Wireless Security?

[NSR500]

I typically refrain from using wireless, but may have the need to occasionally enable my router because I cannot run cable in my apartment. Is there a way or tool('s) that I can use to make sure my system is not compromised?

I have read the tutorial here: http://ubuntuforums.org/showthread.php?t=202834
and I have also looked at the tools here: http://ubuntuforums.org/showthread.php?t=9836

I understand much of what is in those discussions and am looking for guidance in what to watch out for.

Plain and Simple...

1. What network monitoring tool can I use to see if someone has compromised my system and is syphoning off packets?

2. What tool, if any, from this thread: http://ubuntuforums.org/showthread.php?t=9836 would I use?

It seems that most of the discussions are based on auditing and looking for holes, but assuming that you have put forth your best efforts; what do you use to monitor your traffic against snoopers?

Thanks for the help guys!

[moffa]

Since you're using a router, the easiest way would be to go to the router's page and see the MAC address of any clients that have connected.

[johnnymac]

First off, if your using wireless and do not want anyone so get on:

1. Don't broadcast your ssid
2. Use WEP or WAP
3. Use MAC filtering and only allow certain MAC addresses to connect.

If you do those three things...only someone with ALOT of time and effort can crack it. Once they crack the WEP key (which will be quite difficult since you'd be filtering MAC addresses), they have to figure out how to clone your MAC to even be able to use the access point. At some point they'll just give up and go find someone who didn't secure their stuff.

[az]

Quote:

Originally Posted by johnnymac If you do those three things...only someone with ALOT of time and effort can crack it. Once they crack the WEP key (which will be quite difficult since you'd be filtering MAC addresses),

When you sniff packets from wireless, you are not associated with any ssid. So restricting mac addresses, not broadcasting your ssid are irrelevant. Cracking your WEP becomes a matter of time and packets sniffed.

Unfortunately, today's home wireless techology is not secure. You should not have the expectation of security over wireless. WEP, WPA, etc all make it inconvenient for a cracker, but it is far from impossible.

[NSR500]

Thanks Guys!

I have been employing those practices for quite some time now and regularly check my logs. My main concern is a "Near-Real Time" or "Real Time" method or tool I can use to see if someone is doing something. For example... How do I know if someone is using Airsnort, Aircrack, or some other appllication on me?
I've setup a test rig and tried it on myself and I did not notice anything abnormal until it was cracked and I logged on with the keys. I've thought of monitoring traffic for packet injection, etc... but its a bit challenging if I'm dl'ing a torrent and maxing out my bandwith.

[johnnymac]

So, by far my favorite IDS has been SNORT. Bad thing is...there isn't much in that arena for wireless. But they are starting to put it together...

http://snort-wireless.org/

You can be adventurous and try it out.

Also...some people can be QUITE over-bearing on wireless security. If you are using strong WEP encryption, 99% of the people will just move on to an unsecured access point (they are plentiful). For the remaining 1% who has the urge to do it....he's in some downtown area breaking into government records or banks

[huygens]

If one think WEP is enough a security, then one should read this: http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/


And if you can read French: http://sid.rstack.org/blog/index.php...ie-la-couronne

[johnnymac]

No one is saying WEP is enough security. You want secure wireless - don't use it. All you can do is take enough precautions to give someone a hard time trying to crack your wireless. No one is going to spend the time needed to break your WEP key and|or figure out how to spoof their way through MAC address filtering...why would they when they could go a block down the road and find an access point that is not secured. Now, if someone is able to sniff their way through grabbing your information as your surfing...hopefully your not doing anything like bank transactions, online purchasing or anything like that wireless - that would just be foolish.

[jaheds]

You can always leave your wireless network open and implement a Virtual Private Network (VPN) between the server that is connected to the wireless router and your main server/internet. There are plenty of VPN implementation that work well in Ubuntu, and I think VPNs are considered secure by many.

You can even protect your wireless network using a WPA key, instead of leaving it open to add a bit more to your VPN protection; but then you'd be encrypting twice and face the performance issues associated with that (it's not that bad.)

I used OpenVPN, and it was very easy to work with. It has a nice client for Mac OS X and windows, as well as for Linux. It doesn't use usernames and passwords if I remember correctly. It uses certificates instead, so you just click "connect" and wait to be connected to your virtual network; and generating and issuing these certificates is easy enough using OpenSSL.

It's all about reaching a security balance. For me that balance was just a simple WPA key on my router and no VPN. For you, it might be different.

[NSR500]

Thx Jaheds!