Volkswagen Passat Forum banner

1 - 9 of 9 Posts

·
Banned
Joined
·
3,172 Posts
Discussion Starter #1
I've been abusing my wireless internet since getting my new laptop w/ the internal wireless setup and the Linksys wireless router to go w/ it. Love it. :bow:
However, I have not been logging onto my bank accounts, haven't done any online shopping while wireless, and haven't logged into anything using my social security number while on the wireless. I either use the desktop of I plug my laptop back into the wired outlet.

Am I being paranoid? :nervous: How easy is it to intercept information when someone is wireless? Under what conditions?

Thanks...

Harry
 

·
Registered
Joined
·
165 Posts
To get wireless signal a person has to be pretty close to your house (wireless router) or have one of those antennas that go out for a mile or two. And the person needs a program to find nearest signals. That's how you get other people's signal. I did a small project building one of those antennas out of coffee cans.

I really don't know how easy it is to get into the other person's files, because I've never tried it and don't know how to do it.
 

·
Registered
Joined
·
4,095 Posts
its not secure unless you use end-to-end encryption.

like, if you used SSH to go from your laptop, THRU the router and then ending up on some server that also speaks SSH.

or when you use a webpage that is SSL enabled (has the 'padlock' icon on).

if you don't know if you are end-to-end encrypted, assume you are not and avoid passwords (they are likely in plaintext) and bank numbers.

no, you're not too paranoid. just the right amount.
 

·
1st Gear
Joined
·
17,568 Posts
linux-works said:
its not secure unless you use end-to-end encryption.

like, if you used SSH to go from your laptop, THRU the router and then ending up on some server that also speaks SSH.

or when you use a webpage that is SSL enabled (has the 'padlock' icon on).

if you don't know if you are end-to-end encrypted, assume you are not and avoid passwords (they are likely in plaintext) and bank numbers.

no, you're not too paranoid. just the right amount.
^^^what he said

You either have it encripted (secure)....or you dont.

Once you enable it you will need to add MAC addresses of the PCs that will be using the service. Correct me if Im wrong on this....its what I gathered from doing little research. And Im sure there is ways around that....

But I have many users with mobile Laptops....that get signal all over the place. Go to Manhattan and you will have 20-30 choices to pick from....which is nice. However if those people had it encryption enabled.....that wouldnt be happening.

The fact is that most people dont even know...or dont care.

Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
 

·
Registered
Joined
·
1,087 Posts
SDPassatT said:
I've been abusing my wireless internet since getting my new laptop w/ the internal wireless setup and the Linksys wireless router to go w/ it. Love it. :bow:
However, I have not been logging onto my bank accounts, haven't done any online shopping while wireless, and haven't logged into anything using my social security number while on the wireless. I either use the desktop of I plug my laptop back into the wired outlet.

Am I being paranoid? :nervous: How easy is it to intercept information when someone is wireless? Under what conditions?

Thanks...

Harry
It's OK to be a little paranoid with wireless Internet (or any kind of Internet for that matter) :) .

If your Linksys router supports encryption (WEP) or the newer version of wireless encryption (WPA) , definitely make sure that it is turned on. WEP has a flawed crypto key management scheme and can be compromised fairly easily, so it is recommended to use WPA instead if possible. If your router does not support WPA, you can probably get it enabled by doing a firmware upgrade that should be available from your router vendor if it's a recent model. Even WEP is a LOT better than no encryption at all, as long as you don't have a false sense of security with it.

When you turn on encryption, you need to specify a password or create a key that is shared between your computer and the router. If you specify your own password, make sure that the password can not be easily guessed. (#$5%T*&j would be a good password). You don't have to type this password in more than once so there is virtually no harm if you forget it.

In addition, your router most likely supports MAC-address based authentication and you should enable it as well. MAC-address is (almost) unique to every network card and although it is easy to spoof, it will still make it harder for any other devices to gain access to your network because the router will restrict access to your physical MAC-address only.

One more thing to check is a feature called "SSID broadcasting". By default 802.11x routers usually broadcast their own identifier to the outside world informing everybody about a wireless network. Turn this feature off, it's useless if you are the only user of this network. Also change your SSID name from default (probably "Linksys" or some other logical name) to something that can not be easily guessed. Then you need to configure this new SSID name on your computer's wireless network settings as well.

If all of the above is taken care of, you shouldn't have to worry about somebody eavesdropping or gaining unauthorized access to your network. Yes, theoretically it's still possible but not likely at all. If encryption & authentication are not enabled, it is really easy to gain access to your network, anybody can do it and probably does already if that's the case.
 

·
Registered
Joined
·
1,087 Posts
VdubTX said:
Is it best to use 64 or 128 bit encryption. I have a wireless point setup and am using some of the advice here to set it up.
Always use the longest possible encryption key. Which means that the answer is 128-bit is better.
 

·
Registered
Joined
·
4,095 Posts
some of you guys are missing what I'm saying.

there are 2 kinds of encryption: LINK LEVEL and END-TO-END.

link level is between hops. like your laptop and the wireless router. that uses WPA or WEP.
WEP is crap and wpa is better but I'm still not convinced yet.

SSH and SSL (real tested known quality encryption techniques) work. but they have to be from the ENDPOINT (laptop) to the REMOTE PEER (where you are ultimately surfing or connecting to). this is standard stuff that doesn't know or care if it started out on a wireless or a wired link.

I don't even waste my time with link-level anymore. it wastes bandwidth (you consume some for the encryption) and it just isn't strong enough yet. and you STILL have to run end-to-end level encry. over it, so you're doubling things up but not getting any more than if you ran JUST end-to-end.
 

·
Registered
Joined
·
1,087 Posts
linux-works said:
some of you guys are missing what I'm saying.

there are 2 kinds of encryption: LINK LEVEL and END-TO-END.

link level is between hops. like your laptop and the wireless router. that uses WPA or WEP.
WEP is crap and wpa is better but I'm still not convinced yet.

SSH and SSL (real tested known quality encryption techniques) work. but they have to be from the ENDPOINT (laptop) to the REMOTE PEER (where you are ultimately surfing or connecting to). this is standard stuff that doesn't know or care if it started out on a wireless or a wired link.

I don't even waste my time with link-level anymore. it wastes bandwidth (you consume some for the encryption) and it just isn't strong enough yet. and you STILL have to run end-to-end level encry. over it, so you're doubling things up but not getting any more than if you ran JUST end-to-end.
I'm sure everybody understands the need for end-to-end encryption when sending sensitive information over the Internet but the original question was about the security of a wireless LAN. End-to-end security is not a solution to secure a wireless LAN, it's a solution to secure online transactions. Which means that all sites have to support browser-based SSL or a VPN must be used (well, that's not exactly end-to-end but you get the point). End-to-end encryption helps or even removes the need for link-level encryption but it doesn't remove the need for access control.

Unfortunately not all sites support SSL, SSH or other methods of encrypted access so there is a little an end user can do to ensure that end-to-end encryption is always used except paying attention to where they surf and who they do business with. Online banking or credit card transactions are generally not a problem because SSL is pretty much mandatory. For example VISA mandates that its merchants must provide SSL encryption for online transactions and I'm sure all other credit card companies do the same. And I don't think any bank could even imagine providing online banking services without SSL encryption. The SSL scheme does have its own weaknesses but that's off-topic.

The security of wireless LAN is nowear near perfect but in my opinion is perfectly adequate for a home user when implemented correctly. Link-level encryption does have its weaknesses but for example the performance degradation is totally insignificant in case of any home wireless LAN. End-to-end encryption is essential when doing online transactions or if remote access to sensitive information is needed.
 
1 - 9 of 9 Posts
Top