Keeping control of your network

Data that travels over the air and how to protect (or decipher) it

Keeping control of your network

Post by TheNightFox on Tue Mar 09, 2010 2:47 am
([msg=36377]see Keeping control of your network[/msg])

So, I've got a wireless network set up in my house.
I'm connected, my laptop is connected, my sister is connected, and my mother's computer is connected.
It was password protected, naturally, because I don't want other people slowing down my network.
Unfortunately, my computer illiterate sister worked out that she could view the wireless password on her computer, and then gave that to all her friends so they could come over and go on facebook, or stream tv shows, or whatever they do.
Naturally, I was pissed. I built this network, so I should be able to control who is allowed on, right? After randomly switching off the modem-router a few times, I discovered MAC Address Filtering, and set that up. The others in the house were reluctant about this, but I had already set it up. So, I added my computer, laptop, my sister's computer and mother's computer, then temporarily my brother's computer. Furthermore, I've set the modem so it can only be adjusted on my computer, and the settings are password protected, and my computer has a password. Naturally, I'm feeling pretty pleased with my setup.
Any suggestions, comments, questions? Ideas on how I could improve the awesomeness of my network, or if I've screwed something up?

Although, granted, I really just posted this because I wanted to tell some people who actually understand about my setup.
He alone, who owns the youth, gains the future.
TheNightFox
New User
New User
 
Posts: 33
Joined: Thu Jan 21, 2010 12:22 pm
Blog: View Blog (0)


Re: Keeping control of your network

Post by neuromanta on Tue Mar 09, 2010 4:34 am
([msg=36386]see Re: Keeping control of your network[/msg])

That's a quite basic setup, protecting with WPA2, and MAC filtering is the least you can do to protect your network. Generally, you can't protect your network very well... MAC address can be faked, and crypting can be broken, it's only a matter of time. But it will do very well against your sister and her friends, so don't worry :).
Also, if you want to use P2P networks, you should setup port forwarding too.
User avatar
neuromanta
Poster
Poster
 
Posts: 303
Joined: Mon Nov 30, 2009 9:29 am
Location: Hungary
Blog: View Blog (0)


Re: Keeping control of your network

Post by nermd on Tue Mar 09, 2010 4:51 am
([msg=36387]see Re: Keeping control of your network[/msg])

i hate would-be BOHFs on home networks. Realy, i mean its your sister, as long as they dont do any harm to the rest of the computers on the network who cares whether she and her firends are accessing facebook?
Anyway, the whole thing is insecure and relays sole on the incompetence of your sister and her friends.
For example, she could provide access through her computer ...
With this world there is no understanding, we belong their only to the extent, as we rebel against it (Theodor W. Adorno) --> if somebody knows a "official" translation for the well known german quote ... pls let me know!
User avatar
nermd
New User
New User
 
Posts: 42
Joined: Fri May 23, 2008 3:22 am
Blog: View Blog (0)


Re: Keeping control of your network

Post by insomaniacal on Tue Mar 09, 2010 7:26 am
([msg=36392]see Re: Keeping control of your network[/msg])

For your purposes, it's pretty secure. I'm pretty sure your sister and her friends have (in their minds), more important things than faking MAC addresses and reading up on using aircrack. If someone was dead-set on connecting, it would probably be possible, but you should be fine.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: Keeping control of your network

Post by TheNightFox on Thu Mar 11, 2010 3:42 am
([msg=36521]see Re: Keeping control of your network[/msg])

Oh, and I also blocked the LimeWire servers. At least, I think I did. Probably not brilliantly, but enough to glitch it if my sister continues trying to use it. I don't want to risk viruses on my network, but she would also download movies and music through it (I'm not going to teach her about torrenting), wasting valuable bandwidth.

@neuromanta
It's pretty basic, yeah. I didn't go to massive lengths, I pretty much accessed my modem-router's settings and just looked through all the different options, saw MAC Address Filtering and turned it on. I set up the WPA2 when I set up the connection, because back then the only possible problem would have been other people in the neighborhood trying to get a bit of free internet. Not the most secure, but would have stopped your average bandwidth thief.

@nermd
How about five of them all accessing facebook at the same time? What's that going to do to my speed? It's hardly going to speed it up. These aren't exactly people who know much about computers or the internet, they're only slightly above clicking on the "You are the one millionth visitor, you win!" links. Thus, I wouldn't be surprised if I ended up getting viruses or malware, or she did and blamed it on me (I get blamed for everything, being the only one who understands computers)
Furthermore, five people all loading dozens of facebook pages over and over, along with the image galleries being opened every few pages, that's not exactly light on bandwidth. I'm on a limited connection, and whenever we get capped, guess who gets blamed?

@insomaniacal
You're probably right. I'd like an extra bit of security, though. There is a student who lives next door who spends a lot of time on the computer (I've seen him up at three AM on it multiple times), I'm sure he'd love some free internet. No idea about his sort of skill but I must assume the worst. I'll do some research. My sister's boyfriend may have a bit of skill, too. Should look into this.
He alone, who owns the youth, gains the future.
TheNightFox
New User
New User
 
Posts: 33
Joined: Thu Jan 21, 2010 12:22 pm
Blog: View Blog (0)


Re: Keeping control of your network

Post by DamegedSpy on Thu Mar 11, 2010 8:58 pm
([msg=36562]see Re: Keeping control of your network[/msg])

disable DHCP and use preassigned IP Addresses.
an example could be:
192.168.1.100 -> Modem/Ruter
192.168.1.101 -> You
etc...

Block any unused IP address.

Use a strong random generated passwd <3(Put it down in a safe place only you have access)
DamegedSpy
Poster
Poster
 
Posts: 273
Joined: Sat Dec 19, 2009 1:40 pm
Blog: View Blog (0)


Re: Keeping control of your network

Post by TheNightFox on Sun Mar 14, 2010 12:20 am
([msg=36705]see Re: Keeping control of your network[/msg])

A good idea. I'll probably do that when I get the chance. Seems simple enough.
He alone, who owns the youth, gains the future.
TheNightFox
New User
New User
 
Posts: 33
Joined: Thu Jan 21, 2010 12:22 pm
Blog: View Blog (0)


Re: Keeping control of your network

Post by DamegedSpy on Sun Mar 14, 2010 2:18 am
([msg=36710]see Re: Keeping control of your network[/msg])

Also I don't know about this:

There are some software you may want to check.
Also some routers come with capping capabilities(Calculate a reasonable and fair amount for everyone.)
You may want to check this for the lulz:

Upside-down Ternet
DamegedSpy
Poster
Poster
 
Posts: 273
Joined: Sat Dec 19, 2009 1:40 pm
Blog: View Blog (0)


Re: Keeping control of your network

Post by TheNightFox on Tue Mar 16, 2010 12:32 am
([msg=36861]see Re: Keeping control of your network[/msg])

Legendary.
While I probably won't go as far as some of the stuff from that link, that would be VERY amusing.
He alone, who owns the youth, gains the future.
TheNightFox
New User
New User
 
Posts: 33
Joined: Thu Jan 21, 2010 12:22 pm
Blog: View Blog (0)


Re: Keeping control of your network

Post by nermd on Fri Mar 26, 2010 10:38 am
([msg=37332]see Re: Keeping control of your network[/msg])

TheNightFox wrote:@nermd
How about five of them all accessing facebook at the same time? What's that going to do to my speed? It's hardly going to speed it up. These aren't exactly people who know much about computers or the internet, they're only slightly above clicking on the "You are the one millionth visitor, you win!" links. Thus, I wouldn't be surprised if I ended up getting viruses or malware, or she did and blamed it on me (I get blamed for everything, being the only one who understands computers)
Furthermore, five people all loading dozens of facebook pages over and over, along with the image galleries being opened every few pages, that's not exactly light on bandwidth. I'm on a limited connection, and whenever we get capped, guess who gets blamed?


ok in retrospect i have to admit that my post was a little bit harsh - sorry.
If your problem is bandwidth, you could - depending on you router - use traffic shaping/bandwidth management. If your router doesn't support this, you could try running one of the numerous nice linux distributions for wireless routers ... most of them are capable of doing MAC-based bandwidth shaping.

If your main concern is malware you could restrict the Internet access of your sister to a white-list of pages (this is probably something she wouldn't appreciate, but its very secure :). Or if you have _very_ capable hardware to setup a transparent proxy with an IDS/IPS + a good network based virus scanner this would most likely also do the trick. But to be honest this is awful lot work to make it fast and reliable.
Another, far more easy option (which i recommend), is to put you sisters PC and any other "unknown client" in the network in a kind-of DMZ and dont let any traffic from her/her friends to enter the rest of the network.

nermd
With this world there is no understanding, we belong their only to the extent, as we rebel against it (Theodor W. Adorno) --> if somebody knows a "official" translation for the well known german quote ... pls let me know!
User avatar
nermd
New User
New User
 
Posts: 42
Joined: Fri May 23, 2008 3:22 am
Blog: View Blog (0)


Next

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests