Is my network secure?
November 18, 2005 10:45 AM   Subscribe

I have a couple questions about the security of my wireless network... I'm definitely not a computer newbie, but networking issues have always gone a bit over my head.

I have a Mac, and I've set up my home network with a wireless router and my printer is also set up to print wirelessly. In order to get this all to work, I was never able to use a WEP or WPA key... every time I tried to set that up (and I tried many times!) my connection to my wireless printer would break. So as a workaround, I made my network invisible (which it never really is...), and I set it up so that only the specific MAC addresses of my hardware could access my network. Is this good enough? Also, is there any way to tell if someone else is cannibalizing off my wireless connection? Or worse, picking up sensitive information?
posted by semidivine to Computers & Internet (18 answers total)
 
With what you've got, you might as well hang a sign out your window inviting people to download kiddy porn on your connection (not trying to be harsh, but that is a dangerous possibility with an unsecured network). Hiding the SSID is useless if someone wants to know about your network, and MAC filters are equally ineffective.

WEP isn't even useful, WPA is the only way to go. I know that because I had a WEP network, not broadcasting SSID, and it was cracked inside of two weeks. WPA is much more secure.

If your connection is breaking because of your router/printer and you want some measure of security, either replace the printer or the router (or find out what's breaking it). What are the models of the two? I could have a quick shufty and see if it's a known problem. The other alternative is to put your printer on a wired connection and see if that makes it work.
posted by Dipsomaniac at 10:54 AM on November 18, 2005


And now, for my next trick, I'll try to answer your other question: if you go into the administration screen for your router you'll be able to see the connections to it somewhere in there. Not knowing what router you have, I don't have much more to offer on that score yet, but it should be accessible through your browser, probably at IP 192.168.100.1 or 192.168.0.1.

Finding out if somebody has sniffed sensitive info is pretty much impossible before you find it's been used. Wardriving is passive - you can't tell if someone's just listening.
posted by Dipsomaniac at 10:56 AM on November 18, 2005


Not broadcasting your SSID (= "making your network invisible") and/or filtering MAC addresses is enough to put off most passers-by hoping to borrow your connectio, but that's about it. But anyone who actually wanted to access your data could, so yes, you're at risk, and if you care about that rick, you should get WPA switched on.
posted by cillit bang at 11:00 AM on November 18, 2005


The reason for security is only partly to prevent people from using your network. The other reason is to prevent people from snooping on your traffic. You definitely want people to not be able to do that.
posted by kindall at 11:52 AM on November 18, 2005


Episodes 10 & 11 at Security Now offer some good insight to your question.
posted by whatisish at 11:52 AM on November 18, 2005


Dipsomaniac writes "MAC filters are equally ineffective."

Why is this so? They should at least prevent people from connecting to the router, shouldn't they?

I have a friend who uses only MAC filters and hidden SSID, but scrupulously avoids sending any sensitive data except over https or ssh protocols. This seems workable in theory, but I would be much more comfortable with WPA working...
posted by mr_roboto at 11:57 AM on November 18, 2005


MAC filters are easily spoofed. I had SSID-disabled and MAC filtering on and my connection was being used by somebody unknown within two weeks (that was with WEP only, not WPA). You don't even really need to know what you're doing - there are scripts out there to do the work for you.
posted by Dipsomaniac at 12:02 PM on November 18, 2005


Dipsomaniac writes "MAC filters are easily spoofed."

Quick networking question to clarify this: are wireless packets sent with a cleartext MAC address readable? How about if you're using https or WPA?

If so, man, I could totally understand how MAC filtering would be no help at all...
posted by mr_roboto at 12:21 PM on November 18, 2005


The MAC is identifiable in the TCP/IP stream. If the stream is encrypted, then so is the MAC. However, WEP is easily broken nowadays, which is why my setup was compromised so quickly. WPA is much more secure, as is HTTPS. Frankly, if your encryption layer is broken, MAC filtering might as well not be there. I have it turned on but I don't count on it.

Any decent network sniffer will get you the TCP/IP stream, and then if it's weakly encrypted there are any number of wardriving scripts that'll break it down. WPA is (as yet) strong encryption - even so, I don't use a wireless connection for anything like financial information.
posted by Dipsomaniac at 12:25 PM on November 18, 2005


Just out of curiousity, semidivine, did you change the password on your router?
posted by Dipsomaniac at 1:21 PM on November 18, 2005


Response by poster: This is my first time asking a question on MetaFilter, so I don't know the protocol for responding... but Dipsomaniac, my printer is an HP psc 2510 photosmart, and there are two routers; one from earthlink (an RCA DM325) and a wireless one from Vonage (for VoIP, Linksys WRTP54G.) The problem with putting the printer back on wires is it's 20 feet from the router, and I didn't want miles of wires. Can be done, of course, as a last resort. Does that help?
posted by semidivine at 1:31 PM on November 18, 2005


WPA is (as yet) strong encryption - even so, I don't use a wireless connection for anything like financial information.

A point: WPA is not strong encryption. It is fairly easily cracked in real-world useage with a few minutes of work.

semidivine, there's no easy way for you to use wireless securely. If you use wireless, understand that you're at risk of having your resources monitored, used, and tampered with.
posted by Jairus at 1:44 PM on November 18, 2005


This guy claims to have a solution that you could try to get wireless working. I notice that the HP docs claim that the printer supports WPA, which is good, because if you can't get that working your security isn't very good.

I also noticed that the factory default printer / computer connection over wireless is ad-hoc (direct), rather than through the router. Did you change that? It could be that the printer is expecting a different kind of network encryption than your computer is using and that is causing the lack of communication.
posted by Dipsomaniac at 2:00 PM on November 18, 2005


And as a quick aside, WPA can be broken, yes, but the way it's done now is with a brute-force dictionary attack. With a properly chose passphrase (> 20 random alphanumeric characters) the chances that your network will be broken is very small, and gets smaller if you change your key regularly.

The weakness in WPA isn't in the algorithm, but in the user implementation. Most passphrases set by users are weak, so the encryption is weak.
posted by Dipsomaniac at 2:06 PM on November 18, 2005


You definitely want people to not be able to do that. (snooping on your traffic)

This is a risk no matter what kind of connection you have between your computer and the first hop on a route to anywhere on the internet. You have no control over the connection at every other hop, and for all you know, every single one of them could be compromised. The solution to the problem of people snooping your connection is not local security between your computer and the first router, but rather end-to-end encryption like that provided by SSL or SSH.
posted by advil at 2:14 PM on November 18, 2005


The MAC is identifiable in the TCP/IP stream. If the stream is encrypted, then so is the MAC.

the mac address is not encrypted with tls (transport layer security - https, ssl). if it was, there would be real problems routing packets. mac addresses are used in a network layer below the transport layer (where tls lives). wikipedia

tls gives you two things: (1) opaque content data (not underlying protocol data); (2) the ability to guarantee who you are talking to (in some technical sense involving private keys).

if you use tls correctly (don't ignore warnings from ssh, or your web browser, etc) then no-one can read what you send. but they can still use you wireless network themselves, and they can see who you are talking to, and how much you talk.
posted by andrew cooke at 2:43 PM on November 18, 2005


you say you're not a computer newbie so i'd strongly suggest downloading + running ethereal and having a look at the data on your network. wikipedia is quite good at explaining things, and you'll be surprised how easy it is to understand what's happening.
posted by andrew cooke at 2:48 PM on November 18, 2005


Sheesh, so much complication.

Is this good enough?

Depends on your purpose. It's what I use at home since we've decided that's the sweet spot of hassle to payoff.

Also, is there any way to tell if someone else is cannibalizing off my wireless connection?

Sort of. If they pull a DHCP record it'll show up as an IP that's been handed off. If they pick an available one based on what they see moving across your network, probably not. The question is, how many MACs do you have in that table? If it's just the 2 devices that are always in use then it would be very difficult for them to clone one and work on your network effectively.

Or worse, picking up sensitive information?

What sensitive information are you transmitting or sharing? That's really the core of why my roommie and I don't bother to encrypt; all our shares and all our outbound traffic that could be remotely considered sensitive is over an HTTPS layer, SSL layer or some form of encrypted VPN. If they want to look through my read-only MP3 share I hope they find something they enjoy.

I travel with a Whoppix boot-disk and if I had to for some reason I could crack a WEP key to get myself a connection. I have never once needed to; there's always been an open AP. Odds are there's someone else's open AP near you too, in which case you're probably just fine. MAC filtering or WEP or even WPA aren't crackproof safes, they're The Club. Someone could saw through your steering wheel to remove it or they could just break into a different car. The different car/AP is easier.

It certainly wouldn't be a bad thing for you to go the extra mile with your network but you're probably just fine.
posted by phearlez at 5:04 PM on November 18, 2005


« Older termites   |   MovableType mass entry edit? Newer »
This thread is closed to new comments.