Page 1 of 2 12 LastLast
Results 1 to 16 of 17

Thread: Wifi Security

  1. #1
    Member
    Join Date
    Jul 2003
    Posts
    154
    Thanks
    0
    Thanked
    0 times in 0 posts

    Wifi Security

    If I set up a Wifi network and allow only selected MAC addresses to connect to the Internet, can I prevent the allowed clients from sharing the connection with other PCs? Is there any tools (software/hardware) that could detect this situation? Thanks very much in advance.

  2. #2
    Overclocking Since 1988 nightkhaos's Avatar
    Join Date
    Apr 2009
    Location
    Sydney, AU
    Posts
    1,415
    Thanks
    93
    Thanked
    127 times in 106 posts

    Re: Wifi Security

    Quote Originally Posted by SMPer View Post
    If I set up a Wifi network and allow only selected MAC addresses to connect to the Internet, can I prevent the allowed clients from sharing the connection with other PCs? Is there any tools (software/hardware) that could detect this situation? Thanks very much in advance.
    First and formost... why? What is so special about your Internet connection?

    And sorry, without any intrusive (read malware) software, this application is impossible.
    Desktop (Cy): Intel Core i7 920 D0 @ 3.6GHz, Prolimatech Megahalems, Gigabyte X58-UD5, Patriot Viper DDR3 6GiB @ 1440MHz 7-7-7-20 2T, EVGA NVIDIA GTX 295 Co-Op, Asus Xonar D2X, Hauppauge WinTV Nova TD-500, 2x WD Caviar Black 1TB in RAID 0, 4x Samsung EcoDrive 1.5TB F2s in RAID 5, Corsair HX 750W PSU, Coolermaster RC-1100 Cosmos Sport (Custom), 4x Noctua P12s, 6x Noctua S12Bs, Sony Optiarc DVD+/-RW, Windows 7 Professional Edition, Dell 2408WFP, Mirai 22" HDTV

    MacBook Pro (Voyager): Intel Core 2 Duo @ 2.6GHz, 4GiB DDR2 RAM, 200GB 7200RPM HDD, NVIDIA 8600GTM 512MB, SuperDrive, Mac OS X Snow Leopard, 15.4" Matte Display

    HTPC (Delta-Flyer): Intel Core 2 Q8200 @ 2.33GHz, Zotec GeForce 9300-ITX, 2GiB of DDR2 Corsair XMS2 RAM, KWorld PE355-2T, Samsung EcoDrive F2 1.5TB, In-Win BP655, Noctua NF-R8, LiteOn BluRay ROM Drive, Windows 7 Home Premium, 42" Sony 1080p Television

    i7 (Bloomfield) Overclocking Guide

    Quote Originally Posted by Spock
    I am not our father.

  3. #3
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: Wifi Security

    Quote Originally Posted by nightkhaos View Post
    First and formost... why? What is so special about your Internet connection?
    Why does it matter why?

    Maybe it's a small business environment and he only wants specific users to have net access? That's certainly not an unusual requirement.

  4. #4
    Overclocking Since 1988 nightkhaos's Avatar
    Join Date
    Apr 2009
    Location
    Sydney, AU
    Posts
    1,415
    Thanks
    93
    Thanked
    127 times in 106 posts

    Re: Wifi Security

    Quote Originally Posted by Saracen View Post
    Maybe it's a small business environment and he only wants specific users to have net access? That's certainly not an unusual requirement.
    That isn't, of course, but using a techincal solution to such a problem seems like a waste of resources.

    If the laptops in question are company owned he could always disable such functionality from the users, but since he seems to looking for a server side option we can rule out that is a possibly.

    In order to inforce such business parctice the intelligent thing to do would to be only authorise company laptops connections, via a RADIUS network is similar, such a practice would not only allow direct control of the hardware, it will also negate the need for MAC address flitering because transfering the access information is a maginitude harder than a PSK.
    Desktop (Cy): Intel Core i7 920 D0 @ 3.6GHz, Prolimatech Megahalems, Gigabyte X58-UD5, Patriot Viper DDR3 6GiB @ 1440MHz 7-7-7-20 2T, EVGA NVIDIA GTX 295 Co-Op, Asus Xonar D2X, Hauppauge WinTV Nova TD-500, 2x WD Caviar Black 1TB in RAID 0, 4x Samsung EcoDrive 1.5TB F2s in RAID 5, Corsair HX 750W PSU, Coolermaster RC-1100 Cosmos Sport (Custom), 4x Noctua P12s, 6x Noctua S12Bs, Sony Optiarc DVD+/-RW, Windows 7 Professional Edition, Dell 2408WFP, Mirai 22" HDTV

    MacBook Pro (Voyager): Intel Core 2 Duo @ 2.6GHz, 4GiB DDR2 RAM, 200GB 7200RPM HDD, NVIDIA 8600GTM 512MB, SuperDrive, Mac OS X Snow Leopard, 15.4" Matte Display

    HTPC (Delta-Flyer): Intel Core 2 Q8200 @ 2.33GHz, Zotec GeForce 9300-ITX, 2GiB of DDR2 Corsair XMS2 RAM, KWorld PE355-2T, Samsung EcoDrive F2 1.5TB, In-Win BP655, Noctua NF-R8, LiteOn BluRay ROM Drive, Windows 7 Home Premium, 42" Sony 1080p Television

    i7 (Bloomfield) Overclocking Guide

    Quote Originally Posted by Spock
    I am not our father.

  5. #5
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: Wifi Security

    Depends on the size and technical complexity of the business. There's a lot of businesses for which I'd have thought RADIUS was both way overkill, and technically infeasible. I know quite a few that have issues with the technical aspects of updating their printer drivers.

    But it's getting off the actual question anyway, to which I don't have a good answer. The way I read the question, what SMPer wants is something like small office situation where some people need net access (maybe a couple of managers), and where Wifi is structurally the easy way of doing it, but where he doesn't want unauthorised users getting access via an authorised user.

    In other words, anyone that gets net access ONLY gets it by being authorised at the router, and not piggybacking via an authorised PC. In which case, will not just preventing internet connection sharing on all PCs, and locking down user access to those settings on each PC, do the job?

    It's hard to be sure without knowing more about SMPer's situation.

  6. #6
    Overclocking Since 1988 nightkhaos's Avatar
    Join Date
    Apr 2009
    Location
    Sydney, AU
    Posts
    1,415
    Thanks
    93
    Thanked
    127 times in 106 posts

    Re: Wifi Security

    Couldn't the security policy of the company change such that giving an unauthorised user internet accept is grounds for disprency action?

    Much simplier solution if it can be applied.
    Desktop (Cy): Intel Core i7 920 D0 @ 3.6GHz, Prolimatech Megahalems, Gigabyte X58-UD5, Patriot Viper DDR3 6GiB @ 1440MHz 7-7-7-20 2T, EVGA NVIDIA GTX 295 Co-Op, Asus Xonar D2X, Hauppauge WinTV Nova TD-500, 2x WD Caviar Black 1TB in RAID 0, 4x Samsung EcoDrive 1.5TB F2s in RAID 5, Corsair HX 750W PSU, Coolermaster RC-1100 Cosmos Sport (Custom), 4x Noctua P12s, 6x Noctua S12Bs, Sony Optiarc DVD+/-RW, Windows 7 Professional Edition, Dell 2408WFP, Mirai 22" HDTV

    MacBook Pro (Voyager): Intel Core 2 Duo @ 2.6GHz, 4GiB DDR2 RAM, 200GB 7200RPM HDD, NVIDIA 8600GTM 512MB, SuperDrive, Mac OS X Snow Leopard, 15.4" Matte Display

    HTPC (Delta-Flyer): Intel Core 2 Q8200 @ 2.33GHz, Zotec GeForce 9300-ITX, 2GiB of DDR2 Corsair XMS2 RAM, KWorld PE355-2T, Samsung EcoDrive F2 1.5TB, In-Win BP655, Noctua NF-R8, LiteOn BluRay ROM Drive, Windows 7 Home Premium, 42" Sony 1080p Television

    i7 (Bloomfield) Overclocking Guide

    Quote Originally Posted by Spock
    I am not our father.

  7. #7
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: Wifi Security

    Quote Originally Posted by nightkhaos View Post
    Couldn't the security policy of the company change such that giving an unauthorised user internet accept is grounds for disprency action?

    Much simplier solution if it can be applied.
    If it's a company, yes, probably. But what about a group of students in shared flat? Or a couple of neighbours (probably illegally) sharing a single ISP connection?

    But even in a company, it's better to prevent problems that have to discipline, let alone dismiss, staff. Merely making something against policy doesn't mean people will read, remember let alone respect that policy. And you don't want to lose otherwise good staff over this if you can help it, I'd have thought.

  8. #8
    Overclocking Since 1988 nightkhaos's Avatar
    Join Date
    Apr 2009
    Location
    Sydney, AU
    Posts
    1,415
    Thanks
    93
    Thanked
    127 times in 106 posts

    Re: Wifi Security

    Quote Originally Posted by Saracen View Post
    If it's a company, yes, probably. But what about a group of students in shared flat? Or a couple of neighbours (probably illegally) sharing a single ISP connection?

    But even in a company, it's better to prevent problems that have to discipline, let alone dismiss, staff. Merely making something against policy doesn't mean people will read, remember let alone respect that policy. And you don't want to lose otherwise good staff over this if you can help it, I'd have thought.
    /me notes he has been working in big business for to long where logical things like "prevention" don't happen.
    Desktop (Cy): Intel Core i7 920 D0 @ 3.6GHz, Prolimatech Megahalems, Gigabyte X58-UD5, Patriot Viper DDR3 6GiB @ 1440MHz 7-7-7-20 2T, EVGA NVIDIA GTX 295 Co-Op, Asus Xonar D2X, Hauppauge WinTV Nova TD-500, 2x WD Caviar Black 1TB in RAID 0, 4x Samsung EcoDrive 1.5TB F2s in RAID 5, Corsair HX 750W PSU, Coolermaster RC-1100 Cosmos Sport (Custom), 4x Noctua P12s, 6x Noctua S12Bs, Sony Optiarc DVD+/-RW, Windows 7 Professional Edition, Dell 2408WFP, Mirai 22" HDTV

    MacBook Pro (Voyager): Intel Core 2 Duo @ 2.6GHz, 4GiB DDR2 RAM, 200GB 7200RPM HDD, NVIDIA 8600GTM 512MB, SuperDrive, Mac OS X Snow Leopard, 15.4" Matte Display

    HTPC (Delta-Flyer): Intel Core 2 Q8200 @ 2.33GHz, Zotec GeForce 9300-ITX, 2GiB of DDR2 Corsair XMS2 RAM, KWorld PE355-2T, Samsung EcoDrive F2 1.5TB, In-Win BP655, Noctua NF-R8, LiteOn BluRay ROM Drive, Windows 7 Home Premium, 42" Sony 1080p Television

    i7 (Bloomfield) Overclocking Guide

    Quote Originally Posted by Spock
    I am not our father.

  9. #9
    Member
    Join Date
    Jul 2003
    Posts
    154
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Wifi Security

    Thanks all for the responses. I was just reading about Wifi security, firewall, etc. I was thinking, even with secured wireless connection (WPA2) and MAC filtering, nothing is stopping unauthorised clients to connect to the internet if it goes thru one of the authorised clients. I was actually hoping someone would say otherwise . If this can't be prevented, can it at least be detected? Maybe some sort of packet analyser that could detect traffic originating from beyond the authorised MAC adresses?

    I'll think of a scenario where this could be a problem and get back to you guys. Maybe something along what Saracen mentioned earlier about students or neighbours.
    Last edited by SMPer; 19-10-2009 at 06:17 PM.

  10. #10
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,478
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: Wifi Security

    Maybe you could use RADIUS WPA2? That way each user would be assigned a key so they couldn't share it.

  11. #11
    fold fold fold!
    Join Date
    Nov 2008
    Posts
    511
    Thanks
    25
    Thanked
    32 times in 25 posts
    • shbris's system
      • CPU:
      • 1600x
      • Memory:
      • 16GB
      • Storage:
      • various ssd's
      • Graphics card(s):
      • gtx 1060 6gb
      • Case:
      • mini itx
      • Operating System:
      • Windows 10
      • Internet:
      • 100/10

    Re: Wifi Security

    how about using airodump-ng or kismet to monitor the wireless connections in area, nothing intrusive, then u can see if any connection is being re-broadcast by the broadcasting MAC address?

  12. #12
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Wifi Security

    Some Draytek routers (the 2800 does, I think the 2820 does as well) have a facility which allow wireless connections to connect to the internet, but are prevented from accessing PCs on the wired LAN side. This is based on Mac filtering.

    I haven't tested it to see if a wirelessly connected computers that are restricted in this way can see each other or not. (I suspect not).

    You may want to consider a privacy protection solution such as WPA2, (and which also provides a degree of authentication)

    I used this when my children's friends used to bring laptops round to do work and needed to use the internet, but I didn't want them to see the other machines on the network. (Just in case nightkhaos was wondering! )
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  13. #13
    Overclocking Since 1988 nightkhaos's Avatar
    Join Date
    Apr 2009
    Location
    Sydney, AU
    Posts
    1,415
    Thanks
    93
    Thanked
    127 times in 106 posts

    Re: Wifi Security

    Quote Originally Posted by peterb View Post
    Some Draytek routers (the 2800 does, I think the 2820 does as well) have a facility which allow wireless connections to connect to the internet, but are prevented from accessing PCs on the wired LAN side. This is based on Mac filtering.

    I haven't tested it to see if a wirelessly connected computers that are restricted in this way can see each other or not. (I suspect not).

    You may want to consider a privacy protection solution such as WPA2, (and which also provides a degree of authentication)

    I used this when my children's friends used to bring laptops round to do work and needed to use the internet, but I didn't want them to see the other machines on the network. (Just in case nightkhaos was wondering! )
    Why would I be curious about that? I've already decided I want the DrayTek, knowing just how uber it is won't change my mind.
    Desktop (Cy): Intel Core i7 920 D0 @ 3.6GHz, Prolimatech Megahalems, Gigabyte X58-UD5, Patriot Viper DDR3 6GiB @ 1440MHz 7-7-7-20 2T, EVGA NVIDIA GTX 295 Co-Op, Asus Xonar D2X, Hauppauge WinTV Nova TD-500, 2x WD Caviar Black 1TB in RAID 0, 4x Samsung EcoDrive 1.5TB F2s in RAID 5, Corsair HX 750W PSU, Coolermaster RC-1100 Cosmos Sport (Custom), 4x Noctua P12s, 6x Noctua S12Bs, Sony Optiarc DVD+/-RW, Windows 7 Professional Edition, Dell 2408WFP, Mirai 22" HDTV

    MacBook Pro (Voyager): Intel Core 2 Duo @ 2.6GHz, 4GiB DDR2 RAM, 200GB 7200RPM HDD, NVIDIA 8600GTM 512MB, SuperDrive, Mac OS X Snow Leopard, 15.4" Matte Display

    HTPC (Delta-Flyer): Intel Core 2 Q8200 @ 2.33GHz, Zotec GeForce 9300-ITX, 2GiB of DDR2 Corsair XMS2 RAM, KWorld PE355-2T, Samsung EcoDrive F2 1.5TB, In-Win BP655, Noctua NF-R8, LiteOn BluRay ROM Drive, Windows 7 Home Premium, 42" Sony 1080p Television

    i7 (Bloomfield) Overclocking Guide

    Quote Originally Posted by Spock
    I am not our father.

  14. #14
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Wifi Security

    Just a gentle tease - you were curious about wht the OP needed such a facility!

    I have - overall been very pleased with 2800 - I bought mine just after they were released (abut 3 years ago) and one or two more obscure facilities didn't wlork as expected, but a firmware flash fixed that very early on. The VPN facility with the Draytek client application is really easy to set up too.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  15. #15
    Registered User
    Join Date
    Jun 2009
    Location
    Milk n' Beans
    Posts
    7
    Thanks
    0
    Thanked
    0 times in 0 posts
    • Traajel's system
      • Motherboard:
      • Gigabyte GA-P35C-DS3R
      • CPU:
      • C2Q Q6600 (Stock)
      • Memory:
      • 4GB DDR2-800
      • Storage:
      • 750GB Samsung F1
      • Graphics card(s):
      • 640MB GeForce 8800GTS
      • PSU:
      • Corsair HX 620
      • Case:
      • Antec P182
      • Operating System:
      • WinXP
      • Monitor(s):
      • Samsung SyncMaster 226CW

    Re: Wifi Security

    Apologies if this has already been said - I had a quick scan through the replies and couldn't see it standing out, but I think it needs to be mentioned...

    MAC filtering is incredibly easy for an intruder to get around. The attacker only needs to intercept packets between an allowed client machine and the access point, and can then read the MAC address of the client machine and spoof their own MAC address to be the same. It is not advisable to use this as a security method (or at very least not the main security method)

  16. #16
    Overclocking Since 1988 nightkhaos's Avatar
    Join Date
    Apr 2009
    Location
    Sydney, AU
    Posts
    1,415
    Thanks
    93
    Thanked
    127 times in 106 posts

    Re: Wifi Security

    Quote Originally Posted by Traajel View Post
    Apologies if this has already been said - I had a quick scan through the replies and couldn't see it standing out, but I think it needs to be mentioned...

    MAC filtering is incredibly easy for an intruder to get around. The attacker only needs to intercept packets between an allowed client machine and the access point, and can then read the MAC address of the client machine and spoof their own MAC address to be the same. It is not advisable to use this as a security method (or at very least not the main security method)
    Another reason to go for RADIUS over PSK with MAC.
    Desktop (Cy): Intel Core i7 920 D0 @ 3.6GHz, Prolimatech Megahalems, Gigabyte X58-UD5, Patriot Viper DDR3 6GiB @ 1440MHz 7-7-7-20 2T, EVGA NVIDIA GTX 295 Co-Op, Asus Xonar D2X, Hauppauge WinTV Nova TD-500, 2x WD Caviar Black 1TB in RAID 0, 4x Samsung EcoDrive 1.5TB F2s in RAID 5, Corsair HX 750W PSU, Coolermaster RC-1100 Cosmos Sport (Custom), 4x Noctua P12s, 6x Noctua S12Bs, Sony Optiarc DVD+/-RW, Windows 7 Professional Edition, Dell 2408WFP, Mirai 22" HDTV

    MacBook Pro (Voyager): Intel Core 2 Duo @ 2.6GHz, 4GiB DDR2 RAM, 200GB 7200RPM HDD, NVIDIA 8600GTM 512MB, SuperDrive, Mac OS X Snow Leopard, 15.4" Matte Display

    HTPC (Delta-Flyer): Intel Core 2 Q8200 @ 2.33GHz, Zotec GeForce 9300-ITX, 2GiB of DDR2 Corsair XMS2 RAM, KWorld PE355-2T, Samsung EcoDrive F2 1.5TB, In-Win BP655, Noctua NF-R8, LiteOn BluRay ROM Drive, Windows 7 Home Premium, 42" Sony 1080p Television

    i7 (Bloomfield) Overclocking Guide

    Quote Originally Posted by Spock
    I am not our father.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 6
    Last Post: 08-11-2007, 05:22 PM
  2. WiFi Walker - detailled hotspot locator + USB Wifi dongle - £21.99!
    By koocha in forum Retail Therapy and Bargains
    Replies: 9
    Last Post: 22-10-2007, 05:54 PM
  3. Have you done all of your windows updates ?
    By Moby-Dick in forum General Discussion
    Replies: 33
    Last Post: 05-05-2004, 01:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •