wireless Networking

Hi, I run a windows 2000 server lan at work.we have run out of network points and we consider wireless network connectivity to all the new pc's that we will connect to our exising wired lan.We've purchased a 54g wireless network hub for out lab.I haven't done this before.It seems straight foward but is it as simple aas the manuals say.Please help.
Chandak76
:roll:

nnbnbnnbnbnnbnbHi chandak

Setting up a wireless network is fairly easy, securing it is the difficult part. The way I see a WLAN is almost as hostile as the Internet, so always take security precautions.

Here is a list of sites I got about Wireless LAN security:

seclists.org/lists/isn/2003/Dec/0008.html
www.intranetjournal.com/articles/200307/ij_07_10_03a.html
www.extremetech.com/article2/0,3973,1073,00.asp

I hope these sites help!

Despite the security risks with WiFi networks I still like them

But still in the end nothing beats security with a network that needs a physical connection.

Yknow people make this big hooplah about Wi-Fi security.. and frankly it appears a little silly to me.. lets consider this realistically...

We're considering a threat from an attacker who has the time and motivation to actually drive around looking for a Wi-Fi spot, or actively targetting your network by sitting in his car with a laptop.. now tell me, if someone has such motivation, whats stopping him from putting on a suit, walking into your office and just plugging the damn thing in..

be honest.. how many times have you seen a network connection just sticking into the wall.. all it takes is to pull it out of one thing and plug it into your laptop.

You may argue that this takes more guts than just sitting in your car and hacking away.. but if the person is so motivated, then chances are he is not going to be wimpy about it.

And besides.. it has been done many times. It even happens accidently, some idiot who feels that he should always be connected walks around with his laptop and shoves in the nearest network cable he can find.

All you can do is pray that he didn't decide to use your backbone uplink as a quick way to check hotmail.

That said, I'm totally off topic.. so I'll go now.

Cheers

What on earth are you talking about Sahirh????

attacker who has the time and motivation to actually drive around looking for a Wi-Fi spot, or actively targetting your network by sitting in his car with a laptop.

What about already having access from your office or your appartment ? and not even having to try and hack in, the access point aint setup properly. ????

with the rest.... i aint gonna bother about...

---

This post has been edited by the Site Administrator.

You can express your opinion freely in a civilized manner without insulting anyone or using descriptions that are unacceptable.

The Firewall.cx team puts countless hours each day to ensure this site helps everyone as much as possible, while keeping our forums clean and rich in content, therefore we ask our members to be more careful with their expressions.

---

Chris Partsenidis
Founder & Senior Editor
www.Firewall.cx

Oh-oh, I see a big debate brewing on this issue…here’s my two cents worth.

I would NEVER EVER put a wireless access point of any type in a business environment, this makes just about as much since as allowing users access to all servers or just give everyone admin permissions, I mean if they were really motivated they could delete something important or ad a virus, but since they work for me they wont, after all they are lazy and are dumb…..

War Driving (derived from war dialing) is very active and does provide a security risk
A risk that should not go unattended if you do by chance have such a configuration regardless if you are a business or the consumer who wants to surf while your in the pool you might insure that you use encryption.

Here where I live (Oregon, USA) there are several mountain tops that I can go to and overlook the valley floor, and see many towns and cities. Now if I had a wireless NIC, War Driving software and a directional antenna just imagine how many networks I can breach! Now at this point I can surf the internet and read the forums here (or what ever) or be very facieses and conduct Ddos’s or delete all the DDL’s on the LAN’s that I’m connected to. The possibilities are very unlimited; this would all be at the expence of the poor sap that allowed me to connect through his LAN.

Just remember even if they do a have a firewall installed it’s on the WAN not the LAN and that’s just where the WAP (Wireless Access Point) is.

Check out these links on the subject:

www.computerworld.com/mobiletopics/mobil...,10801,74103,00.html
www.wardriving.com/
www.securityfocus.com/news/192
www.nwfusion.com/columnists/2002/0902schwartau.html

Disclaimer:
Mentioned in these links are the software and/or steps on how to conduct War Driving.
Firewall.cx does not in any way condone or authorize any reader or user of Firewall.cx to engage in such a practice. This information is just for that, information. Firewall.cx cannot be held liable for the actions of its reader’s/user’s.

hmmz_2000, perhaps you missed my point.. I'm talking about perspective here. I work in the security field spending most of my time looking for weaknesses in technology. I believe that there are bigger problems to worry about than wireless security. Its just an opinion, but let me tell you why..

Wireless networks require you to be within a physical radius of your target.. there are very few attackers who want to do this. You can argue that an attacker can misuse publicly accessible wireless networks and use them to proxy an attack. I have seen this happen at a cafe here, and frankly it is not an insecurity with wireless networks, he could have done the same thing from a cybercafe. Its a problem with the business model -- if you offer an anonymous publicly accessible internet service without considering the risks of that happening, you shouldn't be doing it in the first place.

Yes, people do go wardriving, I have done it twice myself. The first time I did it as part of a pen test, and got nothing out of it. The second time I did it to prove precisely this point.. anyway we scoured two of Mumbais largest business areas -- Nariman Point, and the Bandra-Kurla complex for those interested... and we got nothing...

This is not because there are no wireless installations at any of these places -- I hung around outside one complex where we know for sure that there is an installation... the problem stemmed from a very small fact --

building compounds.

Most businesses here are housed in large complexes with even larger compounds surrounding them.. you cannot just go there park your car and start hacking away, there are security personnel, and it is extremely hard to sit somewhere with a laptop and look inconspicuous. Yes you could get a directional antenna, perhaps even disguise it as an umbrella and look less suspicious..

I'm not saying it doesn't happen.. it does.. and don't think that I don't take wireless security seriously - I come from a school of thought where we believe that applications will always remain insecure, and your best bet is therefore to secure your communications channels.. If an attacker can't use your roads, he can't rob the gas stations along the way.

To make what I'm saying clearer, go out in your car with a laptop and a copy of Kismet and find yourself a wireless network, Perhaps with the greater penetration of wireless networks in western countries you'll have an easier time than me.. you'll probably find a network within 20 minutes of looking in the right places.

After this first phase is over, tell me if this is really your preferred method of attacking a network when 'traditional' methods still work -- with scary efficency and a much smaller window for getting caught in the real world.

Neon raised a very valid point, but I got so caught up defending my points of view that I missed this gem of a line from his post :

The way I see it a WLAN is almost as hostile as the Internet

In short, deal with wireless security for sure, but when you take a break from deciding between WEP, EAP or the latest proprietary security protocol from company Z, please turn off file sharing on your internet facing gateway thank you very much.

Would be nice if tfs jumped in on this one since he's significantly better versed with wi-fi than myself.