Network security
-
I've got an XP laptop and a Mac all networked up together and sat behind a wireless router. Being particularly paranoid, I've tried my hardest to make sure that nothing is visible to the outside world. The router has it's firewall running, as does my XP and Mac. I've got the two computers sharing drives using SMB and, as far as I can tell, I've restricted this just to the computers in question. Naturally the wireless is running WPA. The reason for this post is to see if I can dive into the communal knowledge pool that is codeproject.com, and see if anyone has any gold nuggets of info that might make me feel safer. In particular, does anyone know of a tool I can run to get a list of all connected SMB clients? I was rather disturbed to find, when I looked in the DHCP list on my router, that some anonymous machine was also listed. I'm hoping it was just a stale entry from before I moved the wireless to WPA, but I want to make sure.
When I have the time and want to do the stuff you are describing I go here: http://www.insecure.org[^] and I noodle around. You can find some pretty interesting stuff there and it's pretty cool. When I don't have the time and it's for a client I find a professional security auditor (aka hacker) and I let them do it. I have a few caveats for them and I want a full write-up. This path can be very interesting especially if you use two hacks and compare the results. - Rex
If we all used the Plain English compiler every post in the lounge would be a programming question.:cool:
Welcome to CP in your language. Post the unicode version in My CP Blog [ ^ ] now.People who don't understand how awesome Firefox is have never used CPhog[^]CPhog. The act of using CPhog (Firefox)[^] alone doesn't make Firefox cool. It opens your eyes to the possibilities and then you start looking for other things like CPhog (Firefox)[^] and your eyes are suddenly open to all sorts of useful things all through Firefox. - (Self Quote)
-
I've got an XP laptop and a Mac all networked up together and sat behind a wireless router. Being particularly paranoid, I've tried my hardest to make sure that nothing is visible to the outside world. The router has it's firewall running, as does my XP and Mac. I've got the two computers sharing drives using SMB and, as far as I can tell, I've restricted this just to the computers in question. Naturally the wireless is running WPA. The reason for this post is to see if I can dive into the communal knowledge pool that is codeproject.com, and see if anyone has any gold nuggets of info that might make me feel safer. In particular, does anyone know of a tool I can run to get a list of all connected SMB clients? I was rather disturbed to find, when I looked in the DHCP list on my router, that some anonymous machine was also listed. I'm hoping it was just a stale entry from before I moved the wireless to WPA, but I want to make sure.
G'Day Johnny, I'm far from an expert on this, but I have 2 suggestions for you.
Johnny ² wrote:
Naturally the wireless is running WPA.
Does the router support WPA2? If so Windows XP at least supports it with this[^] update. I'm not sure about the Mac. I would recommend WPA2 over WPA anyday.
Johnny ² wrote:
I was rather disturbed to find, when I looked in the DHCP list on my router, that some anonymous machine was also listed.
Your router should allow you lock DHCP access down to MAC addresses. Look into the setup in the router. Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash 24/04/2004
-
Disconnect from the internet and build a faraday cage around your office room. This way you will be almost secure! Install WebCam around your house and suspicious movment detector software to find out all FBI & KGB agent zeroing on you ...
-
G'Day Johnny, I'm far from an expert on this, but I have 2 suggestions for you.
Johnny ² wrote:
Naturally the wireless is running WPA.
Does the router support WPA2? If so Windows XP at least supports it with this[^] update. I'm not sure about the Mac. I would recommend WPA2 over WPA anyday.
Johnny ² wrote:
I was rather disturbed to find, when I looked in the DHCP list on my router, that some anonymous machine was also listed.
Your router should allow you lock DHCP access down to MAC addresses. Look into the setup in the router. Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash 24/04/2004
Michael Martin wrote:
Does the router support WPA2? If so Windows XP at least supports it with this[^] update. I'm not sure about the Mac. I would recommend WPA2 over WPA anyday.
Now that you mention it, it does. Once I've gotten through the Genuine Misadvantage check I'll give it a blast. Thanks!
Michael Martin wrote:
Your router should allow you lock DHCP access down to MAC addresses. Look into the setup in the router.
I knew I'd regret buying a Chinese router... but I do think there is something that looks appropriate in the admin interface. I'll have to hope I don't ban my own address!
-
Michael Martin wrote:
Does the router support WPA2? If so Windows XP at least supports it with this[^] update. I'm not sure about the Mac. I would recommend WPA2 over WPA anyday.
Now that you mention it, it does. Once I've gotten through the Genuine Misadvantage check I'll give it a blast. Thanks!
Michael Martin wrote:
Your router should allow you lock DHCP access down to MAC addresses. Look into the setup in the router.
I knew I'd regret buying a Chinese router... but I do think there is something that looks appropriate in the admin interface. I'll have to hope I don't ban my own address!
Johnny ² wrote:
I knew I'd regret buying a Chinese router
Buy a Linksys router. I have my DHCP disabled, MAC addresses filtered to only allow my laptop, my wife's laptop, and the Nintendo DS. I've had no security issues :) Paul
-
I've got an XP laptop and a Mac all networked up together and sat behind a wireless router. Being particularly paranoid, I've tried my hardest to make sure that nothing is visible to the outside world. The router has it's firewall running, as does my XP and Mac. I've got the two computers sharing drives using SMB and, as far as I can tell, I've restricted this just to the computers in question. Naturally the wireless is running WPA. The reason for this post is to see if I can dive into the communal knowledge pool that is codeproject.com, and see if anyone has any gold nuggets of info that might make me feel safer. In particular, does anyone know of a tool I can run to get a list of all connected SMB clients? I was rather disturbed to find, when I looked in the DHCP list on my router, that some anonymous machine was also listed. I'm hoping it was just a stale entry from before I moved the wireless to WPA, but I want to make sure.
Toolwise the only one I'm aware of is Administrative Tools\Computer Management\Shared Folders\Sessions. Stability. What an interesting concept. -- Chris Maunder
-
I've got an XP laptop and a Mac all networked up together and sat behind a wireless router. Being particularly paranoid, I've tried my hardest to make sure that nothing is visible to the outside world. The router has it's firewall running, as does my XP and Mac. I've got the two computers sharing drives using SMB and, as far as I can tell, I've restricted this just to the computers in question. Naturally the wireless is running WPA. The reason for this post is to see if I can dive into the communal knowledge pool that is codeproject.com, and see if anyone has any gold nuggets of info that might make me feel safer. In particular, does anyone know of a tool I can run to get a list of all connected SMB clients? I was rather disturbed to find, when I looked in the DHCP list on my router, that some anonymous machine was also listed. I'm hoping it was just a stale entry from before I moved the wireless to WPA, but I want to make sure.
Finally a topic I can help out with! I do some wifi auditing at work, but most of my time on CP is spent lurking and learning from you code-masters. Some advice I have: -IMHO MAC filtering, disabling DHCP, and disabling the SSID are completely useless. When auditing wireless, I use kismet which will show me a network regardless of whether its broadcasting or not. If knowing the SSID is crucial, a simple void11 deauth will force the clients to restart the session at which time the SSID is temporarily exposed. Interestingly enough, the same void11 technique is used when spoofing MAC or IP addresses when I want to parade my laptop as an authorized machine. That being said, it doesn't hurt to do all of those things. After all, who's going to spend that kind of time getting into your network when there's a default 'linksys' broadcasting down the block? -As for encryption type...Well, everyone knows WEP can be cracked in under ten minutes (if there's enough authenticated traffic to generate the weak IVs). I've personally spent over 4 hours collecting enough from my home network...with only 2 wireless clients. WPA is the way to go and WPA2 is even better, but please make sure you don't use any dictionary based pass phrase. Compromising WPA requires a more elagant attack, but it can often work very quickly if a poor pass phrase is used. With some of the heuristic/brute crackers, I've successfully cracked pass phrases that are only partial words or even slang. For instance: < 67vette19 > was cracked in under 12 mins using the latest version of John and a 248 MB custom word list. Note my list contained the word "corvette" but not "vette." In a professional setting, no wireless is truly safe. I gotta agree with Lloyd; make yourself a closed network ;-) --Even RADIUS and some external auths can compromised, but at that level of security the easiest way in is most likely poor practices. The most difficult security I've ever been asked to bypass (in terms of wireless auditing, that is) would have to be a commercial firewall that runs the WLAN on a separate subnet as the LAN. The WLAN is WPA2 encrypted, and once authenticated there, the user must auth manually again via WIFIsec to an external RADIUS server. This essentially creates a VPN between the wireless users and the AP. With this technique, even an authenticated user cannot sniff other user's traffic because each user has their own private tunnel to the gateway. My 2 cents, -Jef chown -R us ./base -- modified at 9:19 Tuesday 30th May,
-
Finally a topic I can help out with! I do some wifi auditing at work, but most of my time on CP is spent lurking and learning from you code-masters. Some advice I have: -IMHO MAC filtering, disabling DHCP, and disabling the SSID are completely useless. When auditing wireless, I use kismet which will show me a network regardless of whether its broadcasting or not. If knowing the SSID is crucial, a simple void11 deauth will force the clients to restart the session at which time the SSID is temporarily exposed. Interestingly enough, the same void11 technique is used when spoofing MAC or IP addresses when I want to parade my laptop as an authorized machine. That being said, it doesn't hurt to do all of those things. After all, who's going to spend that kind of time getting into your network when there's a default 'linksys' broadcasting down the block? -As for encryption type...Well, everyone knows WEP can be cracked in under ten minutes (if there's enough authenticated traffic to generate the weak IVs). I've personally spent over 4 hours collecting enough from my home network...with only 2 wireless clients. WPA is the way to go and WPA2 is even better, but please make sure you don't use any dictionary based pass phrase. Compromising WPA requires a more elagant attack, but it can often work very quickly if a poor pass phrase is used. With some of the heuristic/brute crackers, I've successfully cracked pass phrases that are only partial words or even slang. For instance: < 67vette19 > was cracked in under 12 mins using the latest version of John and a 248 MB custom word list. Note my list contained the word "corvette" but not "vette." In a professional setting, no wireless is truly safe. I gotta agree with Lloyd; make yourself a closed network ;-) --Even RADIUS and some external auths can compromised, but at that level of security the easiest way in is most likely poor practices. The most difficult security I've ever been asked to bypass (in terms of wireless auditing, that is) would have to be a commercial firewall that runs the WLAN on a separate subnet as the LAN. The WLAN is WPA2 encrypted, and once authenticated there, the user must auth manually again via WIFIsec to an external RADIUS server. This essentially creates a VPN between the wireless users and the AP. With this technique, even an authenticated user cannot sniff other user's traffic because each user has their own private tunnel to the gateway. My 2 cents, -Jef chown -R us ./base -- modified at 9:19 Tuesday 30th May,
NetSpinner, Thanks for the very informative post. Since I live in a rural area and am the only one on my block of 3 or 4 neighbors, anyone sitting in a car near my house with a laptop looking like they are war-driving is going to get my attention (least to say, my two dog's attention) pretty quick. PJC
-
NetSpinner, Thanks for the very informative post. Since I live in a rural area and am the only one on my block of 3 or 4 neighbors, anyone sitting in a car near my house with a laptop looking like they are war-driving is going to get my attention (least to say, my two dog's attention) pretty quick. PJC
FYI - Radius from antenni for someone to get to your network can be roughly 2000'. If you use WEP crack with a P4 is under 10 minutes, collecting enough data under 30 minutes. WPA2 35 minutes collecting enough data about an hour. Unknown assignment on your router - most likely someone else has gotten on. Blocking by MAC can be sur-com-vented and man in the middle attacks are possiable. Professional Hackor - Sometimes Security Consultant
-
I've got an XP laptop and a Mac all networked up together and sat behind a wireless router. Being particularly paranoid, I've tried my hardest to make sure that nothing is visible to the outside world. The router has it's firewall running, as does my XP and Mac. I've got the two computers sharing drives using SMB and, as far as I can tell, I've restricted this just to the computers in question. Naturally the wireless is running WPA. The reason for this post is to see if I can dive into the communal knowledge pool that is codeproject.com, and see if anyone has any gold nuggets of info that might make me feel safer. In particular, does anyone know of a tool I can run to get a list of all connected SMB clients? I was rather disturbed to find, when I looked in the DHCP list on my router, that some anonymous machine was also listed. I'm hoping it was just a stale entry from before I moved the wireless to WPA, but I want to make sure.
For anyone wanting to know all the gorey details of security and how to go about securing an home network there is no better place to go than Security Now. It is a podcast by a computer genious and Leo Laporte (from old TechTV). They have all sessions downloadable with notes on the website, http://www.grc.com/SecurityNow.htm Good luck. Bradley McGuffey MBS Management, LLC www.mypeople.com 205-824-6846 mcgufbd@charter.net