37 total posts
(Page 1 of 2)
Perils of Unsecured Wireless Networks
By default most wireless routers have their security features disabled. And the novice consumer who thinks that since they are connected to their network and its working that they are safe are mistaken. An unsecured network is like an open door to your home. Anybody will walk in and do as they please as long as nobody realizes that they are there.
If I have an unsecured wireless network, and I do, what does the evil doer do on his computer to see into mine if I have not made file sharing available?
Simple. "YOU" get the blame if they download...
A movie on your internet connection.
My wireless network
I have a wireless unsecured network aswell and was just wondering whether if anyone was to connect to my wireless router wouldnt they need the network ssid to access it?And if they didnt could you please tell me how to stop this hapining as my main concern is information being stolen.Thanks
Simple. Use MAC FILTERING.
I'll leave you to research about tools such as AIRSNORT and the better tools and what that means about SSID insecurity.
MAC FILTERING is easy and will drop/kill the casual driveby connections.
Thanks for the advice.All im woried about though is people accessing the information like log on passwords to websites and credit or debit card info.I tried setting up encryption today but had problems as my computer could not find the network afterwoulds.Which do i set up encryption on first,my computer or my wireless router?
i heard a friend of mine tell me that the practice was called "siphoning". i was just wondering if that's really what it's called. also, i heard that it was illegal, so is it?
Not that simple.
There are several examples of using what has become known as the "wireless defense." It boils down to the fact that an infringement happened on an ip address belonging to you is not a conclusive enough proof that you are the perpetrator. Especially if you have an unsecured wireless network, in which case *anyone* could have done it.
If the crime is serious enough for a more detailed investigation and you *did* actually commit it, there are other ways to prove your guilt conclusively.
Nobody wants to deal with the hassle of going through an investigation. However, for the example above (copyright infringement), the chances of being sued are minuscule. 26,000 lawsuits out of more than 15 million estimated music downloaders.
As far as your data being stolen, I believe it is better to secure your computer than your network. Your data is at a far greater risk when using free wifi in, e.g., an airport. So you might want to secure your computer anyway.
And finally, I like being a good neighbour by sharing my internet connection with others. It is too bad that fear is preventing some of us from being able to do so.
Securing wireless networks
Firstly I thank a neighbour for their unsecure wireless network, it help me when I lost my cable broadband for 2 weekends (four days each time). I still have not found who it is who is unsecure!
Hiding the SSID helps, but with the right tools this can be 'seen'.
WEP/WPA encryption makes it harder to someone to use your wireless router.
MAC address access adds another level of security.
Of course to someone who really want to hop one will find a way, but then why would anyone bother unless you were a corporate with possible secrets?
Once on the network you can find weaknessses in the security of any PC on said network. As for running up bills, not sure on that one.
Legal... one for the courts I guess, probably only happen if you were doing something illegal or imoral acts whilt using their wireless network.
Anyone clarify this?
Why should you want to make your wireless network secure?
1) Stops someone using your bandwidth.
2) Stops you possibly being blamed for illegally downloading movies, from being accused of downloading child porn etc etc.
Tried to keep this brief, hope it helps.
It is amazing to me that someone can share your connection. Especially because in my house, we can't even get a good signal in the next room! We must be doing something wrong, but I can't believe this can happen. Thanks for the info, I will be more careful.
I don't have a wireless router but the other day I was told by a work colleague that it is possible. He had a friend who is an IT Systems Engineer and he connected to someone else's broadband internet connection from a laptop PC.
So beware, it is possible so I would advise you to improve your firewall systems when using wireless routers.
But how will we know if they have got through ...
I have all those basic wireless security measures in place (except SSID) but what I remain unsure about is how to tell (quickly) if someone has managed to hitch a ride on my wireless network.
Is there any quicker way than scrolling though the voluminous router logs, which is perhaps not informative anyway if someone has spoofed one of the (few) allowable MAC and IP addresses on my network? Is there any software out there that can show you (eg with a real time display) which connections are active at any time, and maybe even give an alert when any new connection joins?
More generally, is there any easy way I can tell if anyone has broken through the (hardware and software) firewalls of my cable broadband connection?
I would direct you too these excellent resources on....
Securing Your Wireless Network
The site below seemed to offer straight forward explanations and step by step solutions. It seems that securing a wireless network will take some study and effort. Maybe soon community classes will be offered to help people understand and address security issues for wireless networks.
kayrakaye (currently accessing the net via unsecured wirelss networks)
Regarding unsecured connections
I assume that if one could access an unsecured connection, that person's computer could be detected by others who are using the same, unsecured connection? Is this the case, and how does it work?
Unsecure networks all over the place
I have a friend who travels all over Florida in the winter selling at flea markets. He has a new Gateway laptop with him equipped with wireless. To get online to send and receive emails he simply parks at a truckstop or a Holiday Inn and logs on to the network. I found this to be amazing.
It's becoming quite common for businesses to offer free wifi as a way to attract customers. Nothing sneaky about it.
It is interesting to note, however, that I can pick up six other wifi routers in my apartment complex. About half of them are password protected.
wireless network mumbo jumbo
have recently noticed photos of people i dont know on my pc, a friend says my wireless router is picking up free to air files and saving them as temp files in my temp directory, he went into way more detail though way above my understanding of it, he says that neighbours and nearby wireless routers are connecting with and pairing with my device and sharing some if not all their files and mine and some files that have been in use on the remote pc are left behind inadvertantly on my pc
wireless mumbo 2
also because of the type of file jpeg it auto syncd with my pictur/photo software and appeared to have been opened by this software although imthe only user and have never opened or seen these pictures before ps they werent explicit pictures
I have read that WEP is not safe and that WPA is better.
So I changed my WEP to WPA, at least 20 char. long, all the way to 63 char. They say people can break the WEP in 60 secs. And on about the SSID, don't leave it at default. Change the name, not very good idea of using your last name either. I had changed mine to "GoFindYourOwnNetwork" if someone is in the neighborhood looking for a free ride. And also, in some states if not more, it is illegal to piggyback someones internet if they don't lock it up. Some dude in Florida I think had gotten some jail time out of it. Someone had sent this link to me on a password generator for WPA. "http://www.kurtm.net/wpa-pskgen/". And I have read that hiding your SSID won't really hide it good to a determine hacker.
About SSID "hiding."
Not only it doesn't buy any protection but some network devices fail to function with it disabled. Not worth the effort so I leave it enabled.
Unsecured Networks are all over the place
I am at a university in New York in an apartment and I see 4 different wireless networks I can jump on at anytime. 3 out of 4 have no security. Amazing!
Moral / practical considerations
I have taken all of the easier security precautions on my home wireless network -- hiding the SSID, using WPA-PSK encryption and limiting access to the network to the MAC addresses for my remote computer and wifi PDA.
As to accessing the networks of others (except open public ones) it is easy. The access belongs to someone else and it is wrong, without their permission, to use it. An (not perfect, but close enough) analogy illustrates the point. If your neighbor leaves their door unlocked, is it okay for you to come in and use their computer to access the internet while they are out, if they can't tell that you did so?
That's not hard to answer, I hope.
Security Assistance PLEASE
Thanks for all the useful sidenotes here....BUT, may I ask all of you to please tell me how to set up a basic security system on my Netgear WGT624. I have it set up and running great BUT have zero security features turned on. Im afraid to screw it up since its running so well.....what would be just a simple basic step to perform to shut out the casual drive by lurker? I live on a busy neighborhood street and wish someone out there would take me step at a time instructions PLEASE !!!! Jeez, I hope I dont screw up my perfectly running connection but Im very worried about doing nothing. Remember......I need detail step by step help....PLEASE
Not a good idea to...
Bury your plea in an old discussion.
Hopefully someone will notice, but the steps you ask for are ... in former replies. Use the search?
If the router is under warranty (and maybe if it isn't) try contacting Netgear. I just got off the phone with Linksys regarding the same issue. I thought my network had WEP protection and dicovered that it didn't. Eev nthought the PCI card on my remote PC was not a Linksys, the tech walked me through the changes.
Misconceptions Running Rampant
After reading this topic I noticed many misconceptions. There are a lot of questions and things like ?I heard from a friend who has this friend? kind of thing. It is actually quite simple; As far as security goes? If you do not need or use the wireless feature disable it. If you do use it then make the best possible use of what security systems you have, but know that there is no 100% secure method to protect any computer except to cut all other connections. This means that if you use wireless routes or devices then there is always a way break the security. It may surprise you what a criminal hacker can do but have you check the news lately? There was recently a criminal who broke into T-Mobile?s network and hacked Paris Hilton?s Cell phone (they are still investigating) and another incident where someone hacked T-Mobile and stole 400 names with social security numbers. Here is the C-Net News story about it. http://news.com.com/Paris+Hiltons+cell+phone+hacked/2100-7349_3-5584691.html
T-Mobile spends more money on security every year then most people will earn in their life times, and they (like anyone else can not guarantee 100% security.) Even if you do not use wireless routers, just simply connecting to the internet exposes you to the possibility of being hacked.
The common feature of the router that will help you with security is disabling the wireless first of all. If you do not need it then turn it off and it is the most secure way to protect your internet connections from outside intruders. Also learn more about the built in security that your router may offer like ssid, mac address filtering and disabling broadcast. NAT is a feature on most routers that can help secure the computers you have connected to the routers. Local security (protecting the information on your computer itself) is equally important. This is where firewalls generally come into play. Also one of the most important things you can do to protect personal information on your computer is to stay current with your operating system updates. Windows especially, Microsoft releases frequent security updates that fix security holes in the Windows Operating system; and keeping your updates current is a great defense. Microsoft has included a feature recently called ?Automatic updates? that when enabled with either notify you of new updates or automatically download and install the updates for you. To turn this feature on with Windows XP go to the ?Control Panel? open the ?System? icon and click on the tab at the top that says ?Automatic Updates? and then select the option that works the best for you.
Other important things are anti-virus software, as well as spy ware and ad ware detectors. These different software programs search out the various malicious programs that can ?infect? your computer and either send out your personal information or help a criminal hacker penetrate your computer directly to steal your personal information or destroy it all together. It is very important that you also keep these programs updated also because as criminals find new ways of invading your privacy and your personal information these programs need to be updated so they can stop the new ways also. There are some great free programs that can protect your computer. For anti-virus I recommend AVG by Grisoft. http://free.grisoft.com/softw/70free/setup/avg70free_300a456.exe this link will start the download for the free antivirus software, or your can go to http://www.grisoft.com and find it if you do not like direct download links. For spy ware I recommend Spybot Search & Destroy by PepiMK. http://users.belgacom.net/bn657515/spybot/spybot-downloading.htm this link will start the download for the free spy ware software, or your can go to http://www.safer-networking.org/en/index.html and find it if you do not like direct download links. Finally for ad ware I recommend Ad-aware SE Personal by Lavasoft. http://dw.com.com/redir?pid=10319876&merid=69274&mfgid=69274&lop=link&edId=3&siteId=4&oId=3002-8022_4-10319876&ontId=8022&destUrl=ftp%3A%2F%2Fftp.download.com%2Fpub%2Fwin95%2Futilities%2Faawsepersonal.exe this link will start the download for the free ad ware software, or your can go to http://www.lavasoftusa.com and find it if you do not like direct download links.
You can also use the built in local security features of Windows XP like file sharing and local file security but these can be complex and require a bit of time and patience to understand and learn.
The most important thing you can ever do is be wary of what you do online. Avoid high risk sites; the obvious ones are sites like pornography, and warez/serial/crack sites that allow you download Pirated (Illegal) copies of Software, as well as Serial/Product ID numbers (The code you enter to allow a program to be installed on your computer), and hacker programs that allow you to make the programs believe they are valid. But on many semi reputable sites you can still be infected with malicious programs. And if you do not know the person sending email NEVER download the attachments. You should even be careful about emails you may think are from people you know. No reputable company will has you to provide personal information through email. A more recent scam is to send an email to you with a link to what you think is a website you deal with and trust. They hope to get you to enter your information directly to them on their website thinking it is legit. Be watchful because these people carefully reproduce almost everything on the real website, but when in doubt don?t use their links and open a browser and type in the companies? website your self. Do not copy and paste the address from any suspicious email. Also if it is a secure website such as your bank, credit card or any thing dealing with your personal information watch what the address bar says. You can tell it is a secure website using an encrypted connection if it says ?https://? at the beginning. Just a few months ago someone sent me an email that appeared to be from an online bank I use in everyway but the link they had in the email was http://mybankname.com/login instead of https://nybankname.com/login. The letter ?s? that was missing told me right away that it was not a secure website and so even though it looked acted and in everyway seemed like my banks website there was no way it could be because it was secure. Many browsers like Internet Explore (a padlock icon appears at the bottom right corner of the window) shows you an icon on the status bar along the bottom to tell you if you are connected to a secure site. The best rule is that if you are not sure then don?t and if you have any questions about it because it seems like it might be valid you should contact the company in question the same way you have always done in the past and ask them.
A final note regarding who is responsible for what happens on your internet connection. If you carefully read you ISP?s (internet service provider) Terms of Service you will find that the person whose name is listed as the account owner is responsible for all traffic on the internet connection. This means that if someone does something illegal while connected to or through your internet connection that you will be held legally and financially responsible regardless if you knowing allowed it or not. This means if you let a friend use your computer and he downloads or uploads something illegal you will be the one that gets in trouble for it. The same thing goes for someone that steals access to your internet connection and commits a crime; they will be looking at your name on the internet connection as the person to go after. Someone commented that in this thread that they do not care about their internet connection and only worry about their personal information. This is incredibly not smart. Many hackers intentionally seek out un-secure or under-secured wireless internet connections just for the purpose of using them to break into a company like T-Mobile because they know that they did it on their own internet connection they will leave electronic foot prints in the form IP addresses and other types of information that will lead investigators straight back to them. Here is a Power Point Presentation that is online that explains a lot about computer crimes. http://www.umassd.edu/ecommerce/cybercrime.ppt Please note that you must have a version of MS office with Power Point to view this slide show. Also just read about the many lawsuits the RIAA (Recording Industry Association of America) has filed against the public as reported by ?Wired? online Magazine at http://www.wired.com/news/digiwood/0,1412,61454,00.html.
What you do not know can hurt you, and so you should do your best to be informed about what is happing with any internet connection that you are responsible for.
Sorry for some of the typos in this post I was a bit distracted while I typed it.
When I said,
"Many hackers intentionally seek out un-secure or under-secured wireless internet connections just for the purpose of using them to break into a company like T-Mobile because they know that they did it on their own internet connection they will leave electronic foot prints in the form IP addresses and other types of information that will lead investigators straight back to them."
I simply said "Hackers" instead of "Criminal Hackers" or better yet "Criminal Crackers". I apologize to any Hackers this might have offended. I know that not all Hackers are criminals. I also know that there are many Hackers that do many good things. Also I am sorry for using "Hacker" so generally and it was not intentional but more my own stupidity.
Anyone that would like to have a better understanding of what a "Hacker" truely is as well as the proper jargon should see
Lets not forget
1) alot of criminal hacking can be attributed to either inside information/contact or due to staff giving out secure information.
2) Nothing is secure, someone will alweays find a way if they really want to, you can simply make it harder for them in the hope they go to an easier target.
3) Some wireless Hot Spots are now by criminals, who hope to gleam important information from you by either hacking when you are connected or offering fake web sites (like those in emails supposidly from your bank).
So next time you connect to Starbucks...is it reallyStarbucks! (or whoever).