Page 1 of 1

Non default SSID, and WEP-128, how safe am I?

PostPosted: Wed May 07, 2003 7:18 am
by SoggyLand
I am a late comer, I know. Please excuse the newbie speak. I waited this long to go wireless, because I just could not justify the expense of a laptop.

Ok.. Last week, bought a laptop, and wireless hardware. I picked up a Linksys Wireless-G Broadband Router(WRT54G) and a Linksys Wireless-G Notebook Adapter (WPC54G). At first, before discovering NetStumbler, I just plugged it in, and let WindowsXP do the rest.

Then I discovered NetStumbler. Wow... stayed up driving around till 1:00 am. I found over 100 AP's within 1 1/2 mile of my house, and only driving in one direction.

Anyway... Now that I know about NetStumbler, I have changed the SSID, turned WEP on (128 bits 26 Hex digits), and disabled the SSID broadcast. I immediately noticed that NetStumbler no longer saw my AP (once you tell Win XP not to configure wireless for you) Yeah, guess that makes me a party pooper for wardrivers.

The question is, how secure am I? What kind of equipment/software do you have to employ to find AP’s that are not broadcasting their SSID? Does all/most AP software let you disable the SSID broadcast?

PostPosted: Wed May 07, 2003 8:08 am
by Thorn
Read the FAQs and SEARCH.

All of these questions have been asked and answered over and over and over again. Being a newbie is fine. Being a newbie who doesn't search and asks questions that are covered multiple time makes you flamebait.

What are you asking in you poll? The options make no sense. Default, on, off WHAT?

Ok...

PostPosted: Wed May 07, 2003 8:52 am
by SoggyLand
I did search, and have read about 60 or 70 posts, but I guess I am not searching on the right keywords. I see what you mean. I should have just searched on 'SSID Broadcast'. I saw some stuff about ssid broadcast and about Kismet that I will read up on.

Sorry the poll question was not more clear. The question was;

What is your AP setup (SSID, SSID Broadcast, WEP)?

What I mean is: Is your SSID custom or default, is the SSID Broadcast on or off, is WEP on or off?

I will be sure to try and write less 'flameable' posts in the future.

Thanks,

PostPosted: Wed May 07, 2003 9:14 am
by Thorn
You are moderately secure. Read the WiFi FAQ thread on WiFI Secuity. It should answer most of your quesions. (I know because I wrote it. :D)

Regarding your poll: Anyone who is running the default SSID, No WEP and Broadcasting the SSID is either a fool who needs to RTFM, or is maintaining a honeypot/honeynet. There is never a good reason to run the defaults. Even free "Hotspot" or "Public Access" APs should have the SSID changed at the minumum.

Difference of opinion

PostPosted: Wed May 07, 2003 9:42 am
by nashr
Thorn,

I agree that anyone running all default settings needs to RTFM, but unfortunately thats exactly what the average home-user is going to do.

You know as well as anyone that "Joe Average" is going to buy his WAP so he can sit in front of the TV and check his email from his laptop or PDA. "Joe Average" isn't a member of the NetStumbler forums, and he most likely doesn't RTFM.

Think about all your average friends that fit into this category.

Re: Difference of opinion

PostPosted: Wed May 07, 2003 10:24 am
by Thorn
Originally posted by nashr
Thorn,

I agree that anyone running all default settings needs to RTFM, but unfortunately thats exactly what the average home-user is going to do.

You know as well as anyone that "Joe Average" is going to buy his WAP so he can sit in front of the TV and check his email from his laptop or PDA. "Joe Average" isn't a member of the NetStumbler forums, and he most likely doesn't RTFM.

Think about all your average friends that fit into this category.


nashr,
No real differnce of opinion. I realize that most users fit in the RTFM category. It has long been my opinion that the manufacturers need to either make the users understand that this is potenitally dangerous to the users data, or to make the units more secure out of the box. But it does not diminish the need for the users to actually read, or the fact if they don't, then they're foolish. Leading a horse to water and all that.

Of course, I'm the kind of guy who always RTFM; whether it's the car, the vacuum cleaner or wireless networking gear.

As far as the people that I know running wireless, friends I help gratus. Clients are advised to have the units secured and I give them the checklist. The advice to secure and checklist are free, if they hire me to do the work, then it's billable hours. All are advised to RTFM. (Well, most of the time I leave out the "F". ;)) Most never read it.