Wireless networking security question

[tomdkat]

Ok, let's say I've got a wireless router providing Internet access for Windows computers via wired and wireless connections. They can all access the Internet just fine. The wireless network is protected via WPA security. Cool.

Now, the computers are networked together using Windows networking and all the machines have software firewalls running (either ZoneAlarm free edition or the Windowd firewall). All the machines can access each other as desired.

Ok, if a hacker were to somehow compromise the WPA security and gain access to the wireless network, what measures can be taken to prevent them from accessing the Windows machines which are part of the Windows network?

Peace...

 

[TerryNet]

Best to concentrate on the WPA security 'cause once they are in the door, they are in the door!

WPA using dictionary words for a passphrase can be broken. WPA with a passphrase of at least 20 characters mixing letters and numbers and maybe some special characters has not yet been broken. Using a strong passphrase such as this is your best, and almost only, wireless security against knowledgeable and determined hackers.

 

[tomdkat]

Thanks for the tip!

Peace...

 

[etaf]

i think terrynet suggestion is the way to go - I would add also use upper and lower case letters, numbers and special characters

 

[JohnWill]

There are no known exploits of WPA with a long an random key, it's most certainly your best option. That's not to say you shouldn't have some security within the network too, and MOST IMPORTANT, have current and regular backups!

 

[llsee]

You can also use MAC address filtering for an extra layer of protection. That way only specified MAC addresses are able to access your network. Since every network adaptor has a unique MAC address that increases the security.

Of course MAC address filtering does nothing to prevent someone from intercepting wireless traffic, but it is one more layer of security that is available.

 

[TerryNet]

MAC address filtering adds no security to an encrypted network. It adds difficulty to your use of your own network.

 

[JohnWill]

Mac addresses filtering is another weak and ineffective security measure. Obviously, it's time for my The Six Dumbest Ways To Secure A Wireless Lan post.

 

[llsee]

Your sarcastic response to my post is the perfect example of why I seldom visit TSG anymore, and why I removed the link from my personal web page. At one time I thought that TsG was a web space where an individual could get sound "Un-Biased" support and answers to questions. Instead it is really the province of a small clique of snotty users who have turned it into their personal messaging system.

To tomdkat, I strongly suggest that you visit Steve Gibson's web site http://www.grc.com/default.htm for solid security advice. His "Security-Now" podcast is also an excellent resource. Unlike the users here, Mr Gibson does engage in reasonable discussion and does provide sound reasons behind his opinions, while listening respectfully to yours.

Forty years in corporate IT management, including the installation of the first wireless network on a regional stock exchange floor does give me the right to express an opinion. MAC address filtering does add a layer of network management, security AND complexity to a network.

This site should change its name from Tech Support Guy, to Opinionated Insider Club!

 

[JohnWill]

You're free to have an opinion on the topic, I'm curious why I'm not allowed the same freedom in your eyes. If expressing my opinion is being "snotty", then I guess that's me.

 

[llsee]

Lets take this off-line. I sent you a private message.

 

[tomdkat]

Thanks for the additional tips. Unfortunately, WEP security is the best I can have on one wireless network I setup since the drivers for one particular wireless adapter don't support WPA. I'll look at replacing this adapter and checking again for a driver update.

I'll also visit the sites referenced above and will look into MAC filtering. I understand the basic idea but never actually configured it. I mainly wanted to make sure there weren't other things I could do to "lock down" a Windows network that contains a mixture of wired and wireless machines, all sharing the same cable modem Internet connection.

You've all been a great help!

Peace...

 

[rolandk10]

Thanks for the additional tips. Unfortunately, WEP security is the best I can have on one wireless network I setup since the drivers for one particular wireless adapter don't support WPA.

I am running vista on my laptop and the other day tried to get on my girlfriends old wireless router that only has WEP. Vista (or the driver for the built in wireless) could see the network in the list but said it was an unsupported secure network.

Looks like WEP may get phased out soon.

 

[tomdkat]

I am running vista on my laptop and the other day tried to get on my girlfriends old wireless router that only has WEP. Vista (or the driver for the built in wireless) could see the network in the list but said it was an unsupported secure network.

Looks like WEP may get phased out soon.

Good to know. Thanks for the heads up!

Peace...