Fun with new shiny from work :)

Dec. 8th, 2005 07:23 pm
azekeil: (geek)
[personal profile] azekeil
Work have just given me one of these, except with 1GB RAM and an internal DVD writer too. VMWare is coming as well. Muahahaha!

I've just arrived at [livejournal.com profile] kissycat1000's and decided to see if there were any wireless networks floating around. Yup. 2. Both unsecured. One wouldn't give me an IP address, but the other one would. I promptly downloaded nmap for windows and had a quick scan. Well whaddaya know. Their wireless router homepage is available to me, not password protected. I can restore factory defaults or restart the router. I could even change the settings to lock to just this laptop, then put a password on and restart it.. *evil cackle*

People do do the dumbest things with networking equipment ;)

I might scan it every now and again to see if there's another PC on there, then try to send them a message or leave them a file letting them know their network is insecure ;)
  • Current Mood: geeky
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2005-12-08 07:38 pm (UTC)
ext_157651: face (Default)
From: [identity profile] meltie.livejournal.com
Mmmm, thinkpad. That'll last you 10 years :)

Date: 2005-12-08 07:52 pm (UTC)
From: [identity profile] alexmc.livejournal.com
Strange... Most wireless routers I know only put their web interface on the wired lan. Hmmm. (Not that I know many wireless routers)

Date: 2005-12-08 08:25 pm (UTC)
From: [identity profile] azekeil.livejournal.com
I don't know either - but what if it's a wireless only router?

Date: 2005-12-08 10:22 pm (UTC)
From: [identity profile] simonb.livejournal.com
The sensible wireless routers will do this; however as [livejournal.com profile] azekeil says it may well be a wireless-only router.

I've also heard of some APs (NetGear being one AFAIR) which you tell to only allow management access on the wired network and which then ignore this. I've also heard of APs which allow management features to completely bypass any firewalls which are in place on the built-in router.

Date: 2005-12-08 08:26 pm (UTC)
From: [identity profile] sarah-mum.livejournal.com
Or why not let them know it's insecure and offer to make it secure for a *small* fee?

Date: 2005-12-08 08:30 pm (UTC)
From: [identity profile] azekeil.livejournal.com
Gosh then I'd have to actually *learn* something about wireless networks *sigh*

Date: 2005-12-08 10:20 pm (UTC)
From: [identity profile] simonb.livejournal.com

That is something I've just done - I'm right now writing up the joys of getting WPA2 wireless networking configured with Windows XP. One of the real fun bits about wireless networking is the rather large number of standards you've got within the 802.11 area. There is a, b, g and n for the actual transmittion of the data and then fun things like i for the enhanced security stuff. The different 802.11 standards currently go from a to w!

When it comes to wireless networking, the security you can use are as follows:

  1. Nothing at all; SSID is broadcast
    Strangely enough this is the least secure - anyone who can see the network can connect to it. This is probably the level of security on the wireless networks you're connecting to
  2. SSID is not broadcast
    Only slightly better than nothing at all, but not that useful as AirSnort and similar can easily get the SSID
  3. MAC filtering
    Slightly more useful as only permitted machines are allowed to connect. That said, AirSnort et al can see the ethernet addresses used and its easy enough to forge packets to get around MAC filtering
  4. WEP - Wired Equivalent Privacy
    Amusingly enough WEP was throughly broken back in 2001 and at best its only really useful to stop random people connecting to your network and shouldn't be used for anything critical. You have a network key - effectively a shared password - which can be 56, 128 or 156 bits in length. If you don't know the WEP key then you will not be able to connect to the network.
  5. WPA - Wi-Fi Protected Access
    Uses better encryption than WEP and has better protection for keys; this is really the lowest level of wireless security you should consider for any traffic you care about
  6. WPA2
    Second version of WPA which implements the 802.11i security standard. Definately the one to use as it uses AES for its encryption rather than RC4 and is in general considered to be pretty secure

There are two sub-standards for both WPA and WPA2; the standard WPA/WPA2 requires for there to be an 802.1X authentication server available - generally this is a RADIUS server - which is a little bit of an overkill for SOHO or personal usage. To get around this there is now WPA-PSK and WPA2-PSK which uses a known secret in a similar way to a WEP key. The difference is that it uses the much stronger authentication and encryption of WPA/WPA2. You do need to use a far longer password than the usual 6-8 characters people use for passwords.

Work now have two wireless LANs in operation; one has its SSID broadcast and only has WEP protecting it. However that network is totally untrusted; people on it are trusted less than people on the general internet and they are extremely limited in how they connect to the net. The other has a hidden SSID - mainly due to limitations in the APs I'm using - and uses WPA2. Users individually authenticate against a RADIUS server so I can lock access right down. As a result this network is directly connected to the internal network as, in a way, access to it is better controlled than if the users plugged their laptop into the wired network!

Date: 2005-12-08 11:36 pm (UTC)
From: [identity profile] azekeil.livejournal.com
I think you do things exactly the same way my work do. I only caught bits of details as things whizzed past, but that all fits. I tried using the VPN from the unsecured network but that had been blocked - apparently people can do all sorts of nasty things if it's not, but it wasn't explained to me. Our security guy is good, but does have a bit of a reputation for going OTT. I'm not allowed a native mail client to connect to my personal email (presumably because they worry about the unfiltered stuff running code on their computers & network)

Yes I'm going to have to learn and perhaps play with AirSnort et al a bit on these home networks :)

Date: 2005-12-09 09:27 am (UTC)
From: [identity profile] simonb.livejournal.com
I think you do things exactly the same way my work do

TBH its the only sensible way of doing things when its said and done. After all there is the need to support random people coming in the building who could have any sort of machine in any sort of state and also the need to support staff as well. The first set need the absolute basics as you can't guarentee that they'll have the latest stuff to run in a more secure mode - hell Windows only supported plain WPA in service pack 2 of WinXP! Thus the use of a WEP key and nothing more. However as a result of using that the network shouldn't be trusted.

Thus the second, more secure, staff network is used where you can dictate what people use to connect to it.

I tried using the VPN from the unsecured network but that had been blocked - apparently people can do all sorts of nasty things if it's not, but it wasn't explained to me

Er, I think someone doesn't entirely know what they are doing then. When it really comes down to it, there is little difference between someone using the wireless network to connect to the VPN and someone coming in from the Internet to do the same. In some respects its better as you can actually see what the other people are doing.

It could be the case that the VPN system your work is using can't be configured to provide VPN access on the interface the open wireless network is on - it all depends on what you're using as a VPN system.

Date: 2005-12-09 11:36 am (UTC)
From: [identity profile] azekeil.livejournal.com
There are other ways to do it. My previous company were looking at a rather nifty system - gah, can't remember who did it. Anyway, it used LEAP to manage rotating WEP keys, I think the principle was. It authenticated users against Active Directory or just gave them a route to the internet (I think).

And no, I don't know the ins and outs of our VPN, but it's a PPTP connection. I know, it didn't make much sense to me either.

Date: 2005-12-09 11:51 am (UTC)
From: [identity profile] simonb.livejournal.com
Ah, LEAP is a Cisco-specific extension to WEP which has very much been superceded easily by WPA, let alone WPA2. It still uses WEP after all and relies on people not breaking the WEP keys in the time it takes to get a new one. Normally LEAP will rotate WEP keys every 10 minutes or so... however its possible to break a WEP key within 200,000 packets and people have broken WEP keys within 75,000 packets. The problem here is that an attacker doesn't have to passively listen, it can also re-broadcast packets and watch how the packets change to work out the WEP key so its quite possible to get a WEP key even if LEAP is used.

LEAP only came about as a band-aid to WEP; its now been replaced by the 802.11i standard which implements WPA2.

A PPTP-based VPN connection is normally associated with Windows VPN servers; its kind of amusing to note the first sentance of the Wikipedia PPTP entry - "PPTP is broken and it should not be used where password privacy or data security is important"!

Date: 2005-12-09 12:23 pm (UTC)
From: [identity profile] azekeil.livejournal.com
Hmm. As you can tell, I'm (very) behind on VPNs and WLANs. I may do some prodding and poking to assure myself it's not as bad as is made out!

Our password policy is pretty strict though, so at best it might take the attacker a while to crack it with a diverse dictionary.

Oh, and I think the kit was using PEAP, the next evolution of LEAP. That sounds right.

I've downloaded asleap and I'm going to capture my login and see what happens.

Date: 2005-12-09 12:39 pm (UTC)
From: [identity profile] simonb.livejournal.com
Oh, and I think the kit was using PEAP, the next evolution of LEAP. That sounds right.

Er... sort of. PEAP stands for Protected Extensible Authentication Protocol and is a general authentication mechanism generally used for both wireless and 802.1X AAA. Its not really the next evolution of LEAP when it comes down to it. The first PEAP system - EAP-TLS - was in place before the PEAP became an open standard.

Date: 2005-12-08 11:12 pm (UTC)
From: [identity profile] microchip.livejournal.com
That's a shiny laptop. Very shiny. Very very shiny.

Btw, regarding spotting wifi networks - Recommended handy proggie: NetStumbler. Free, and great for spotting info about networks. Then apply your favorite WEP cracker on most networks, and jump in.

Not that I condone such things, naturally. It's purely acedemic... ;)

Date: 2005-12-08 11:37 pm (UTC)
From: [identity profile] azekeil.livejournal.com
Of course. I will, of course, be studying in detail ;)

Date: 2005-12-09 04:46 pm (UTC)
From: [identity profile] dylan.livejournal.com
That's pretty much the same as my laptop :) Docking station is really nice but when I took the laptop to the US they took the p**s out of me as it was so huge and chunky. They all had skinny little Macs.

VMWare is pretty good, only crashed on me once so far, I haven't resolved all problems I have with it yet though.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

azekeil: (Default)
azekeil
azekeil's picture gallery

March 2014

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 13th, 2026 10:16 am
Powered by Dreamwidth Studios