![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
cellioGo read ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
siderea's post about Firesheep and network security. Hijacking your credentials at many web sites, ranging from Twitter to Amazon, just got a lot easier.
No network is really secure, and especially not a wireless one. Someone who really wants to crack you can do so pretty much at will. As with physical security, the point isn't to keep the pros out; it's to discourage the kiddies so they'll go bother someone else instead. That said, you used to have to do at least a little work to crack someone else's security -- run a packet sniffer, launch dictionary attacks, and I'm not really sure what-all else. Now, it comes in the form of a convenient Firefox plug-in. (The running of which is almost certainly a violation of your ISP's terms of service and your employer's IT policies, just to be clear.)
So, reluctantly, I have ended our brief foray into leaking wireless into the street and not minding so long as they didn't eat much. (I had disabled our security recently because I was having problems connecting a new device.) An open network might be mostly harmless (given that we do no commerce, banking, etc from wireless devices), but I don't want to invite casual packet-sniffers onto my network -- don't want the risk that they can in fact get to me, and don't want that activity potentially associated with my IP address.
What I'd really like to have, and I can see no way to do this if you don't build your own router, is to receive an alert when an unknown device does show up on the network. Anyone know how I could do that when the tools available are a couple of Macs, legacy PCs (that are not usually left on), and a Verizon modem/router combo?
siderea's post about Firesheep and network security. Hijacking your credentials at many web sites, ranging from Twitter to Amazon, just got a lot easier.No network is really secure, and especially not a wireless one. Someone who really wants to crack you can do so pretty much at will. As with physical security, the point isn't to keep the pros out; it's to discourage the kiddies so they'll go bother someone else instead. That said, you used to have to do at least a little work to crack someone else's security -- run a packet sniffer, launch dictionary attacks, and I'm not really sure what-all else. Now, it comes in the form of a convenient Firefox plug-in. (The running of which is almost certainly a violation of your ISP's terms of service and your employer's IT policies, just to be clear.)
So, reluctantly, I have ended our brief foray into leaking wireless into the street and not minding so long as they didn't eat much. (I had disabled our security recently because I was having problems connecting a new device.) An open network might be mostly harmless (given that we do no commerce, banking, etc from wireless devices), but I don't want to invite casual packet-sniffers onto my network -- don't want the risk that they can in fact get to me, and don't want that activity potentially associated with my IP address.
What I'd really like to have, and I can see no way to do this if you don't build your own router, is to receive an alert when an unknown device does show up on the network. Anyone know how I could do that when the tools available are a couple of Macs, legacy PCs (that are not usually left on), and a Verizon modem/router combo?
(no subject)
Date: 2010-10-28 03:18 am (UTC)(no subject)
From:(no subject)
Date: 2010-10-28 03:19 am (UTC)(no subject)
From:(no subject)
Date: 2010-10-28 03:24 am (UTC)Otherwise, you pretty much have to run an active scan (send packets, hope for responses) of your network every small_time_period, and report back.
(no subject)
From:(no subject)
Date: 2010-10-28 03:37 am (UTC)If you're willing to run your own DHCP server, this can be trivial. Depending on your DHCP server implementation, there may even be a "run a script if an unknown MAC address connects" option.
If you don't want to run your own server, whatever IS running your DHCP server can probably be configured to write to syslog. There are a few "watch syslog for interesting entries" programs out there. It's pretty easy to make a Mac start saving syslog information. Configure all of your devices to use static addresses at home. Then, if the DHCP server EVER hands out an address, send an alert.
You could always convert one of those legacy PCs to a dedicated network monitoring machine, but that's probably overkill.
(no subject)
From:(no subject)
Date: 2010-10-28 01:34 pm (UTC)I understand that there's a security opening for people to access your login credentials to a variety of sites, but I don't entirely understand whether my own system is at risk. Would you know?
FWIW, I have a Verizon FiOS WIFI network that's password protected with a WEP key. I generally use Google Chrome as my browser, though my kids use IE. That about reaches the limits of what I know about it.
All that said, I live on a rural gravel road where none of the houses nearby is likely to be in range of my WIFI, and there's no casual outside car traffic because it's a dead-end street, so I would think my risk is low anyway...
OTOH, I use a password-protected corporate WIFI at work on IE... but I have no control over the security settings there except on my own laptop.
(no subject)
From:(no subject)
From: