote:
Leythos wrote:to
In article <#9pFMBS7JHA.1716@xxxxxxxxxxxxxxxxxxxx>,
bchambers@xxxxxxxxxxxx says...
1) Disable SSID broadcasting. This makes it harder for outsiders
MACdetect your network....
3) Enable MAC filtering, so only computers that *you* specify by
wantsAddress can connect to the router.
Taken from a security advisors site:
MAC filtering: This is like handing a security guard a pad of paper
with a list of names. Then when someone comes up to the door and
comparesentry, the security guard looks at the person's name tag and
name.it to his list of names and determines whether to open the door or
not. Do you see a problem here? All someone needs to do is watch an
authorized person go in and forge a name tag with that person's
MACThe comparison to a wireless LAN here is that the name tag is the
canaddress. The MAC address is just a 12 digit long HEX number that
likebe viewed in clear text with a sniffer. A sniffer to a hacker is
aa hammer to a carpenter except the sniffer is free. Once the MAC
address is seen in the clear, it takes about 10 seconds to cut-paste
investment)legitimate MAC address in to the wireless Ethernet adapter settings
and the whole scheme is defeated. MAC filtering is absolutely
worthless since it is one of the easiest schemes to attack. The
shocking thing is that so many large organizations still waste the
time to implement these things. The bottom line is, MAC filtering
takes the most effort to manage with zero ROI (return on
stealingin terms of security gain.
No security precaution can ever be 100% effective against a
determined, knowledgeable bad guy with malicious intent.
However, all the OP wants to do is stop his neighbor's from
his bandwidth. How many people in your neighborhood have sniffers?I'd
wager that, if asked, a few of them might think a sniffer is a glassfor
serving brandy.5
SSID hiding: There is no such thing as "SSID hiding". You're only
hiding SSID beaconing on the Access Point. There are 4 other
mechanisms that also broadcast the SSID over the 2.4 or 5 GHz
spectrum. The 4 mechanisms are; probe requests, probe responses,
association requests, and re-
association requests. Essentially, youre talking about hiding 1 of
isSSID broadcast mechanisms. Nothing is hidden and all youve achieved
acause problems for Wi-Fi roaming when a client jumps from AP to AP.
Hidden SSIDs also makes wireless LANs less user friendly. You dont
need to take my word for it. Just ask Robert Moskowitz who is the
Senior Technical Director of ICSA Labs in his white paper Debunking
the myth of SSID hiding.
I said nothing about "SSID hiding." I advised turning of the
broadcast, and I know exactly what it does. Again, we're discussing
household LAN, here. How many access points do you have in yourhouse?
(And this is stimulating and turning off SSID broadcasts mightcause
problems for a roaming client. I know from first hand experiencethat
it doesn't, if the clients are properly configured.)work
You might want to have CompTIA revamp their Security+ course
and exams then.
Thanks a lot Leonard and Bruce. I've already got the hint that both of
you are friendly and intelligent. We can get things better if we start
collaborating.
I applied MAC filtering yesterday after Bruce told. And it took less
than a minute. I agree with Leonard that MAC spoofing is like a piece of
pancake. But then it really does not require "effort" so I dont care for
ROI, since something is always better than nothing.
However I figured out that WPA uses strong encrypting algo
(courtesy:wiki) and has been just hacked once that too in lab (wiki
might be wrong though). So I think uses a strong key secures in the
first hand.
Turning off SSID broadcast was a pain. Just when I disabled it (in my
DLink DIR-300 router), the connection failed, and I was'nt able to
detect it in the windows wifi catcher. I tried using the previous wifi
profile to connect but it didnt work. And as the internet was disabled
too, i could not use internet help. So i had to reset the router. So
really turning the SSID off is less user friendly.
I need to ask one more thing about file sharing security. I have a
laptop and a Desktop and i do seamless data sharing between them through
the wifi router. Now I want to add more computer to the same router
loop, but I DONT WANT IT to be able to access the files on my laptop or
desktop. (It should access only internet)
The person on the 3rd computer can easily figure out the ip of both of
my computer using the "ipconfig /all" and enter it to explorer to access
my files.
How can I avoid this??? I require that the files should not be
accessible unless a password authentication is done.
Please help.
--
hiprakhar
------------------------------------------------------------------------
hiprakhar's Profile: http://forums.techarena.in/members/65203.htm
View this thread: http://forums.techarena.in/windows-security/1197445.htm
http://forums.techarena.in
.
- Follow-Ups:
- Re: wifi file sharing security
- From: hiprakhar
- Re: wifi file sharing security
- References:
- wifi file sharing security
- From: hiprakhar
- Re: wifi file sharing security
- From: Bruce Chambers
- Re: wifi file sharing security
- From: Leythos
- Re: wifi file sharing security
- From: Bruce Chambers
- Re: wifi file sharing security
- From: Leonard Grey
- wifi file sharing security
- Prev by Date: Re: wifi file sharing security
- Next by Date: Re: wifi file sharing security
- Previous by thread: Re: wifi file sharing security
- Next by thread: Re: wifi file sharing security
- Index(es):
Relevant Pages
|
