|
|
|
The following page was printed from RemoteCentral.com:
Topic: | what else can get hacked? Customers concerned? This thread has 27 replies. Displaying posts 16 through 28. |
|
Post 16 made on Wednesday February 23, 2005 at 11:36 |
KarlTL Long Time Member |
Joined: Posts: | December 2004 25 |
|
|
I installed a combination wired/wireless network in my home. Wired the basement when I finished it out and have a wireless router that allows me to access the network from anywhere else in the house.
I do not turn off SSID broadcasting simply because, as I unerstand it, any device that can scan for a wireless access point will find any live access point. Jusr because the access point doesn't send out an SSID doesn't mean it cant be found (I'm pretty certain that I'm correct in this...if someone knows better, please chime in).
I do turn ON WEP encryption for all wireless stuff, use 128 bit encryption and a long encryption keyword.
A key security thing I also do is to use a variation of static IP address. What I mean is this...when I initially set up the router, I will leave DHCP on (router automatically assigns IP address') but define a limited number of IP address for the overall network. By limited, I mean only enough for the devices that I'll have on the network. I then set up and connect each device to the network and go into the router admin screen and lock each devices MAC adddress to whatever IP address the router assigned. Do the same with the next device etc...
As I add new devices, I go back to the router admin screen, increase the network IP address range by 1 and go through this process again. End result....even if someone were to get by the WEP encryption the system would not assign an address (even though DHCP is on) because I've limited the IP address to only those for the devices I've attached/autorized) and even if a device is off (it's IP address is potentially available), a hacker would have to have the specific MAC address associated with that IP address to get on the system.
I know this sounds complicated but it really isn't after you work through it once. Takes me all of 5 minutes (maybe) to add a new device to the network.
Bottomline is that I end up with a system that is pretty close to airtight, but very flexible. Once my devices are set up (laptop, wireless PDA etc..) I can get on the network with anything at anytime. When my kid's come to visit, I just have them use a wired ethernet port. All I have to do is logon to the router, increase the IP address range, have them hook up and then lock their MAC address to the new IP address. After that I just leave it set so they can plug right in next time they come to visit.
I leave the router firewall on and run Zone Lab's software firewall on all PC's in the house. The network connects to the outside world via encrypted wireless broadband ISP (my router's IP address is private/cant be pinged or accessed from outside) and I've had absolutely no problems (knock on wood).
|
|
Post 17 made on Thursday February 24, 2005 at 00:38 |
2nd rick Super Member |
Joined: Posts: | August 2002 4,521 |
|
|
You seem to have two related threads on the forum here... My take is that anything electronic with any level of intercommunication is vulnerable at some level.
I am a staunch proponent for dedicated systems in home control, as an example, and security is only one concern. I do not want my clients to have to sit through 3 hours of tech support from India to get their lights back on when a worm infiltrates their all-in-one Bill Gates internet portal, media server, and home automation controller PC.
As for the related question on the other thread, I vote to leave the security consult and network administration to a specialty IT services company. It is difficult enough to delegate time and money to keep a staff trained with the changes in our own industry, much less take on a lightning fast changes of the IT industry.
I do believe that someday soon on-call emergency techs, like the "Geek Squad" model, will be the as common in the the US as the ubiquitous Roto Rooter vans and locksmith trucks. I imagine 24 hr. dispatched on-site tech service with dozens of little VW Beetles in every city full of propellerhead kids fixing hardware and software issues to make out homes work again.
|
Rick Murphy Troy, MI |
|
Post 18 made on Thursday February 24, 2005 at 12:36 |
robertmee Founding Member |
Joined: Posts: | October 2001 32 |
|
|
On 02/23/05 11:36 ET, KarlTL said...
I installed a combination wired/wireless network in my home. Wired the basement when I finished it out and have a wireless router that allows me to access the network from anywhere else in the house.
I do not turn off SSID broadcasting simply because, as I unerstand it, any device that can scan for a wireless access point will find any live access point. Jusr because the access point doesn't send out an SSID doesn't mean it cant be found (I'm pretty certain that I'm correct in this...if someone knows better, please chime in).
I do turn ON WEP encryption for all wireless stuff, use 128 bit encryption and a long encryption keyword.
A key security thing I also do is to use a variation of static IP address. What I mean is this...when I initially set up the router, I will leave DHCP on (router automatically assigns IP address') but define a limited number of IP address for the overall network. By limited, I mean only enough for the devices that I'll have on the network. I then set up and connect each device to the network and go into the router admin screen and lock each devices MAC adddress to whatever IP address the router assigned. Do the same with the next device etc...
As I add new devices, I go back to the router admin screen, increase the network IP address range by 1 and go through this process again. End result....even if someone were to get by the WEP encryption the system would not assign an address (even though DHCP is on) because I've limited the IP address to only those for the devices I've attached/autorized) and even if a device is off (it's IP address is potentially available), a hacker would have to have the specific MAC address associated with that IP address to get on the system.
I know this sounds complicated but it really isn't after you work through it once. Takes me all of 5 minutes (maybe) to add a new device to the network.
Bottomline is that I end up with a system that is pretty close to airtight, but very flexible. Once my devices are set up (laptop, wireless PDA etc..) I can get on the network with anything at anytime. When my kid's come to visit, I just have them use a wired ethernet port. All I have to do is logon to the router, increase the IP address range, have them hook up and then lock their MAC address to the new IP address. After that I just leave it set so they can plug right in next time they come to visit.
I leave the router firewall on and run Zone Lab's software firewall on all PC's in the house. The network connects to the outside world via encrypted wireless broadband ISP (my router's IP address is private/cant be pinged or accessed from outside) and I've had absolutely no problems (knock on wood). What's the advantage of this versus just turning off DHCP and using fixed IP's? I've never understood why in a residential environment the reason for Dynamic IP addressing. In fact, with port forwarding and accessing various HA web servers, it makes more sense to fix the IP's anyway. In the old days, when using 95/98/NT required a reboot of a laptop when moving from home to on the road, maybe, but now with 2000/XP even that doesn't make sense.
|
|
Post 19 made on Thursday February 24, 2005 at 17:20 |
Late Night Bill Long Time Member |
Joined: Posts: | February 2004 495 |
|
|
On 02/24/05 00:38 ET, 2nd rick said...
I do believe that someday soon on-call emergency techs, like the "Geek Squad" model, will be the as common in the the US as the ubiquitous Roto Rooter vans and locksmith trucks. I imagine 24 hr. dispatched on-site tech service with dozens of little VW Beetles in every city full of propellerhead kids fixing hardware and software issues to make out homes work again. An electrician friend of mine wacked some lady's PC power supply (wasn't his fault) right when she needed to get some work done in her home office. It was some proprietary power supply in a Gateway or something. If I had shown up and repaired/replaced that power supply. I could have invoiced for $400. Maybe I should get an old ambulance and go Ghostbuster style. -Bill
|
|
|
Post 20 made on Thursday February 24, 2005 at 18:10 |
QQQ Super Member |
Joined: Posts: | January 2002 4,806 |
|
|
On 02/21/05 16:24 ET, Late Night Bill said...
I think there is some flawed logic in how most people perceive technology, as pimped by those providing the technology. People perceive technology as something that will make their lives easier, safer, more convenient, etc. Huh??? That is how people SHOULD perceive technology, but unfortunately that is a broken promise and in my opinion is anything but how many (most?) people perceive technology. That's why I'm able to stay in business selling expensive AMX and Crestron systems - because people so desperately want technology to make their lives simpler but instead most of the time it only results in cursing and raised blood pressue. The perfect evidence is the absurd machine beneath my fingers. I've got a brand new HP top of the line laptop. As usual, with just about every PC, it crashed within 15 minutes out of the box. And then again. Yesterday after about 2 months the machine would no longer reboot and gave me some absurd message. I had to re-insert the XP disc and spend two hours doing a Chk Dsk to fix the problem. How in the world would the average person have even known what to do? I'm afraid many people think our lives were easier when we were using pen and paper and typewriter. They may not be right, but they have a point.
|
|
Post 21 made on Tuesday March 1, 2005 at 03:21 |
ATOH Advanced Member |
Joined: Posts: | February 2005 763 |
|
|
I do not turn off SSID broadcasting simply because, as I unerstand it, any device that can scan for a wireless access point will find any live access point. Jusr because the access point doesn't send out an SSID doesn't mean it cant be found (I'm pretty certain that I'm correct in this...if someone knows better, please chime in).
I do turn ON WEP encryption for all wireless stuff, use 128 bit encryption and a long encryption keyword. Karl, Try this. Remove your wireless lan from the list of preferred networks on your computer. Then log on to your router from a wired computer and turn off "SSID broadcast" . Now search for wireless networks. I just helped a friend of mine with his wireless router that the service provider set up for him. When I got there my laptop could find his router (still named linksys). Once I had finished setting up WEP, turning off UPnP, turned on block anonymous ping requests, and a few other things my laptop could not find a wireless network in range. Now, I'm SURE there's some way still to find it but not as easily. There's a way around everything. :-) Also, if you are using 802.11g only product then turn on WPA instead of WEP. WPA is the newer standard and supposedly more secure. Hope this helps!!
|
Why all the fighting and cussing? Can't Dave play nice? We're just here to learn and have fun. It was a harmless jab, laugh and get over it!!!!!!!!!!!!!!!!!! BTW... S-E-A-R-C-H!!! or do the work!!! |
|
Post 22 made on Wednesday March 2, 2005 at 00:10 |
KarlTL Long Time Member |
Joined: Posts: | December 2004 25 |
|
|
On 02/24/05 12:36 ET, robertmee said...
What's the advantage of this versus just turning off DHCP and using fixed IP's? I've never understood why in a residential environment the reason for Dynamic IP addressing. In fact, with port forwarding and accessing various HA web servers, it makes more sense to fix the IP's anyway. In the old days, when using 95/98/NT required a reboot of a laptop when moving from home to on the road, maybe, but now with 2000/XP even that doesn't make sense. Robert, the reason I do it this way (only advantage that I can think of) is this...if we have someone over, who needs internet access through my network, I just have to log into the router and enable an additional DHCP address for them. Other wise, they would have to go into their system and plug in an IP address that I give them along with DNS server address' etc... This just makes it a bit simpler for guests and it takes me no more than 4-5 minutes to dot his and lock their MAC address into the router so they can then use it whenever they like (perhaps they're staying over for several days...who knows..). Last but not least, open IP address' can be scanned for and potentially utilised. Locking an IP address to a MAC address in the network interface card provides an additional level of security with no real additional complication.
|
|
Post 23 made on Monday March 7, 2005 at 00:57 |
M_Bruno Long Time Member |
Joined: Posts: | August 2002 49 |
|
|
Hi Julie,
Actually, I've been surprised by the lack of concern about security. When I configure wireless networks I enable every security measure available as a matter of course, but no one ever asks about the measures I've taken. Recently, I installed a network for a client with Macs (most have PCs, of course) and found that a bug in the OS prevented the SSID and WEP key from begin saved on both systems. The customer was forced to reenter both each time when waking up or restarting. Finally, he asked for network security to be disabled, with no apparent concern other than convenience.
In another example, i installed a telephone system with voicemail. The voicemail system required users enter passwords (if previously established) even when retrieving messages locally. They were put off by the inconvienience of having to enter passwords, and never established them even when I explained that unauthorized outside callers with a rudimentary knowledge of the phone system would easily be able to retrieve private messages otherwise.
Bottom line: for most users, convenience easily trumps security.
|
|
Post 24 made on Tuesday March 8, 2005 at 03:13 |
ATOH Advanced Member |
Joined: Posts: | February 2005 763 |
|
|
bcf1963, Remember above about bluetooth, security, etc.? How about this: "CommWarrior attempts to spread by sending messages via Bluetooth wireless connections and Multimedia Message Service--different from the Cabir virus, which only used Bluetooth to proliferate." The quote above and the article can be found at: [Link: news.com.com] As I said, I wasn't sure but wasn't bluetooth part of the security issues with phones? Please try to be nice when telling someone they're a dumb*#s piece of worthless s**t and that they must be a neanderthal or something. We're all here to learn from each other, share ideas, help on problems jobs, etc. Why be so rude when even YOU do not have such infinite wisdom about everything... AS THE QUOTE ABOVE SHOWS Whatever. I'm still disgusted by it AND you
|
Why all the fighting and cussing? Can't Dave play nice? We're just here to learn and have fun. It was a harmless jab, laugh and get over it!!!!!!!!!!!!!!!!!! BTW... S-E-A-R-C-H!!! or do the work!!! |
|
Post 25 made on Wednesday March 9, 2005 at 00:23 |
gwilly Founding Member |
Joined: Posts: | September 2001 793 |
|
|
On 02/21/05 17:13 ET, Audible Solutionns said...
Leaders of governments have been assinated I always get a kick out of misspellings, usually unintentional, but in this case I'm sure there are some leaders that should be "assinated".
|
Some people are so used to special treatment--that equal treatment is considered discrimination..Thomas Sowell |
|
Post 26 made on Thursday March 10, 2005 at 00:29 |
Warren Long Time Member |
Joined: Posts: | November 2002 264 |
|
|
On 02/22/05 00:12 ET, bcf1963 said...
ATOH,
Best you stick to something you know something about, and spare us from your wisdom on things you don't... of which Bluetooth is obviously one.
Saw the same story. It definitely said Bluetooth equipted phones were the ones being hacked. It went on to say, at the moment, the only damage being done was to run down the phones battery. Not saying yea or nay, just that that was the info that was being output by the media last week.
|
|
Post 27 made on Thursday March 10, 2005 at 01:56 |
Audible Solutionns Super Member |
Joined: Posts: | March 2004 3,246 |
|
|
On 03/09/05 00:23 ET, gwilly said...
I always get a kick out of misspellings, usually unintentional, but in this case I'm sure there are some leaders that should be "assinated". I guess I deserved that. I still wish this site had spell check as I do not need any additional help to prove how dumb I am. Alan
|
"This is a Christian Country,Charlie,founded on Christian values...when you can't put a nativiy scene in front fire house at Christmas time in Nacogdoches Township, something's gone terribly wrong" |
|
Post 28 made on Thursday March 10, 2005 at 08:50 |
GotGame Super Member |
Joined: Posts: | February 2002 4,022 |
|
|
QQQ, How did you make out with Carly Fiorina's parting gift in your computer?
|
I may be schizophrenic, but at least I have each other. |
|
|
Before you can reply to a message... |
You must first register for a Remote Central user account - it's fast and free! Or, if you already have an account, please login now. |
Please read the following: Unsolicited commercial advertisements are absolutely not permitted on this forum. Other private buy & sell messages should be posted to our Marketplace. For information on how to advertise your service or product click here. Remote Central reserves the right to remove or modify any post that is deemed inappropriate.
|
|