Jump to content

Home Wireless Security


samran

Recommended Posts

Story is that I have a wireless modem in my condo. At first I used 64-bit security on it. So theoretically, only my wife's and my laptop are the only ones which can log into our houses wireless network.

However.....I got home the other day after a couple of hours shopping and noticed that the log in screen for my yahoo account was totally in someone elses name (you know when yahoo saves your user name on the log in screen). Instread of the login address being [email protected] it was a strangers address that I saw there.

I have since upgaded the security level to 128-bit. However I am worried that someone in my building has somehow managed to get past the security, and is able to use my wirless (that is the theory at least given that yahoo log in screen being different). I'm also afraid that they'll do it again.

Two questions:

1) Is 128 bit security enough? (I have given the passwords and the keys to no-one).

2) Is there another explanation for the yahoo log-in screen being different?

Link to comment
Share on other sites

security for your wifi/router

1. change the default password on the router

2. Do not broadcast the SSID - ( the name for the WIFI access point - change it from the default and tick the checkbox saying disable )

3. enable MAC address filtering - ( on all the computers you wish to use on the access point - I am assuming you are using a winOS - go start-->>run , then type in cmd and hit enter , this will bring up a command line box , now type in ipconfig /all then hit enter. this will bring up a list of all your network hardware on the computer and each piece of hardware ( eg. 10/100 netcard / wifi card / bluetooth ) will have a MAC address which will look something like - 00:04:67:B5:82:F9 - copy down the MAC address , go to the section in your router config and enable MAC filtering and put the MAC addresses in for the wifi cards on each laptop )

4. use WEP or WPA encryption.

5. turn the power off if you are not using it.

in saying that I just have a non broadcast SSID , non default password , MAC filtering and my router is always on as it has an inbuilt PPPoE client which I have set to always connected.

nothing except for turning the power off to the router is guaranteed to secure your router against whichthe most determined and skilled person , but it will deter your average drive by connection.

as for your yahoo account , maybe the login page had been proxied by the ISP and you were assigned an IP during the standard 24 hourly disconnect and reconnect, which had recently been used to login to yahoo.

Link to comment
Share on other sites

Guest endure

In order for your Yahoo login to have changed not only would someone have to log into your wireless network, they'd also have to have taken remote control of your machine. Did you have any visitors/friends that could have used your machine to log into their Yahoo account?

Link to comment
Share on other sites

Stumonster,

Thanks for the information. I checked my configuration on all topics and everything was set. Nothing to add router-wise.

What I like to add is that I've set my Sygate Firewall Pro with an Advanced Rule allowing traffic from my laptop with its specific MAC address. When I set it off, my laptop can't access directories on my desktop, so it works.

About WEP or WPA. Many publications on the internet give preference to WPA because it should be much more secure than WEP. Here is one publication.

http://netsecurity.about.com/od/quicktip1/...twifiwepwpa.htm

Petch01

Edited by Petch01
Link to comment
Share on other sites

Thanks to all, Stu especially.

One thing though, I looked up the MAC address using the CMD function in Run. Two 'physical addresses' have come up. One is under the Ethernet adaptor Local Area Connection section of the read out, the other is under the Ethernet adaptor Wireless Connection Network section of the read out. I assume the one I need to record is the latter, lest I lock myself out of my own system!

Link to comment
Share on other sites

WEP is easily crackable with out of the box software, but it does take a fair bit of time. WPA is much better (so long as you use a strong password or key).

Maybe you have a bored neighbour but it is more likely that someone had physical access to your machine (or maybe your wife has a second Yahoo account or a friend came over?)

Link to comment
Share on other sites

WEP is easily crackable with out of the box software, but it does take a fair bit of time. WPA is much better (so long as you use a strong password or key).

Maybe you have a bored neighbour but it is more likely that someone had physical access to your machine (or maybe your wife has a second Yahoo account or a friend came over?)

Will check out the WPA option as well. Thanks. No, she only has one yahoo account, so the yahoo mystery remains. Unlikely that someone would just come into use our computer randomly without deciding to steal the lap top while they are at it.

All very strange!

Link to comment
Share on other sites

samran,

I would put both the ethernet NIC's ( network interface card ) MAC address and the WIFI NIC's MAC address in the routers allowed section - you never know when murphys law might kick in.

with your yahoo login issue , unless your router caches www files , which as a home router I doubt , the displayed login page would have come from further upstream , which is why I suspect it might have been the the ISP's proxy caching the other login.

another small security feature you might wish to enable is to turn off DHCP ( Dynamic Host Configuration Protocol ) if it is enabled. as you only have a small network - 2 comps , 4 NICs - it is reasonably easy to manually assign IP addresses , configure your router and firewalls to only accept requests from the set IP's.

to examine ( sniff ) what info is available about your wireless network you can run ethereal , a network protocol analyser . It is reasonably easy to set up to use the WIFI card , and then log about 30 minutes of using the internet via wifi , then peruse the log file for what does show up in plain text.

Link to comment
Share on other sites

I concur with studmonster regarding the security measures you should take. Everyone running a wireless network should take these basic precautions. I allow myself one exception, I broadcast my SSID, but just for fun. My SSID is "Al Qaeda". I always giggle when my computer says "You have joined the Al Qaeda network." And apart from having my home someday raided by Thai military, it's fun to imagine someone else in my condo seeing the Al Qaeda network appear on their list of options...

Besides fixing your wireless security, you should also investigate your computer does not have a VNC service running, ensure the Remote Desktop service is disabled, create a secure login password for your computer, and make sure all your Windows service packs and patches are up to date.

Before my wife got her own computer, I created a seperate login account for my wife, not because I don't want her to see my files, but she has a tendency to crash the computer or delete bookmarks or important files. She and computers are not always the best of friends. Additionally, she gets her own login cookies for gmail and whatnot so she doesn't end up reading my mail and vice versa. You might want to consider doing the same with your computer.

Now having totally secured your computer tight, my guess is you are not a victim of a hacker, but rather a victim of your ISPs proxy server. You probably loaded the Yahoo page right after another user at your ISP loaded his Yahoo page. Proxies have a tendency to do that, and much more often in Thailand than elsewhere, in my experience. In which case, always ensure you login to Yahoo using SSL (I think it's the default now) and always logout when done.

Edited by clokwise
Link to comment
Share on other sites

I think there is just a problem with yahoo accunt because evertime I refresh the yahoo mail login it shows a differnet random login name and asks me for a password. I can refresh 100 times and get 100 different names.

I wouldnt sweat it too much.

WEP is extremely easy to crack though. Using two laptops I have been able to crack 128 bit in under 10 mins using publically available exploits. Its not a perfect system and never will be.

Now I just need to work on getting free wifi at starbucks

Link to comment
Share on other sites

One thing to consider... is yahoo one of those sites that foolishly tries to "remember" you by your IP address? If so, and your IP address is changing periodically it is likely that yahoo would get confused and offer up someone else's name who had used the same site when they had the IP address you now have.

Link to comment
Share on other sites

While you can do a lot to improve security, your problem is not from someone hacking into your system. As others have said, it is most likely your ISP's proxy server.

That said, the only thing that wireless security really does for you is make it a little harder for people to freeload off your connection.

The MAC address filters are a pain to deal with if you have guests coming over with their laptops, and disabling DHCP makes it harder to bring your laptop to other locations. Small things, but... keep life simple. It doesn't really matter if you go 64 or 128 bit with WEP, if there is enough traffic on the network you can get the passkey quickly enough.

Link to comment
Share on other sites

As most of its already been said Ill keep it brief... my advice would be to use WPA instead of WEP, If the function is available on your wifi access point you should enable WPA key rotation too and set a timeout of something like 10mins to change keys.

MAC address filtering is a handy tool but is no means 100% - coupled with WPA its gonna be hard to break.

You could stop broadcasting your SSID - this step alone will be enough to put off most hackers unless theyre really desperate to get in.

Monitor your access points / routers event log, it can be very handy at showing times and devices that have been refused connection.

Make sure that your routers default username and password have been changed... and when you do create another admin account delete the old one.

As for your Yahoo credentials being someone elses - its far more likely to be that either someone else used your machine if you werent there... note: used your machine not your connection... or as someone else said - an ISP proxy

Link to comment
Share on other sites

In order for your Yahoo login to have changed not only would someone have to log into your wireless network, they'd also have to have taken remote control of your machine. Did you have any visitors/friends that could have used your machine to log into their Yahoo account?
This sounds more likely,

(Occams Razor, ... all things being equal, the simplest solution is probably correct,) :o

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...