How Safe You Ain't
Alan Applegate (K0BG)
on
June 24, 2005
View comments about this article!
How Safe You Ain’t
I’ve been retired from the Internet group where I worked for five years, and a lot of water has passed under the bridge. Technology has marched on, innovations made, and software more sophisticated. It’s also made us too reliant and trusting. This reliance and trust on technology is what this article is about.
Although this article isn’t strictly about amateur radio, just about every one of us uses a computer in one way or another. IRLP and other eQSO modes are becoming more popular due in part to the wide availability of broadband connections. According to the latest industry reports, over 40% of US users are hooked up to the net via a broadband connection. The three main interconnections methodologies are asynchronous cable, ADSL (asynchronous digital subscriber line), and NLOS (non-line-of- sight) wireless systems. The latter is the fastest growing. It is, in fact, taking customers away from the other two due in part to its synchronous protocol. In simple terms, the upload is as fast as the download. NextNet is the NLOS leader. Go here for details:
http://www.nextnetwireless.com/products_tech.asp
It isn’t the connection methodology we have to worry about, although that is a concern. Rather it’s the lack on understanding of what goes on behind the protocol. More importantly, it's what you do in you own home when you hook up to whatever device provides you the broadband connection.
In some cases, a HOA, complex owner, hotel management, or other supplier supplies the broadband connection. Thus your interface is just an RJ45 connection mounted in the wall, or attached to a telephone. Even if it isn't, you might think you're well protected. Chances are, you're not.
Depending on the broadband connection methodology, the hardware between you and the Internet, what software you use, and how up set up the software can leave you very venerable to piracy. To put this in simple terms, some of the connections are like party lines, and some like private lines. Even some of the apparent private lines are really multiplexed party lines.
Not all will suffer the following fate, but knowing what might be possible will hopefully get the reader to investigate his or her specific interconnection. Let me give you a couple of actual, real-world examples.
I have a friend in New England who lives in a condo complex. As part of his HOA payment, he gets a broadband Internet connection. The instructions are quite simple, and walk the user through setting up his Internet connection via DHCP (dynamic host configuration protocol). In other words, the host computer supplies the requisite IP address, net mask, and DNS. This is the same protocol he uses at work, so he doesn’t have to change anything between locations. He'd been in the habit of printing documents at home, and letting them sit in the print monitor. Once he got to work, he printed the documents. After one long weekend of hard work, he stored his documents in the printer monitor as usual. However, when he got to work they weren't there. That evening, one of his new neighbors brought a stack of paper over to his condo asking him if they were his. They were. The bottom line was, the new neighbor had his print sharing turned on, and by coincidence the name of his printer was the same as my friend’s work printer.
All of you network pundits will gasp in horror that these poor hapless fellows should have known better. Perhaps, but not all of us have the wherewithal to solve these types of problems on our own. Adding some insult is the Windows XP operating system. If you answer the questions presented in the network setup Wizard, and you don’t have a network background to rely on, the average guy will end up turning on both printer and file sharing. It’s a little harder to do on a Macintosh, but not much harder. This problem occurred because the same hub fed both users, and neither user had a clue to the workings behind their broadband connections.
Think about this example. I have a neighbor whose broadband is cable based. He has a WiFi router made by Belkin connected after the cable modem so his wife can access the Internet on her laptop from the kitchen (see
http://www.webopedia.com/TERM/W/Wi_Fi.html ). -- All well and good. My across the street neighbor have a wireless broadband connection, and the identical WiFi router for basically the same reason. The first neighbor brought his new laptop up to show me how good his WiFi worked. He could even get on the Internet at my home, nearly 500 feet away! Skeptical, I decided to look closer. It wasn’t his WiFi! It was my neighbor’s across the street! Both PCs are Windows XP based, and both setup for DHCP. Should they have had password protection? Of course, but neither one took the time to set up the router; they just left it in the out-of-box configuration. After all, we’re dealing with computer neophytes not Novell Certified engineers.
Just because you think you know how your system is setup and protected, it may not be as secure as you think. Neither one of my neighbors had a clue. Do you? There are a few things you can do to protect yourself that don’t cost a lot of money, and will provide you with a fair level of security if you set them up correctly.
Once up on a time, there were hubs, brouters, routers, firewalls, multiplexers, and a host of other network hardware devices. Not to mention a bunch of different protocols that weren't compatible. Nowadays, the distinction is somewhat harder to define, and most devices only support ethernet protocols. Most modern routers have built in hubs, and some have software configurable firewalls too. So here are a few suggestions.
First, buy yourself some hardware protection. Netgear (
http://www.netgear.com) makes an inexpensive cable/DSL web safe router. The wired unit is an RP614, and the wireless unit is an MR814. Belkin and others makes similar products. These routers store the DHCP protocol sent by your ISP, and essentially isolate, or firewall, your LAN (local area network) from the WAN (wide area network).
Buy.com sells the Netgear units for under $30 after rebates (just $12.99 for the wireless unit until mid July). They have a built-in four-port hub in addition to the wireless connections of the MR814. Both units have firewall like protection, and even a good level of parental control. They both support local file and printer sharing. Set up takes about 15 minutes, and is web based. You’ll have no fear of interlopers even on the wireless unit if you set it up correctly.
If you don’t need a wireless router, either don’t set up the wireless ports, or just purchase the wired unit. For further safety, you can assign your own local IP addresses rather than use DHCP. Both the Netgear and Belkin manuals explain how to set up generic LAN IPs.
Turn off file sharing. I’m always surprised how many people have it turned on, and they only have one computer! In good defense, earlier versions of Windows had file sharing turned on as a default. Now that both Mac OS and Windows XP have sharing reconfiguration on the fly, there is no reason to leave it on even if you do share files from time to time.
Sharing a printer is rather safe if it is wired directly to a computer. However, if it is ethernet connected, the aforementioned router is almost a necessity. If you have an IP ready printer, it is always best to set it up with one. If you use a wireless web safe router, and you have a lot of nearby users, you might want to password protect your printer logons. Inconvenient yes, but it is also safer (remember my examples above). Most operating systems can be set up to automatically send the necessary passwords.
Use logon passwords. By the way, a simple return is not a password. That’s the first trick a hacker tries. If you have kids, set each one up with a separate logon. That way you can block access to important files.
Use your screen saver. Both Macs and PCs have a one button screen saver activation. If you walk away even to go to the bathroom, push the button. A good friend came back from the bathroom to his four-year-old daughter asking him what those people were doing on screen, if you get the point.
I’m sure there are other ways to stay safe, and hopefully a few of our resident network engineers will add their voices to this article.
Remember, erring on the side of caution is prudent.
Alan Applegate, K0BG
www.k0bg.com
This article has expired. No more comments may be added.
|
How Safe You Ain't
|
|
|
by K4IA on June 24, 2005
|
Mail this to a friend!
|
Good article.
The new Pre-N series of routers claim a range of up to 1 mile over open ground. Your signal goes a lot further than you think!
Recently had an empoyee complain he could get on the Internet but couldn't see files on the network. That's odd. Seems he was tied into a house in the neighborhood rather than the office.
Don't think "I don't have anything worth stealing on my computer." Of course you do. You also have to protect yourselve against cyber-vandels (hacker wanna-bees) who think it is fun to get in other peoples networks and trash them.
A kid in an apartment building could have a blast. I once knew a guy who would take a wireless phone and drive up and down the street until he got a signal and then make his long distance calls. That was a long time ago when wireless phones were new and long distance was expensive but people like that still exist. Now, they drive around and look for open networks to "play with."
|
| |
|
RE: How Safe You Ain't
|
|
|
by GHOSTRIDERHF on June 24, 2005
|
Mail this to a friend!
|
Finally an article that was worth reading --- good job...
One thing I would add -- if you are using a wireless Access Point then when you restrict the access via the routers firewall do it by MAC address and not IP address... that way YOU control the physical equipment that can join your network not someone that just gets the right IP....
|
| |
|
RE: How Safe You Ain't
|
|
|
by AA4PB on June 24, 2005
|
Mail this to a friend!
|
Nothing to protect? How about someone using your wireless access point to send spam or to conduct other illegal activities. In one case a home was raided, the occupant arrested and his equipment taken for accessing child porn sites. It turned out someone was parking outside his house and using his wireless access to download the porn.
A coworker of mine went to NYC on business and took his wireless laptop along. He was able to see files from a doctor's office adjacent to the hotel. They had an unsecured wireless network in the office.
I took my wireless laptop to my daughter's apartment in Northern VA. I was able to see 4 unsecured wireless connections from her apartment.
My Son just signed up for Verizon DSL. They sent him a free integrated modem/wireless router. Although he used the CAT5 connections, I found that the wireless access point was on and unsecured by default. Nothing but the quick start guide is supplied with the device. I had to go to their web site and download the manual in order to find out how to activate the WEP (encryption).
|
| |
|
RE: How Safe You Ain't
|
|
|
by GHOSTRIDERHF on June 24, 2005
|
Mail this to a friend!
|
Also -
The NO#1 thing most people can do if they are not computer or router savvy is simply turn on the WEP encryption... takes about 30 seconds... easy to configure ... and stops 99% of the WarDrivers out there since they are goiing to simply go for an easier target..
.
|
| |
|
RE: How Safe You Ain't
|
|
|
by N1OFZ on June 24, 2005
|
Mail this to a friend!
|
Wireless routers should be locked down not only by MAC address, but the SSID should be turned off so it does not broadcast. Some wifi routers also allow you to control the amout of rf they put out. This way you can run the minimum amout of power you need (very ham-like) in your house and the neighbors are less likely to pick up your access point. That is about as much as you can do security wise for 802.11b/g.
For the wired network side a decent router will block your file sharing from being broadcast over the Internet or local LAN/WAN. If you want to access your network when you are away you might want to get a router with vpn support. In addition some routers today also support dynamic dns so you can assign a hostname to your network that will automatically update if your dhcp'd IP address changes.
I personally would take one of those old PC's collecting dust in the corner and install a Linux distro and use it as a firewall. Much more flexibility and it can double as a print/file server as well as many other things.
If you want to have some fun create a honey pot. Pick up a (or an extra) one of those $30 wireless routers. Take an old PC and download a bunch of viruses and/or spyware laden applications. Rename them many popular game titles. Now unplug the PC from you lan and put it into the cheap wifi router and turn on the file sharing. Set the wifi router up with no security and watch the kids download and install this stuff. Listen to their screams of pain as they have to spend hours disinfect their machines!
|
| |
|
RE: How Safe You Ain't
|
|
|
by GHOSTBUSTER on June 24, 2005
|
Mail this to a friend!
|
Goatrider wrote:
"Finally an article that was worth reading --- good job..."
Translation: "Finally an article that's not about ham radio. Now I can cut and paste some comments from a security website and pretend I really know what I'm talking about!"
I know who this idiot is, and he's not a ham. He's a freebander wannabe.
Who ya' gonna call?
Ghostbuster!
|
| |
|
RE: How Safe You Ain't
|
|
|
by N1OFZ on June 24, 2005
|
Mail this to a friend!
|
AA4PB
The doctor's office with the unsecured LAN is in violation of the federal HIPA laws! They should be careful or they could get in BIG trouble.
I took the train to NYC a month ago and logged 215 wireless LANs from Brewster NY to Grand Central (1 hour ride). Less than 5% were WEP encrypted. You are right on the mark with the encryption. No one is going to bother hacking the WEP when next door someone has an open connection.
|
| |
|
RE: How Safe You Ain't
|
|
|
by KT8K on June 24, 2005
|
Mail this to a friend!
|
Good article, and relevant to the tools most hams are using today.
I have read that WEP is so easily cracked that it isn't worth using. I tried setting it up on my own gear but could not get it to work, so I gave up and put my wi-fi router in the basement, significantly attenuating signals at the street but allowing easy connections in the house and on the deck and porch -- a simple but effective and non-technically demanding solution. I also have file sharing shut off.
I have no idea who "ghostbuster" is, and his/her comment doesn't make a lot of sense to me. That and the anonymous identifier lead me to ignore this person's comments, and I recommend others do so also. In fact, this is the first time I can remember acknowledging this person's comments, and it will most probably be the last.
Be safe, everybody. Computer networking is a double-edged sword. Like a hammer (to name another tool), it can be used either to build a house or to kill somebody (and it can hurt if you drop it on your toe).
73 & safe hex to all de kt8k - Tim
|
| |
|
How Safe You Ain't
|
|
|
by K0RFD on June 24, 2005
|
Mail this to a friend!
|
This thread is a little far from Ham Radio, but important nonetheless.
With regard to WiFi (which is at least Radio), Alan left out a few things that you should do when you first set up your network. None of them involve buying any hardware or software, and all of them will make your network more secure.
I am amazed at how most people who set up wireless in their homes don't do the basic stuff. The 5 basic steps to making your WiFi system at least marginally more secure than your neighbor's are listed below. If a neighbor's network is an easy target, and your network is more secure, which one do you think is going to be compromised first?
1) Change the default SSID. I can pick up 3 networks in my neighborhood named "Linksys". Change it. The default tells me what brand of router they are using. And by definition, that tells me what the default Admin IP address and Administrative Password are (necessary to change settings in the router).
2) Change the default Administrative Password. On two of these networks, I could have gotten in and locked the owners out of their own systems because they left the password set to the default. Each manufacturer has a default Administrative Password. It's right in the manual. If you forget to change the default SSID, then everybody knows what your default Administrative Password is. Change it right away.
3) Once your WiFi network is set up, turn off SSID broadcast. Once all your hardware knows which network it belongs on, there is no need to have a beacon that says "Hey out there, Wireless Network here!" SSID Broadcast is usually "ON" by default. You have to turn it off.
4) Turn ON WEP encryption. While it can be broken, it's not easy. You never want to send plain-text passwords, account numbers, etc. over the air. It is usually "OFF" by default. Turn it on.
5) Enable MAC Address filtering for the reasons I discuss below. The default is "disabled" -- turn it on.
If you have a wireless router, most of them support MAC Address filtering. MAC Address doesn't have anything to do with the Apple Macintosh, it's an acronym for "Media Access Control" Address. Each and every piece of networking hardware has a unique MAC address burned into it at the time of manufacture. That means every wireless card in your house has a MAC address that is unique to itself. Your wireless router can be set up to ONLY connect to YOUR OWN hardware. That's important.
If you note the MAC Addresses of your hardware (usually on a sticker on the box or on the device itself) and set your router to only allow connections to these devices, you at least prevent your neighbor from connecting to YOUR WiFi system, sharing YOUR files, etc. You simply add the addresses of your own hardware to a list in the router's administrative screen. If you have a guest come over who needs to use your wireless system, you can add their MAC address to the list of accepted addresses. No need to leave your network open to all hardware, all the time.
Is this perfect? Heck no. You have to do all the other things Alan suggests. Can your wireless signal still be intercepted over the air? Sure, and if you don't encrypt it, that's a problem. All your passwords and bank account and credit card numbers are plainly visible to anybody with a sniffer if you don't encrypt them. Can MAC addresses be spoofed? Yes, but to spoof one of YOURS, somebody would have to know what it was to start with.
It's just another level of protection. One more level of complexity. In computer security, there is no such thing as perfection, just sufficient complexity to 1) increase the time and effort it takes to compromise your systems, and/or 2) increase the probability of detection.
Oh--MOST IMPORTANT--if you have a wireless notebook, don't be tempted to do your banking or online shopping at the WiFi Hotspot at your local coffee shop. These are open unencrypted systems and the #1 place where sensitive personal information and electronic identities can be collected by just about anybody with the right software.
|
| |
|
How Safe You Ain't
|
|
|
by WA3KYY on June 24, 2005
|
Mail this to a friend!
|
|
Although WEP is fairly easy to set up and somewhat secure if you use the 128-bit version, you should be using the WPA encryption if all your wireless devices support that. And don't forget to assign a password to the administrative login on the wireless router/access point. Another thing hackers try first is to connect directly to the wireless router/access point using the default admin password. That gives them full access to allow them to do anything with your network. Inclulding locking you out. Make sure you also know how to do a reset to factory defaults so you can regain access to your device if a hacker has gotten in and changed things.
|
| |
|
How Safe You Ain't
|
|
|
by WA3KYY on June 24, 2005
|
Mail this to a friend!
|
|
One more thing you can do in addition to the 5 listed. Change off the default channel of 6. There are 11 channels available in 802.11b/g. Almost no one changes off the default of 6. Makes your network even more hidden than just turing of the SSID and harder to sniff out.
|
| |
|
802.11g Antennas
|
|
|
by KA4KOE on June 24, 2005
|
Mail this to a friend!
|
|
Has anyone done an analysis on the efficacy of using a UHF fan dipole to increase the bandwidth of a wireless LAN network?
|
| |
|
RE: How Safe You Ain't
|
|
|
by WILLY on June 24, 2005
|
Mail this to a friend!
|
"...
Use your screen saver. Both Macs and PCs have a one button screen saver activation. ... "
Please describe how to do this for PCs.
Thanks
|
| |
|
RE: How Safe You Ain't
|
|
|
by K0RFD on June 24, 2005
|
Mail this to a friend!
|
Changing the default channel is important not only for reasons of security, it's somewhat important for reasons of speed if you have neighbors on the default channel. It minimizes the number of packet collisions.
OK, now back to Ham Radio. Here are the frequencies in Ghz of the 802.11b channels used in the US and Canada.
Note that the US Amateur 13-cm allocation is a hodgepodge that starts at 2.3 Ghz. The bulk of it runs from 2.390-2.450 Ghz. We are primary in some parts, secondary in others. WiFi Channels 1-6 are completely within the Amateur 13 cm band. Channels 7-10 partly overlap with the Ham band. Only Channel 11 is completely outside the Amateur allocation. So, which channel would the responsible amateur use for his WiFi? (Not that it makes any difference if you have 17 neighbors on other channels...)
Ch Lower Center Upper
1 2.401 2.412 2.423
2 2.404 2.417 2.428
3 2.411 2.422 2.433
4 2.416 2.427 2.438
5 2.421 2.432 2.443
6 2.426 2.437 2.448
7 2.431 2.442 2.453
8 2.436 2.447 2.458
9 2.441 2.452 2.463
10 2.446 2.457 2.468
11 2.451 2.462 2.473
|
| |
|
How Safe You Ain't
|
|
|
by WM5Z on June 24, 2005
|
Mail this to a friend!
|
Good job on the article and thanks.
OK, I am fortunate that I live out in the country, and not in the city. I have done all that is recommended so you have re-affermed what I did is correct.
I have a question for you though. What can be done at the cable modem end if anything? Since I own a small business and keep files pertaining to my clients on my PC's I always have a concern about file security. Mine is a Linksys cable modem that connects to a Linksys router to provide internet services to the LAN users.
Steve/WM5Z
|
| |
|
RE: How Safe You Ain't
|
|
|
by K7NHB on June 24, 2005
|
Mail this to a friend!
|
If you are going on a trip and plan to keep in touch via email, set up a yahoo, hotmail, or what have you free email account just to use on the trip. Once the trip is over, the account will terminate from lack of use by itself.
Internet cafes can have software that grabs your email address and adds it to spam lists. While travelling in Mexico, I was using my real email address and checking my email almost daily. Within 5 days my spam count jumped from 30 pieces a day to over 130 pieces of spam a day.
Set up one of those freebie email accounts for the trip and leave your real email account at home.
73,
Paul
|
| |
|
How Safe You Ain't
|
|
|
by N0XMZ on June 24, 2005
|
Mail this to a friend!
|
I use file & print sharing on my home network. Both computers are behind a router, another router for my VOIP phone, and a software firewall. This alone *might* be enough, but I also use a software firewall, just in case. Configuring the hardware firewall in the router was way too complex. Zone Alarm (free) takes care of it all.
And don't forget the antivirus! AVG by Grisoft is also free for home users.
And wireless Internet?? With all the security holes I hear about, I'm not ready to trust a wireless router. I don't care how secure the manufacturer thinks it is.
|
| |
|
RE: How Safe You Ain't
|
|
|
by NL7W on June 24, 2005
|
Mail this to a friend!
|
All:
Besides the obvious necessary wide-area network (WAN) protection needed to separate your "home" local-area network from the rest of the world, you must also properly configure the wireless LAN side of your 802.11 type wireless system. This can be adequately accomplished by taking advantage of current wireless products' built-in protection features and options:
1. Turn off the beaconing SSID.
2. Turn on and use the wireless unit's 128-bit encryption capability - be it either WEP or preferably the newer and more capable WPA method.
3. Use a varied and thoughtful encryption code that wouldn't be easily discovered by a hacker.
4. Use the MAC address filtering option - only allow your equipment's specific MAC addresses access to your wireless LAN.
If these steps are employed, you'll thwart 99.999% of potential hackers and attacks.
GL and 73 de Steven, NL7W
|
| |
|
RE: How Safe You Ain't
|
|
|
by N6AJR on June 24, 2005
|
Mail this to a friend!
|
|
nice advice but what does it have to do with Ham Radio, this info is all over Internet sites, but this is Supposed to be about ham radio...
|
| |
|
RE: How Safe You Ain't
|
|
|
by WI7B on June 24, 2005
|
Mail this to a friend!
|
DON'T TURN OFF BROADCASTING YOUR SSID!
There is alot of good advice posted on the use of 128-bit WEP/WPA encryption and MAC filtering that everyone with a WiFi network should apply as a minimum. Couple this with OS password protection and you are ahead of the curve as far as most WLAN operators.
However, disabling SSID broadcasting does nothing for the security of your system.
In IEEE 802.11 networks, the SSID (Service Set Identifier) is viewed by some as an unneeded advertisement of the wireless network to attackers and these folks assert that all measures should be taken to ‘hide’ the SSID. But this advertisement is the essential role that SSIDs are designed to play. The broadcast of the SSID improves the performance of a wireless network and the SSID cannot be hidden without degrading proper WLAN operations. Efforts to hide the SSID are at best half-measures which lead to a false sense of security and to a degradation of wireless network performance, particularly in a roaming situation.
The SSID is a 1 to 32 byte value that functions in wireless networks much the way that NETBIOS Scope functioned in the old bridged networks: to segment the airwaves for usage. If two wireless networks are physically close, the SSIDs label the respective networks, and allow the components of one network to ignore those of the other. SSIDs can also be mapped to VLANs; thus many APs support multiple SSIDs.
The SSID is present in the following 802.11 management messages:
• BEACONs
• PROBE Requests
• PROBE Responses
• ASSOCIATION Requests
• REASSOCIATION Requests
Association and reassociation occurs ALL THE TIME on a WLAN. It maintains active connection metween your host router/hostPC and the roaming/clientPCs. The SSID is part of that, as are the probing REQs.
As soon as a client PC enters the coverage zone of an access point to the WLAN, the client PC can read your SSID, the data rate, etc. of your network whether you have a disable the broadcast frame SSID or not.
So, don't confuse the SSID and Security. They are TWO DIFFERENT THINGS.
73,
---* Ken
|
| |
|
How Safe You Ain't
|
|
|
by K4SQR on June 24, 2005
|
Mail this to a friend!
|
Good job Alan;
Thanx for taking the time to write & post it here.
I experienced most of this 2 years ago since the XYL's machine is upstairs.
So after the young Microsoft certified neighbor showed me my desktop on his laptop, and another neighbor's desktop, I accepted his offer for excrypting the system.
I trust others will take your advice and implement encryption.
73,
Jim K4SQR
|
| |
|
RE: 802.11g Antennas
|
|
|
by AE6IP on June 24, 2005
|
Mail this to a friend!
|
> Has anyone done an analysis on the efficacy of
> using a UHF fan dipole to increase the bandwidth of
> a wireless LAN network?
Yes. Sucks.
|
| |
|
How Safe You Ain't
|
|
|
by KC2MMI on June 24, 2005
|
Mail this to a friend!
|
Microsoft, Intel, and others have good articles on security (wireless or wired) on their web sites. Microsoft also has free security email newsletters available, and a free "Baseline Security Analysis Tool" program that will analyze everything on a computer and come up with security advisories. The tools are out there, and they are free for the asking.
But considering how many people still suffer virus attacks and run zombie systems because they couldn't be bothered with anything more complex than the power switch...Oh, wait a minute, that's right, now they leave it on 24x7 and just let the screen blank. (sigh)
|
| |
|
RE: How Safe You Ain't
|
|
|
by KC8VWM on June 24, 2005
|
Mail this to a friend!
|
"Sharing a printer is rather safe if it is wired directly to a computer. However, if it is ethernet connected, the aforementioned router is almost a necessity."
---------------
What's the worst case scenerio if I share my printer over an ethernet network? Someone might print something on it and waste a perfectly good piece of paper?
Am I missing some point here...?
73
Charles - KC8VWM
|
| |
|
How Safe You Ain't
|
|
|
by W5GNB on June 24, 2005
|
Mail this to a friend!
|
> Has anyone done an analysis on the efficacy of
> using a UHF fan dipole to increase the bandwidth of
> a wireless LAN network?
Although the FAN DIPOLE was a dismal failure on these frequencies, I foung the G5RV version to be quite effective. It would radiate at least Ten feet beyond the wet noodle!!
|
| |
|
RE: How Safe You Ain't
|
|
|
by KX8N on June 24, 2005
|
Mail this to a friend!
|
"What's the worst case scenerio if I share my printer over an ethernet network? Someone might print something on it and waste a perfectly good piece of paper?
Am I missing some point here...? "
Worst case scenario is that you go to print a tax form, or a receipt for an internet transaction that includes your CC number, or a bank statement, and it prints on a total stranger's computer.
|
| |
|
RE: How Safe You Ain't
|
|
|
by N6AJR on June 24, 2005
|
Mail this to a friend!
|
|
I leave my network hard wired and have the wirless only for access to the net. no perfect but with the firewall in the router, and all my other protection, it ain't bad, and sharing is quite limited
|
| |
|
Back to Ham Radio - EchoLink
|
|
|
by W4XKE on June 25, 2005
|
Mail this to a friend!
|
|
If you set up EchoLink on your computer, the firewall will prevent "unsolicited data". You have to turn off the protection schemes and leave ports open to make the system work. :( The IRLP system is actually better in this regard. Johnny, W4XKE
|
| |
|
How Safe You Ain't
|
|
|
by KG4YJR on June 25, 2005
|
Mail this to a friend!
|
This is a very good article and I do mean ARTICLE. Something that's rare these days versus the flame generating code vs. no-code playpens or "Why I think amateur radio isn't fun anymore" opinion journals. I'm always impressed with Alan's technical knowledge and his website which pertains to mobile radio installation is one of the best individual ham websites I've ever seen.
He is also what I would call a true ham radio elmer in this day and age of the web. If any of you read the eHam forums he's answered many an individual's questions, new or old to amateur radio, respectfully and with good advice.
73 & Thanks for the good info. Alan,
Dave
|
| |
|
RE: How Safe You Ain't
|
|
|
by KC8VWM on June 25, 2005
|
Mail this to a friend!
|
"Worst case scenario is that you go to print a tax form, or a receipt for an internet transaction that includes your CC number, or a bank statement, and it prints on a total stranger's computer."
Yes, but couldn't that same scenerio still occur regardless if the printer was shared in the network enviroment or not?
I mean how does placing the printer behind a firewall equate to the idea of securing your print documents if you PC printer ports have been remapped over IP?
|
| |
|
RE: How Safe You Ain't
|
|
|
by AA4PB on June 26, 2005
|
Mail this to a friend!
|
If the print driver is set to the IP address of your printer and that IP address is in your local subnet, why would the router send the request on to the Internet? It seems to me that you'd have to have your print driver set to an IP address in another subnet in order to put print data on the Internet. In that case, your printer would never work.
|
| |
|
How Safe You Ain't
|
|
|
by KE4ZHN on June 26, 2005
|
Mail this to a friend!
|
Good article Alan. Many people have no idea just how nasty a place the internet can be when their computer is left unprotected and wide open. Using a good firewall is important. Monitoring port traffic is also very important to see if someone is "knocking on your door". Those on a wireless or even a wired network should always use encryption. Sure, wep can be cracked, but it makes for a harder target for wifi hackers who would much rather pick an easy target thats not using any security. There are many free online security sites that will scan your ip for open ports. This is a good way to see just how vulnerable you are, and to block any open ports that you are unaware of. All it takes is one, and a good hacker can get in. The problem is, you cant close them all, or you cant use the internet, so your always going to be somewhat vulnerable to a degree. If you monitor port activity, at least you can discover if someone is in your machine and you can stop any damage if you catch it in time. Running good antivirus software and doing regular scans can grab any nasty trojans hiding in your computer also. If you see lots of port activity when your not surfing, theres a good chance you have a trojan hiding in your machine sending who knows what data to some malicious user or website.
Those who buy a wireless router, and simply plug it in and dont bother to set up the wep security, are asking for big headaches. Anyone with a laptop and a wireless network adaptor can use their connection to do anything illegal they wish...and it gets traced back to the victims ip. Bad news! Imagine sitting in your home and having the FBI knocking at your door for downloading kiddie porn and you know nothing about it! Scary to say the least!
|
| |
|
How Safe You Ain't
|
|
|
by KI4IXU on June 26, 2005
|
Mail this to a friend!
|
|
Good article. But I need to point out one thing. WEP encryption is very easily cracked. It takes only a few minutes to crack a 128-bit WEP password with a moderate amount of activity on the network. WPA-PSK is much better than WEP, mainly because it is not used as much. Morale: Turn off WI-FI unless you need it.
|
| |
|
How Safe You Ain't
|
|
|
by RADIOBOB on June 26, 2005
|
Mail this to a friend!
|
|
Alan, great article, and thank you to all others who have taken the time to "show", those of us who know very little ( many I suspect ), what we need to know to better protect our systems, even if total protection maybe impossible.
|
| |
|
RE: How Safe You Ain't
|
|
|
by WA2JJH on June 26, 2005
|
Mail this to a friend!
|
GREAT ARTICAL ALLEN.
You covered much in an easy to read primer.
I do not know why so many leave their WEP off on their
2.4GIG Wlan systems.
Very few leave WEP off on purpose. There is one 1960's idealist that set up a public access(no wep) for all of central park!
Great to surf, suicide to do business on.
The coffee chain starbucks also offer non wep service.
There is one Internet cafe in the east village thst is a mecca of road worriers and pedestrian walking data
pirates.
I checked the place out. I went on non wep using my callsign. Some jerk hack basterd yelled....yo!!!! I think I got some military or police sh--t.
I calmly walked over introduced my self as that WA2JJH dude. He looked shocked. I then had an altercation.
The management of the east village cafe was friends with all the little hack chumps.
To make a long story short......I was 86ed(asked to leave amd never return!).
I did not make a single phone call, however the police raided the place a few months later. I think they played around with the sales tax or somethying like that.
I had much fun passing by the place after they were raided.
I often frequent the place called "DOC HOLIDAYS", 20 feet down the block from the hack joint. If you know the lower east side of NYC,you know which infamouse cafe/internet pay by the hour joint it is.
The manager of the place has 86ed many for the most trivial reasons.
They cannot enforce their 86 list. I go in and buy a coffe. The manager wisely ignores me. However all the hackers seem to leave after I just have a seat.
If your in NYC, check it out. Its fun being persona non grata. One of the several hacker/anti-hero movies mention that crap hole of a computer-coffee bar.
|
| |
|
RE: How Safe You Ain't
|
|
|
by KC5AV on June 27, 2005
|
Mail this to a friend!
|
" "...
Use your screen saver. Both Macs and PCs have a one button screen saver activation. ... "
Please describe how to do this for PCs.
Thanks"
I know this works for Win2k, and XP Pro. I'm not certain that it will work with XP Home.
Right click your desktop, and select New --> shortcut
For the location of the item, type:
%windir%\system32\rundll32.exe user32.dll,LockWorkStation
(All of this should be on a single line, if this post wraps the text)
Select next, and name the shortcut Lock. Now, when you double click the icon, your computer will automatically lock itself just like it would if you pressed ctrl-alt-del and selected Lock Workstation.
|
| |
|
802.11 WLAN is not safe without encryption
|
|
|
by JJ1BDX on June 27, 2005
|
Mail this to a friend!
|
Use encryption on wireless LANs always - never allow something not encrypted. WEP is not enough - mandating using any sort of VPN (including SSH or any other well-known methods) over WEP is required to prevent wiretapping.
For the further details, see:
http://www.ne.jp/asahi/bdx/info/depot/ieice-2002-telework-pub.pdf
73 de Kenji JJ1BDX(/3)
|
| |
|
RE: 802.11 WLAN is not safe without encryption
|
|
|
by WILLY on June 27, 2005
|
Mail this to a friend!
|
by KC5AV on June 27, 2005
" "...
Use your screen saver. Both Macs and PCs have a one button screen saver activation. ... "
Please describe how to do this for PCs.
Thanks"
"I know this works for Win2k, and XP Pro. I'm not certain that it will work with XP Home. .... "
I wanted to know how to do it with PCs, as was stated. I don't use Win2k or XP.
Thanks anyway though.
|
| |
|
RE: How Safe You Ain't
|
|
|
by KD5DFM on June 27, 2005
|
Mail this to a friend!
|
I'm using a 1 inch quad i made form a pencil and match sticks as spreaders with transformer wire . i find i get more gain and direction . ;-)
> Has anyone done an analysis on the efficacy of
> using a UHF fan dipole to increase the bandwidth of
> a wireless LAN network?
>
>Although the FAN DIPOLE was a dismal failure on these >frequencies, I foung the G5RV version to be quite >effective. It would radiate at least Ten feet beyond >the wet noodle
|
| |
|
How Safe You Ain't
|
|
|
by N0AH on June 27, 2005
|
Mail this to a friend!
|
|
Everytime I can't get to sleep, I just read this article- works great
|
| |
|
RE: How Safe You Ain't
|
|
|
by NL7W on June 28, 2005
|
Mail this to a friend!
|
N6AJR:
I don't understand your question...
Computers, the WWW, and IT in general, are inexplicably tied to today's Ham Radio hobby/service.
Let's see... computers on networks log contacts, provide the human interface to various digitial modes, provide informative data on other stations, dx, and the hobby in general, allow remote control of stations, etc.
I'm sure others could go on...
Where have you been the last 20 years? Have you been living in a cave like Gollum of the Lord of the Rings Trilogy?
73.
|
| |
|
How Safe You Ain't
|
|
|
by KE7CDV on June 30, 2005
|
Mail this to a friend!
|
One thing I haven't seen mentioned... if you're using a regular, unencrypted wireless connection at a coffee shop, motel, etc., so long as you're using https:// to read your e-mail, place an order, etc., you're arguably still quite safe.
Almost all on-line stores and most e-mail portals (Yahoo, Hotmail, etc.) have the ability to transfer data using HTTPS.
Where I go to school (Oregon State University), the campus-wide wireless network specifically does NOT have any wireless security enabled because it causes a lot more technical support problems and tends to give people a false sense of security. Instead, for any connection you'd be making to an on-campus machine, you're always using HTTPS or SSH or a similarly secure protocol (things like regular Telnet are blocked).
---Joel Kolstad
|
| |
|
RE: How Safe You Ain't
|
|
|
by AE6IP on July 1, 2005
|
Mail this to a friend!
|
HTTPS makes the transport safer. As people are now finding out, that's not the same thing as making your data safe.
It doesn't matter how secure the tranport is, if the company you're doing business with loses your data once they have it.
Know who you're doing business with and share as little personal information as possible.
|
| |
|
RE: How Safe You Ain't
|
|
|
by NL7W on July 1, 2005
|
Mail this to a friend!
|
Ken, WI7B:
I have left my SSID turned off for over a year on my personal "home" network; there are no "ill effects" that I can see. I utilize 802.11G, and the performance vs. range of this wireless protocol is excellent, given my roughly 1/2 Mbps WAN DSL circuit. This 802.11G D-Link system completely covers my 2700 sq. ft. split level at full speed, and drops down a notch when I explore the hinterlands of my 1-acre lot here in Palmer, AK.
I assume that if the SSID is OFF (not beaconing), the "wardrivers" here in my area (there are quite a few) won't know I'm here - I believe. If potential exploiters don't know my wireless network is out there, how will they know to attack it?
73.
|
| |
|
How Safe You Ain't
|
|
|
by KB5IAV on July 2, 2005
|
Mail this to a friend!
|
Nice article, great job. I've heard a couple of stories from people saying their wireless networks were compromised. I know of one person who had a teenager across the street leeching his bandwidth. Another person had every computer in his house switched off and the lights on his wireless router were blinking indicating someone was online.
Alot of people think this is some sort of "magic" when in fact it's based on the same technology that allows sound to be send over long distance, aka radio. If many people can listen to music, or watch video, at the same time without being connected to anything, I wonder why they don't understand the same can be done with wireless access points, cordless phones, baby monitors, etc.
For a long time, I was hesitant to use cordless phones because I knew, mainly because of my experiences with SWLing and ham radio, that they could be eavesdropped on very easily. Even today, with digital, encryption, etc., I don't like using them very much. If people want to think I'm nuts for having a 25ft cord on my phone, that's their problem not mine.
I use a wired router to share out my cable modem for the same reason. Since I live in a subdivision where the houses are close together, the risk is there. Most hams probably already know this, but it's amazing how many others don't.
Just my opinion.
Jon, KB5IAV
|
| |
|
RE: How Safe You Ain't
|
|
|
by KE7CDV on July 7, 2005
|
Mail this to a friend!
|
"Another person had every computer in his house switched off and the lights on his wireless router were blinking indicating someone was online."
This isn't uncommon. Although it certainly could be an indication that someone has hacked his network, it's much more likely that the DSL modem is just receiving broadcast packets (these are generated when operating "sniff out" their own networks -- as well as by would-be hackers!) and forwarding them on to the wireless router.
"If many people can listen to music, or watch video, at the same time without being connected to anything, I wonder why they don't understand the same can be done with wireless access points, cordless phones, baby monitors, etc."
With cordless phones, baby monitors, etc., typically people simply wouldn't _bother_ listening to the conversations because the likelihood they'd get something "juicy" (credit card info, for instance) was just too low. With wireless networks, although I suspect the thing most wardrivers want is your bandwidth, with computers its become easy to try to take over someone's computer and make it a zombie that'll then start sniffing out credit card numbers, participate in DDOS attacks, etc. :-(
"For a long time, I was hesitant to use cordless phones because I knew, mainly because of my experiences with SWLing and ham radio, that they could be eavesdropped on very easily. Even today, with digital, encryption, etc., I don't like using them very much. If people want to think I'm nuts for having a 25ft cord on my phone, that's their problem not mine."
Nothing wrong with that; if it makes you feel more secure, great.
"I use a wired router to share out my cable modem for the same reason."
I've used a couple of wireless routers as wired routers simply because they're cheaper (<$25 at Fry's!) and the wireless part of them can be turned off.
---Joel
|
| |
|
RE: How Safe You Ain't
|
|
|
by KE5BCG on July 12, 2005
|
Mail this to a friend!
|
One more thing;
TURN OFF THE PC WHEN NOT IN USE!
Most of the time it's idle anyhow - why have it turned on?
If it's not on - it can't be messed with.
|
| |
|
How Safe You Ain't
|
|
|
by WA9AFM on July 13, 2005
|
Mail this to a friend!
|
|
Despite all of the high tech protection we can invoke, a goodly amount of private information is obtained the old fashion way....by paper! A scam I just learned about concerns swapping credit cards. The server (human-type) in your favorite bistro takes your credit card and disappears for ten minutes. They come back with 'a card' and your charge-slip. You sign the slip, put the card in your wallet and leave. However, the card isn't yours! In the mean time, the culprit is racking up charges on your card and it could be days before you, or a sharp-eyed sales clerk notice. Bottomline, take a good look at your credit card the next time it leaves your sight and is brought back. It might not be a scam, but a simple mix up of cards especially at a busy time. Better safe than ripped off.
|
| |
|
How Safe You Ain't
|
|
|
by KG4APT on July 13, 2005
|
Mail this to a friend!
|
I wanted to know how to do it with PCs, as was stated. I don't use Win2k or XP.
Thanks anyway though.
(stated very slowly for the remedially handicapped)
OOOOOOOOOOOKAAAAAAAAAA
|
| |
|
Email Subscription
You are not subscribed to discussions on this article.
Subscribe!
My Subscriptions
Subscriptions Help
Other How To Articles
Measuring a Solid-State PA’s Zs
How to Help in an Emergency...Tools
6-Meter Square Copper Dipole
|
