Safely open my wireless network

uberjoe

I am interested opening up my wireless network to the neighborhood. Mostly to make it possible to use my DS, but also for altruistic reasons. However I'm concerned about leaving the door to my network open. My Wi-Fi router has a 4 port switch which is connected to my primary PC. The wii, my ds and palm pilot all use the wireless component. I currently use WPA-PSK security.

What is the best way to lock down my PC to prevent any outside intrusions? Is it possible to seperate the wired network from the wireless network? I don't care if anyone listens in on my Mario Kart matches, but I would be freaked out if someone got in my computer.

I use a netgear WGR614v5 with a strong admin password.
1 Dell PC with WinXP SP2
1 Palm TX handheld
1 Wii
1 DS Lite

Grimm

Just to make sure i understand this, you want to open up your wireless network for free use throughout your neighborhood? Or is this just for your own private use?

Resonant

uberjoe wrote: »

I am interested opening up my wireless network to the neighborhood. Mostly to make it possible to use my DS, but also for altruistic reasons. However I'm concerned about leaving the door to my network open. My Wi-Fi router has a 4 port switch which is connected to my primary PC. The wii, my ds and palm pilot all use the wireless component. I currently use WPA-PSK security.

What is the best way to lock down my PC to prevent any outside intrusions? Is it possible to seperate the wired network from the wireless network? I don't care if anyone listens in on my Mario Kart matches, but I would be freaked out if someone got in my computer.

I use a netgear WGR614v5 with a strong admin password.
1 Dell PC with WinXP SP2
1 Palm TX handheld
1 Wii
1 DS Lite

Turn off File and Printer Sharing.
Turn off the Messenger Service.

You should be good from there, really.

Philodox

As somebody who abuses open wireless networks for all they are worth I would strongly recommend against doing this. There's so much nasty stuff somebody can do with an unencrypted wireless network.

Unknown

This content has been removed.

Unknown

This content has been removed.

Philodox

I can appreciate the desire to do something nice for the people around you but consider that anybody who has a wireless card almost certainly already has an internet connection of their own. The only reason they would use your connection is to do stuff that they would prefer not get traced back to them.

uberjoe

I never thought about people using my connection for evil. Thats a good point though, I don't want any letters from the mafIAA claiming my ip address downloaded something.

So I turned off wpa, turned off ssid broadcast, set up mac filtering for my devices only, turned off file and print sharing as well as remote logins and assistance.

I suppose someone could still use my connection if they sniffed me out, found a usable mac addy, and took apart my frames to find the ssid, but they would need to be pretty determined. I'm mostly concerned with keeping out casual intrusion.

Any other suggestions I should keep in mind?

GrimReaper

If you really want to do this then I recommend a dmz setup. I'm not sure if your router is capable of such a thing though.

I'll have a look at the manual and come back later.

DevoutlyApathetic

I can't find a link but I believe that a circuit court recently through out one of the *IAA's lawsuits because the infringment occured on an open wireless network and they couldn't prove who downloaded it.

Take it with a grain of salt though. The RIAA has a shitload of money to throw at the appeals and if that fails, they always have lobbyists.

Edit: Found the link.

Also, the FBI doesn't care about such things so the kiddie porn comment is still a valid concern.

cooljammer00

so is an analogous situation leaving your door open, but wanting to make sure no shady people come in?

DevoutlyApathetic

cooljammer00 wrote: »

so is an analogous situation leaving your door open, but wanting to make sure no shady people come in?

For the original request I'd say it's a bit like having a .22 you want to leave on the back porch incase somebody just wants to do a little target shooting. The potential liabilities far outweigh the benefits.

Securing it is a bit like putting it into a combination safe albeit one you still keep outside your home. While somebody could get to the gun it's going to take a fair amount of specialized knowledge and probably a decent amount of time.

tony_important

uberjoe wrote: »

Mostly to make it possible to use my DS

I'd like to point out that you can put a network key into your wireless settings for the DS.

Also, check for firmware updates for your router that will help it connect.
For the love of shit, PLEASE keep your signal encrypted. It's much safer.

Fristle

Turning off SSID broadcasts doesn't help because wireless sniffing tools that an attacker would be running can easily (automatically) see the SSID present in traffic on the network. The only time turning off SSID broadcasts will hide your network is if there is also nothing transmitting on your network.

MAC address filtering will not stop an attacker either; MAC addresses can be spoofed.

I have a DS that I'd like to use online too, but I won't use it on my home network because WEP is broken, I'll only use WPA-PSK with a 63-character passphrase. WEP, like SSID broadcast disabling and MAC address filtering, is only good for keeping out n00bs now. And it's not really n00bs you need to worry about, it's the motivated attacker.

uberjoe

While I am still vulnerable to a determined hacker, what could said hacker steal from me?

Is it possible to listen to my wireless traffic and glean info from my wired traffic? (was under the impression they are seperate)

As long as he cant look at my hard drive. All sensitive traffic (banking, email, shopping) are all done through SSL encryption anyway.

While ID theft scares the shit out of me, what should I be afraid of if someone is listening to my wireless?

rockmonkey

I'm lost to WHY you wouldn't use WEP.

I mean the DS has the feature. If you have a neighbor you wish to let use your network then give them the WEP. If you change your mind at some point just change it and not tell them the new one.

DrFrylock

The reason you use at least WEP and not MAC filtering or SSID hiding (which, as others have pointed out, are nearly useless anyway) is that it prevents a casual sniffer from looking at your traffic. Most of your Internet traffic (anything other than https, secure SMTP, and perhaps SSH) is going to be going over the air in the clear without WEP. Possibly even your email passwords. Which, dare I guess, might be the same as your...Amazon or Paypal password? Any air sniffer can pick up this traffic if you don't use at least basic encryption. As others have pointed out, a determined hacker can, with enough time and the right hardware, break a WEP key. I've never been one to fearmonger about this possibility - most of the discussions on H/A tend toward protecting yourself from a ninja gang of hackers that wardrives around, parks within 50 feet of your house, and starts downloading massive quantities of kiddie porn.

However, I have been in situations where my unencrypted traffic got sniffed simply because it was super easy to do (I was at a computing conference and we had an ad-hoc chat system of my own design set up). There was no harm done, but the sniffer in question definitely did not have the capability to break WEP.

In relative order of increasing difficulty:

Connecting to an unsecured network < basic sniffing of unencrypted traffic < finding out a non-broadcast SSID < spoofing MAC < cracking WEP.

ElectricTurtle

As another voice in the anti-fearmongering chorus, let me say that John Q. Cracker-wannabe blackhat war driver is probably going to focus on the easy targets. They're going to go after the people with no encryption, shared everything, and wireless access points with default passwords. When it comes to John Q. Hacker for realz, if he is both malicious and has the skillz to easily be breaking encryptions, sniffing your packets, spoofing your MACs, etc. You know what he's going to be doing? He's going to go someplace more valuable than your driveway. He's going to be the guy featured in a article where chain store X has their network wirelessly compromised and Y number of credit card infoz get stolen. Seriously, malice + skillz = important targets for real crime. Malice - skillz = targets of opportunity on the path of least resistance. Sure, there's always some segment that overlaps, but it's so small you're more likely to win the lottery than get hit by some guy who has the will, the means, and the opportunity to mess with you.

Unknown

This content has been removed.