Liberals to conservatives???? A bit of a stretch on that one ehh Ward?
(By the way Howdy Again!)
When you are securing a network, consider what data is at stake and what
the consequences are of a break in.
The set ups being described here (wireless subnet attached to a wired
net) have two entry points: the wireless base station point and the DSL
connection point.
Even the person whom never stores private information on their computers
(credit info, never buys over the internet, never stores site cookies
that have passwords, never saves "I love you" letters on the drive,
etc.) still has something at risk: Their internet connection can be used
to attack other computers on the internet in many ways**.
Based upon what you are describing here, two things definitely need to
be secured:
1) The Airport connection -- in the way Lee described (WEP and
MAC card address)
2) The wired network -- Using a basic NAT router is only so good,
there are many scripts available to the kiddies that will bypass NAT in
about 1/2 hour, there are more serious tools available that can crack it
in less than 5 minutes. Using a router that has hardware encryption
(that is a firewall) built in, in addition to NAT, is a great step in
protection. You can boost that by setting the DHCP leases to rotate more
often -- makes it a tad bit harder to crack into the computer once the
router is defeated. Put the firewalls on the computers (OS-X has these
built-in in all versions, it is a very good one. X.1.x must be
configured by hand writing a script for IPFW to use upon start-up. IPFW
is the built in command for running a firewall. Or by using a program
such as Brickhouse like Ward suggested, or like FireWalk. -- I tend to
write my own. X.2 has a System Preference setting that you can use to
turn the built in firewall on or off -- go to System Preferences and
click on the Sharing preferences, you will see it there. It is a bit
rudimentary for my taste as I need more control over the services that
really are available, but for the home user it is fantastic.
For OS-7, 8, and 9 users that are in this same boat, there are several
excellent programs out there that work really well and don't start with
the name Norton's... I am not sure about OS-6 and earlier.
** Most home network users never know that they have been broken into.
Their computer can be used as a point source for dumping millions of
spam messages through the home users' e-mail server, or the computers
can be used in a DDOS (Distributed Denial of Service) attack on another
computer -- special note this does not apply if the server being broken
into belongs to the RIAA or one of their friends (smile, JUST KIDDING!),
Someone can use your connection to surf the web and visit lots of sites
that in turn think you are doing the visiting and end up sending you
spam, thereby tying up your mail server! The IP address they send
belongs to you, so if they are using your network for nefarious
purposes, guess who gets the blame? The really bad news is that once a
system has been broken into, the only way to be sure that it is cleared
out is to, yup, buy a new hard drive and re-install all of the software.
Wiping a drive is not truly enough these days!
Another consequence is that with the coming legislation aimed at helping
those poor, poor entertainment executives keep their golden parachute
retirement packages, homes users may be seeing 5GB transfer caps,
someone in your network can bleed this off in a day, well actually quite
less, then you will be cut off by your ISP from the internet for the
rest of the month -- and you still have to pay for it.
Jerry
On Wednesday, October 30, 2002, at 07:49 PM, Ward Oldham wrote:
> Hi Lee,
>
> We both should make it apparent to all MUG members that while I don't
> doubt
> for a moment the experiences that you are relating, they do represent
> problems which exist at one extreme end of the spectrum.
>
> At the other extreme would be some harmless guy like myself who has yet
> to
> experience the first malicious intrusion. The operating mode of an
> individual user will tend to dictate whether they will pursue every
> precaution in the book or adopt a nonchalant attitude about it all. I
> guess
> the political analogy to all of this would be comparing a liberal to a
> conservative.
>
> Ward Oldham
>
>
> On 10/30/02 7:38 PM, "Lee Larson" <llarson at Louisville.edu> wrote:
>
>> On Wednesday, October 30, 2002, at 07:16 PM, Nelson Helm wrote:
>>
>>> 128 WEP?
>>
>> Wireless Equivalent Privacy
>>
>> This is a way to encrypt 802.11b wireless connections so someone
>> sitting out on the street can't listen in on your sessions. The 128 is
>> the key length in the RC4 algorithm used in the encryption.
>>
>> On my system, I use both 128 WEP and I restrict the airport cards that
>> can connect by their hardware (MAC) number to mine. The latter makes
>> sure a spammer can't park out on the curb at midnight and send a
>> million or so messages through my connection. (They really do this. The
>> scumbags are actually spamming my cell phone with text messages.)
>>
>>
>> The next meeting of the Louisville Computer Society will be November 26
>> For more information, see <http://www.aye.net/~lcs>. A calendar of
>> activities is at <http://www.calsnet.net/macusers>.
>>
>
>
> The next meeting of the Louisville Computer Society will be November 26
> For more information, see <http://www.aye.net/~lcs>. A calendar of
> activities is at <http://www.calsnet.net/macusers>.
>
>
>
>
The next meeting of the Louisville Computer Society will be November 26
For more information, see <http://www.aye.net/~lcs>. A calendar of
activities is at <http://www.calsnet.net/macusers>.
