WiFi security issues? Newbie ? for W7

RayLopez99 wrote in
:

On Dec 19, 11:24*pm, Dustin wrote:


That's probably because you are a newbie. G
Dude, just type "how do I setup a secure wifi network?" in google.
You'll get *all* of those questions answered in a very helpful
fashion. Newbie style; so you will have no trouble understanding
it. If you have questions after doing this, then present them to
the appropriate place. Say, a networking newsgroup?


Thanks. After reading this article:
http://www.labnol.org/internet/secur...i-network/1054
9/ I've concluded a wireless network is inherently insecure. Might
not end up using it at home.

I have wireless disabled presently; Only use it when it's not feasable
to run a hardline.

Practical question: when at airports, Starbucks, etc, and you want
to send an email, do you do so with impunity or with the chance
somebody can steal your password when you log on? I might end up
just using the laptop at such "public" places so I need more info on
what to do there.

I've answered as much as i'm going to do so; as I see you've
crossposted this all over the place... Very trollish behavior... btw.

Also what is the usenet group for networking? I use Google Groups
and could not find any.

I found an alt.comp.networking.routers newsgroup on this server.. Your
milage may vary.



--
Hackers are generally only very weakly motivated by conventional
rewards such as social approval or money. They tend to be attracted by
challenges and excited by interesting toys, and to judge the interest
of work or other activities in terms of the challenges offered and the
toys they get to play with.

David Brown wrote in
:

You may /think/ that you haven't shared your files, but if I can see
your computer on a network (and wireless networks are easily cracked
- WPA in seconds, WPA2 takes several minutes) I can type "net use x:
\\computer\c$ /user:Administrator" and try to guess your password.
Using Linux rather than Windows makes such an attack easier to
automate, but it can be done with Windows too.

I think you meant wep was cracked in seconds. Please provide reference
urls discussing WPA cracked in seconds. I'd like to learn more. Thanks.

Those hidden shares can be disabled. They aren't available on these
machines here; for example.

Obviously enabling the windows firewall will make such a simple
attack very much harder - but certainly not impossible.

A hardware based firewall which filters netbios requests helps nicely
too.




--
Hackers are generally only very weakly motivated by conventional rewards
such as social approval or money. They tend to be attracted by
challenges and excited by interesting toys, and to judge the interest of
work or other activities in terms of the challenges offered and the toys
they get to play with.

On 21/12/2010 06:19, Dustin wrote:
David wrote in
:

You may /think/ that you haven't shared your files, but if I can see
your computer on a network (and wireless networks are easily cracked
- WPA in seconds, WPA2 takes several minutes) I can type "net use x:
\\computer\c$ /user:Administrator" and try to guess your password.
Using Linux rather than Windows makes such an attack easier to
automate, but it can be done with Windows too.

I think you meant wep was cracked in seconds. Please provide reference
urls discussing WPA cracked in seconds. I'd like to learn more. Thanks.


Note - I haven't tried this myself.

You may be right that it is just WEP that can be cracked in seconds.
WPA and WPA2 cracking seems to be done using dictionary attacks on the
pre-shared keys - thus it can be fast or slow depending on the quality
of the password chosen. The WPA/WPA2 cracking is done by capturing a
few packets (not many are needed, apparently) and running the cracking
off-line. With big rainbow tables and a fast cracker computer, this
often won't take long.

If you are using "enterprise" WPA rather than pre-shared key WPA, it's a
different matter - cracking is pretty much infeasible.

Those hidden shares can be disabled. They aren't available on these
machines here; for example.


Yes, but how many people know how to do that - even if they know the
hidden shares exist in the first place?

Obviously enabling the windows firewall will make such a simple
attack very much harder - but certainly not impossible.

A hardware based firewall which filters netbios requests helps nicely
too.


Absolutely true - hardware firewalls are far more effective than windows
softwrae firewalls for blocking unwanted external traffic. Software
firewalls on windows are good for limiting outgoing traffic from
specific programs, but not good enough to protect from external attacks.

David Brown wrote:
On 20/12/10 15:46, mm wrote:
On Sun, 19 Dec 2010 02:38:52 -0800 (PST), RayLopez99
wrote:


3) What if, assuming I get wireless for the home (like I say right now
I got everything at home wired, but I might switch to wireless now
that I got this new laptop), you find that a neighbor is sharing your
wireless connection? I hear this is possible, but does that person
need a password?

I got a laptop from Ebay about 3 years ago. I should have started
shopping earlier, and had to buy what was available, and it arrived
only 3 days before i was to leave on a long trip to Asia.

It came with 3 methods of internet, a port that accepted a phone cord,
a PC port (PCMCIA) that accepted the included Network Jack card and
the included wireless card. One of them required installing software,
so I was doing that. I didn't have DSL yet, so I was going to have to
use a flashdrive to transport files from my desk computer to the
laptop.

Half way through doing that, I noticed that my laptop was dl'ing my
email and my newsgroups! It turned out I was using one of my
neighbors' broadband/wireless. It's a good thing, too, because it
saved me a lot of time I needed for packing, etc.

When I got back two months later, there was a password on her account.

AIUI, I didn't cost her anything. I didn't even slow her down.

I've run my network without encryption or a password for some of the
time since, and so far, I'm the only MM2005 listed in the phone book.
So I guess no one has stolen my identity yet.

I think they do. If I give them a password, will
they be able to read my files on my hard drive, or just be able to
share my internet connection?

I thought files, directories, and printers had to be checked as Shared
before even you can read those files or use the printer on your own
network, and you have to have the password too. So as long as I
don't put any files in my one Shared directory, I thought I was safe.
Yes?

Is that correct?


I'm assuming you are using Windows.

/Everything/ is shared by default - you have to specifically disable the
file sharing service to stop it.

Not in my experience. Getting file sharing to work on a windows LAN
requires that you do a lot of configuration, starting with turning
netbios on, then exporting various things as shares, and finishing with
removing most of the firewalling that is the default way of working.


In particular, there are a number of
"default shares" that are (AFAIK) always enabled in windows unless the
whole file sharing service is disabled - you don't need to explicitly
share them. For every drive, there is a share named "c$", "d$", etc.,
that is available to any user with Administrator privileges. These
default shares are hidden, in the sense that they don't show up in
normal network browsing or "net view \\computer", but you can connect to
them easily enough.

You may /think/ that you haven't shared your files, but if I can see
your computer on a network (and wireless networks are easily cracked -
WPA in seconds, WPA2 takes several minutes)

I think it takes a bit longer than that..

I can type "net use x:
\\computer\c$ /user:Administrator" and try to guess your password. Using
Linux rather than Windows makes such an attack easier to automate, but
it can be done with Windows too.


So that's two passwords to fight past, and hope the man has indeed got
windows netbios on, and the firewall off..which if he is a domestic
single user he will not have enabled either of.


Obviously enabling the windows firewall will make such a simple attack
very much harder - but certainly not impossible.

Windows is utter crap, but it's not THAT crappy.

David Brown wrote:
On 21/12/2010 06:19, Dustin wrote:
David wrote in
:

You may /think/ that you haven't shared your files, but if I can see
your computer on a network (and wireless networks are easily cracked
- WPA in seconds, WPA2 takes several minutes) I can type "net use x:
\\computer\c$ /user:Administrator" and try to guess your password.
Using Linux rather than Windows makes such an attack easier to
automate, but it can be done with Windows too.

I think you meant wep was cracked in seconds. Please provide reference
urls discussing WPA cracked in seconds. I'd like to learn more. Thanks.


Note - I haven't tried this myself.

You may be right that it is just WEP that can be cracked in seconds. WPA
and WPA2 cracking seems to be done using dictionary attacks on the
pre-shared keys - thus it can be fast or slow depending on the quality
of the password chosen. The WPA/WPA2 cracking is done by capturing a
few packets (not many are needed, apparently) and running the cracking
off-line. With big rainbow tables and a fast cracker computer, this
often won't take long.

If you are using "enterprise" WPA rather than pre-shared key WPA, it's a
different matter - cracking is pretty much infeasible.

Those hidden shares can be disabled. They aren't available on these
machines here; for example.


Yes, but how many people know how to do that - even if they know the
hidden shares exist in the first place?

Obviously enabling the windows firewall will make such a simple
attack very much harder - but certainly not impossible.

A hardware based firewall which filters netbios requests helps nicely
too.


Absolutely true - hardware firewalls are far more effective than windows
softwrae firewalls for blocking unwanted external traffic. Software
firewalls on windows are good for limiting outgoing traffic from
specific programs, but not good enough to protect from external attacks.

they are certainly good enough to repel all but the most determined hackers.

But who expects the NSA to come sniffing round in a black van stuffed
with supercomputers and packet sniffers?

Not me, Osama ;-)

wrote in
:
[...]

Practical question: when at airports, Starbucks, etc, and you want
to send an email, do you do so with impunity or with the chance
somebody can steal your password when you log on? I might end up
just using the laptop at such "public" places so I need more info on
what to do there.

Use a Blackberry, their service encrypts everything.

But if you can't afford one, then:

If the public place offers wired terminals for your use, use those to
access the web-mail portal, and make sure your account is set to "leave
messages on server" so that you can get the mail at home later. If you
want a copy on your laptop, add your address as BCC, you'll receive a
copy next time you get home. Personally, I never use my laptop for web
access or e-mail in a public place.

If you insist on using your laptop, the best you can do is increase the
hassle factor for anyone who wants to get your password and e-mail.
That's already been done: AFAIK, all ISP's require encrypted passwords
these days. An encrypted p/w is a little (but not much) more difficult
to use. Your address is more useful, but these days it's easier to
generate addresses. (1) IOW, don't sweat it too much.

OTOH, since the e-mail itself can be intercepted, you might want to be
careful what you write. Just keep in mind that Homeland Security now has
the authority to intercept all e-mails from and to the USA. They do it,
too. So do the usual suspects in other parts of the world, and those
that haven't done so either haven't done the authorising legislation
yet, or can't afford the hardware and software. All web traffic is
compromised in this sense. Public key encryption is a good way to make
it very difficult for someone else to read your mail (PGP is one
method). However, just using it is likely to make the authorities pay
attention to you: if you're hiding something, you have something of
interest to hide, you see....

(1) A spammer can generate addresses from names the same way your ISP
does when it offers suggestions for your new e-mail address. The spammer
will have already generated your address, in fact. I mean, look at it: I
bet there is a raylopez89..., a raylopez56..., etc and so on and so forth.

HTH
Wolf K.

On 12/21/2010 9:15 AM, The Natural Philosopher wrote:
David Brown wrote:
On 21/12/2010 06:19, Dustin wrote:
David wrote in
:

You may /think/ that you haven't shared your files, but if I can see
your computer on a network (and wireless networks are easily cracked
- WPA in seconds, WPA2 takes several minutes) I can type "net use x:
\\computer\c$ /user:Administrator" and try to guess your password.
Using Linux rather than Windows makes such an attack easier to
automate, but it can be done with Windows too.

I think you meant wep was cracked in seconds. Please provide reference
urls discussing WPA cracked in seconds. I'd like to learn more. Thanks.


Note - I haven't tried this myself.

You may be right that it is just WEP that can be cracked in seconds.
WPA and WPA2 cracking seems to be done using dictionary attacks on the
pre-shared keys - thus it can be fast or slow depending on the quality
of the password chosen. The WPA/WPA2 cracking is done by capturing a
few packets (not many are needed, apparently) and running the cracking
off-line. With big rainbow tables and a fast cracker computer, this
often won't take long.

If you are using "enterprise" WPA rather than pre-shared key WPA, it's
a different matter - cracking is pretty much infeasible.

Those hidden shares can be disabled. They aren't available on these
machines here; for example.


Yes, but how many people know how to do that - even if they know the
hidden shares exist in the first place?

Obviously enabling the windows firewall will make such a simple
attack very much harder - but certainly not impossible.

A hardware based firewall which filters netbios requests helps nicely
too.


Absolutely true - hardware firewalls are far more effective than
windows softwrae firewalls for blocking unwanted external traffic.
Software firewalls on windows are good for limiting outgoing traffic
from specific programs, but not good enough to protect from external
attacks.

they are certainly good enough to repel all but the most determined
hackers.

But who expects the NSA to come sniffing round in a black van stuffed
with supercomputers and packet sniffers?

Not me, Osama ;-)


Are you trying to say that everyone is not interested in everything I do?
I'm going to go and cry now.......

TVeblen wrote:
On 12/21/2010 9:15 AM, The Natural Philosopher wrote:


But who expects the NSA to come sniffing round in a black van stuffed
with supercomputers and packet sniffers?

Not me, Osama ;-)


Are you trying to say that everyone is not interested in everything I do?
I'm going to go and cry now.......

No. Merely that the ones who are, are not likely to be clever enough to
find out.
;=-)

On 21/12/2010 15:12, The Natural Philosopher wrote:
David Brown wrote:
On 20/12/10 15:46, mm wrote:
On Sun, 19 Dec 2010 02:38:52 -0800 (PST), RayLopez99
wrote:


3) What if, assuming I get wireless for the home (like I say right now
I got everything at home wired, but I might switch to wireless now
that I got this new laptop), you find that a neighbor is sharing your
wireless connection? I hear this is possible, but does that person
need a password?

I got a laptop from Ebay about 3 years ago. I should have started
shopping earlier, and had to buy what was available, and it arrived
only 3 days before i was to leave on a long trip to Asia.

It came with 3 methods of internet, a port that accepted a phone cord,
a PC port (PCMCIA) that accepted the included Network Jack card and
the included wireless card. One of them required installing software,
so I was doing that. I didn't have DSL yet, so I was going to have to
use a flashdrive to transport files from my desk computer to the
laptop.

Half way through doing that, I noticed that my laptop was dl'ing my
email and my newsgroups! It turned out I was using one of my
neighbors' broadband/wireless. It's a good thing, too, because it
saved me a lot of time I needed for packing, etc.

When I got back two months later, there was a password on her account.

AIUI, I didn't cost her anything. I didn't even slow her down.

I've run my network without encryption or a password for some of the
time since, and so far, I'm the only MM2005 listed in the phone book.
So I guess no one has stolen my identity yet.

I think they do. If I give them a password, will
they be able to read my files on my hard drive, or just be able to
share my internet connection?

I thought files, directories, and printers had to be checked as Shared
before even you can read those files or use the printer on your own
network, and you have to have the password too. So as long as I
don't put any files in my one Shared directory, I thought I was safe.
Yes?

Is that correct?


I'm assuming you are using Windows.

/Everything/ is shared by default - you have to specifically disable
the file sharing service to stop it.

Not in my experience. Getting file sharing to work on a windows LAN
requires that you do a lot of configuration, starting with turning
netbios on, then exporting various things as shares, and finishing with
removing most of the firewalling that is the default way of working.


I happily agree that you have to turn off the firewall (or at least add
an exception) before shares (hidden administrator shares or otherwise)
are accessible. But assuming you've done that, I've never had to do
anything else to get sharing working.

One thing that may make a difference is "home" and "professional"
versions of windows - I have only ever used "professional" versions. So
if "home" versions take more effort and configurations, then I'll have
to take your word for it.

I also have fairly limited experience of windows after XP. I've managed
to avoid Vista almost entirely, and my impression of Win 7 is that it
works, but looks a mess and does things differently for no apparent
reason. So if things are different in Win 7, then again I don't know.


In particular, there are a number of
"default shares" that are (AFAIK) always enabled in windows unless the
whole file sharing service is disabled - you don't need to explicitly
share them. For every drive, there is a share named "c$", "d$", etc.,
that is available to any user with Administrator privileges. These
default shares are hidden, in the sense that they don't show up in
normal network browsing or "net view \\computer", but you can connect
to them easily enough.

You may /think/ that you haven't shared your files, but if I can see
your computer on a network (and wireless networks are easily cracked -
WPA in seconds, WPA2 takes several minutes)

I think it takes a bit longer than that..


For WEP, it doesn't take long. For WPA and WPA, it depends a lot on the
pre-shared key and whether or not you use pre-calculated tables.

I can type "net use x:
\\computer\c$ /user:Administrator" and try to guess your password.
Using Linux rather than Windows makes such an attack easier to
automate, but it can be done with Windows too.


So that's two passwords to fight past, and hope the man has indeed got
windows netbios on, and the firewall off..which if he is a domestic
single user he will not have enabled either of.


I'm just warning about possible weak points in security - nothing more.
Many people have poor passwords (or no passwords at all). Many people
have their firewalls disabled without realising the issues this has.
And I think most people have the administrative shares enabled, because
they never knew such a thing existed. This all adds up to many people
being susceptible to hacks through these shares.

For people who understand about security, it can be hard to appreciate
how insecure many windows systems are. But the millions of zombie
machines around the world that testify to poor security. (I know that
attacks via wireless networks are not the main cause of these zombies -
the point is that people regularly disable or abuse the security
features they have.)


Obviously enabling the windows firewall will make such a simple attack
very much harder - but certainly not impossible.

Windows is utter crap, but it's not THAT crappy.

Windows software firewall is far from impenetrable. There are many
common attack strategies. It comes with holes - not every port is
blocked by default. There are flaws in the implementation of the
windows networking system - these are regularly fixed, and new ones are
found. People use third-party software firewalls - in my opinion, these
often lead to more vulnerabilities than windows own firewall, as they
add layers of complication that introduce new bugs and then new security
flaws. But one of the biggest flaws is that people get so many pop-ups
(especially with third-party firewalls) or have so many problems getting
things like bittorrent to work that they disable the whole firewall.

I prefer to be paranoid - I use a hardware firewall between windows
machines and the internet. But if that's not possible, then the
standard windows firewall, when properly configured (i.e., no
inappropriate exceptions), is good enough for short-term usage. It is
not perfect, but it is seldom the weakest link.

David Brown wrote:


I prefer to be paranoid - I use a hardware firewall between windows
machines and the internet. But if that's not possible, then the
standard windows firewall, when properly configured (i.e., no
inappropriate exceptions), is good enough for short-term usage. It is
not perfect, but it is seldom the weakest link.

I agree,. I prefer to be paranoid. No windows machines at all AND a
hardware router.

But my remarks were from an XP installation a few years back inside a
firewalled network. I could not get the machines to talk nice to an
appliance that was supposed to be a visible share on the network.

Firewall. It took a fair bit to even get the machines to talk to each
OTHER. maybe they had 'home' on them.