cancel
Showing results for 
Search instead for 
Did you mean: 

Wireless security

RobDickson
Grafter
Posts: 632
Thanks: 2
Registered: 06-08-2007

Wireless security

I have just been thinking (something that I try to avoid). It's possible to link two PCs together using a cross-over ethernet cable, or (old technology) some co-ax cable without needing a router.

Is it possible to link two PCs together without using a router and simply using two wireless dongles?

My router is protected using WEP and MAC address filtering, so nobody apart from me and Bird can access the router. However, if it's possible to directly link two PCs together wirelessly, what is stopping somebody from bypassing the router and taking files directly from my PC. My PC isn't protected by WEP and MAC address filtering.
12 REPLIES
N/A

Wireless security

It is perfectly feasable to link 2 computers together, bypassing any wireless access point.

However, this isn't as insecure as you may think.

1: You can set this up so it was WEP encryption too
2: You have to setup the link manualy.

These 2 points mean that you must setup the system to be insecure in the first place.
N/A

Wireless security

yep this is possable, its actually called an ad-hoc network though theres two things to consider, without an accesspoint the range of the network is more limited and under certain circumstances the speed of the network would be greatly reduced.
RobDickson
Grafter
Posts: 632
Thanks: 2
Registered: 06-08-2007

Wireless security

You've both raised some interesting points, but I am still slightly confused (please bear with me!). I'm running WinXP and running the WLAN Monitor Utility.

When I connect to my router, I need to enter a 128-bit password. Having entered this password on my PC, does this mean that if somebody wanted to communicate directly to my PC that they would need to know this password in the same way that they would if they were going to communicate with the router? If not, could you point me in the right direction to enter an alternative password?

When I enter my password, I have a choice of entering an authentication type (Auto, Shared Key, or Open System). At the moment, it's on Auto - what's the best setting to use? I only use the router to share my broadband connection, I don't share files or printers at the moment.

In another section, I get to choose the "Operating Mode". Here I can choose "Infrastructure" or "Ad-Hoc" - it's set to "Infrastructure" at the moment. From what you've said, connecting PC to PC is called "Ad-Hoc", so does my selection of "Infrastructure" mean that other PCs can't connect directly to my PC?

Sorry to come up with so many questions.

Rob
N/A

Wireless security

If the two computers already have wireless dongles and they are set up to access the internet via the router then they should already be able to communicate with each other. Try "pinging" the IP address of the other machine from your machine.

The 128-bit password is your WEP/WPA shared-key. However, since your router is set in "Auto" mode it will allow "Open System" (ie no password is required) and "Shared Key" (ie machines with a password) to connect. You should change the setting to "Shared Key" to prevent access without the 128-bit password. If you have a choice between WPA (may also be called 802.11x) and WEP you should chose WPA as it is more secure.

"Infrastructure" mode means that the client PC is configured to only accept requests via the Wireless Access Point (ie the router). "Ad-Hoc" mode means that you do not have a WAP and the PC's communicate directly with each-other.
RobDickson
Grafter
Posts: 632
Thanks: 2
Registered: 06-08-2007

Wireless security

Thanks again for the replies.

I'm sure that the two PCs can "talk" to each other through the router (I don't know, because I only use the router to share the broadband connection). My concern is that I don't want other people being able to access my PC directly (even if the router was switched off).

As far as the "Auto" setting is concerned, it's my PC that's set to Auto, not the router. Should I set my PC to "Shared Key". The router is set to require a WEP password before anything can connect to it. I'm not sure whether it will work with WPA, but I will check this out when I set up the MAC address filtering later.

Anyway, with my PC set to "Infrastructure", it can only connect to a router, not to another PC, so I think that it's secure. It only seems possible to connect to one router at a time, and it doesn't like connecting to my neighbour's un-protected network.

Just out of interest, if I did set it to Ad-Hoc, could one PC be connected to more that one thing at once (for example, two other PCs at once), or can one wireless dongle only communicate with one other device at once? With a wired network (without a router), it's possible for one PC to communicate with more than one other PC at a time.

Also, if I did decide to set it to Ad-Hoc, how do I protect my PC using WEP? Does entering a WEP password into the WLAN Monitor Utility on my PC (as I have done in order to communicate with the router) protect my PC in the same way if another PC tried to communicate directly to it (i.e. not through the router).
N/A

Wireless security

OK, so the problem that you are trying to address is someone trying to connect directly to your PC while you are using it and not necessarily someone hacking into your router and accessing your network.

I think that if you have your PC setup in ad-hoc mode it will communicate with any PC with the SSID. The "Auto" setting means that it will allow connections with or without a WEP password. I think that if you change the setting to "shared key" it will only allow connections with the correct key (only you should check the manual for the driver).
If the driver is in infrastructure mode then it will only connect with a router.

The driver with my card allows several configurations to be set up although I suspect that you can only use one at a time (I don't have more than one wireless network to try this out).

If you are concerned about access to your machine from another machine you could either install ZoneAlarm (free!) or activate the WinXP firewall on the wireless connection. This would prevent another PC from accessing your PC.
With ZoneAlarm you can get prompted every time a PC attempts to connect and you can either accept or reject the request.
RobDickson
Grafter
Posts: 632
Thanks: 2
Registered: 06-08-2007

Wireless security

I don't have the choice between "infrastructure" and "ad-hoc" on my PC, but I have changed the "auto" setting to "shared key" (the other option was "open system", which I thought was worth avoiding).

Thanks for all the advice.
RobDickson
Grafter
Posts: 632
Thanks: 2
Registered: 06-08-2007

Wireless security

Having checked the WLAN Monitor Utility that my USB wireless dongle uses (I don't have a manual), I found that there is an "operating mode" setting and it is already set to "infrastructure". There is also an "int. roaming" setting which is disabled (I only want it to connect to one router and not switch between routers) and a "radio" setting.

The "radio" setting can be set to "on" or "off", but I have no idea what it's for. It's currently set to "on" (the default), but does anybody have any ideas what it's all about?
N/A

Wireless security

The most secure mode for wireless is WiFi Protected Access (WPA) with Temporal Key Integrity Protocol (TKIP) or WPA/TKIP, followed by WPA/Pre Shared Key (PSK). These are the new 802.11i standard but you will probably need firmware updates from your OEM to get these.

The next most secure is WEP 256 bit Open Authentication with a 58 character hexadecimal key. Or you can use the slightly less secure 128 bit (26 hexadecimal characters) or 64 bit (10 hexadecimal characters).

All these of course are further enhanced by selective choice of your SSID name and MAC filtering.

The least secure apart from unencrypted is WEP Shared Key.

This Microsoft article gives the following advice:

"For a secure wireless network that cannot use IEEE 802.1X authentication and does not support WPA, open system authentication is recommended. On the surface, this might seem contradictory because open system authentication is not really authentication, but identification, and shared key authentication requires knowledge of a shared secret key. Shared key authentication might be a stronger authentication method than open system, but the use of shared key authentication makes wireless communication less secure.

For most implementations, including Windows XP, the shared key authentication secret key is the same as the WEP encryption key. The shared key authentication process consists of two messages: a challenge message sent by the authenticator and a challenge response message sent by the authenticating wireless client. A malicious user that captures both messages can use cryptanalysis methods to determine the shared key authentication secret key, and therefore the WEP encryption key. Once the WEP encryption key is determined, the malicious user has full access to your network, as if WEP encryption was not enabled. Therefore, although shared key authentication is stronger than open system for authentication, it weakens WEP encryption.

The tradeoff with using open system authentication is that, unless your wireless AP has the ability to configure the list of allowed wireless clients by their hardware addresses, anyone can easily join your network. By joining the network, the malicious user uses up one of the available wireless connections. However, without the WEP encryption key, they cannot send or receive wireless frames.

Wireless APs and Windows XP support open system authentication. One advantage to using open system authentication is that it is always enabled for Windows XP wireless clients. No additional authentication configuration is needed."
N/A

Wireless security

Thought I'd clarify because it can appear complicated. There are 2 layers to crack to get at your wireless data. The first is being able to authenticate yourself as authorised to be on the network.

The second, once on the network, is to be able to unscramble the coded information and make sense of it.

With WEP Shared Key the same key is used for both layers and this is it's Achilles' Heel. So if you want to join my network you have to crack the first layer and authenticate yourself. So I transmit a handshake message using my WEP key and if you can match it(because you're not a hacker so you will know it) I'll let you on my network. Once on you then unscramble the data using the same key.

The weakness is that if you are a hacker eavesdropping I am sending you my WEP key (albeit encypted) as part of the authentication handshake. Because the WEP key is static and rarely gets changed by the network owner that then gives me bags of time as a hacker to cryptoanalyse and crack it. Because the same key is also used for layer 2 data scrambling, as the hacker I can now also penetrate the second layer and decode your data.

With Open Authentication, as a hacker, you can get on my network straightaway. However the layer 2 data is still encrypted with the WEP key; however you will never be able to unscramble my data as I am not transmitting my WEP key to you as part of the layer 1 authentication process.

Use of a selective SSID and MAC filtering will block a hackers attempts to access the network layer one; hence MAC filtering with WEP Open Auth is the most secure unless you have WPA.

Hope this helps as I know it can be quite difficult to get your head around.
RobDickson
Grafter
Posts: 632
Thanks: 2
Registered: 06-08-2007

Wireless security

It's very complicated, but thank-you for your clarification - I think I've understood it.

So, I had it right before (by luck, more than judgement), and I'll change my PC back to an "open" system. I assume that I have the same selection in my router's set-up, but I haven't checked it yet.

I don't think that either my PC, or my router support WPA.
N/A

Wireless security

Try this link. You may find it helpful.