 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Wireless Networking / May 2008how to check
Where can I check to make sure if, when and by who illegal login (attempts) where made? (PC Win2KSP4 and notebook Vista wi-fi networked using router-modem with WPA secure connection)  Signatureregards, |\ /| | \/ |@rk \../ \/os There isn't. Even besides that there is no way to know "who" because personal identification is not a requirement to "login",...it is just a WPA Key. Even besides that since the "login" failed there is nothing to "know" anyway. At best you might get a MAC addess (an IP# would not have been granted untill successful), but if that is ever visible anywhere would depend on the wireless router-modem device you have and what it is capable of showing you. Personally I don't know of any that do or where you would look. SignaturePhillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- > Where can I check to make sure if, when and by who illegal login > (attempts) where made? [quoted text clipped - 6 lines] > \../ > \/os > There isn't. > [quoted text clipped - 7 lines] > of showing you. Personally I don't know of any that do or where you would > look. So you mean there is no way ever to know if security has been hacked??? (until days later when your bank account gets robbed of course). That do'nt sound good to me... Signatureregards, |\ /| | \/ |@rk \../ \/os > So you mean there is no way ever to know if security has been hacked??? > (until days later when your bank account gets robbed of course). That > do'nt sound good to me... Hmm,.."hacked"? That's one of those "fuzzy meaning" words. It's like this. They either discovered your WPA key,..or they didn't. If they did not,...then no connection was ever made, they never saw anything, never connected to anything, never done anything,...so there is nothing to see. If they did discover the WPA Key then they connected to the LAN in the normal way anybody would that you would have given the key to would have connected. So at they point they connected normally, nothing was "broken" or "damaged",...so there is no "trail" to find. Remember that the WPA Key only protects the *Radio Connection* to the WAP or WRtr. It does nothing for the rest of the LAN. Think about this,...how would you protect your stuff from someone crawling in through a window and physically plugging a laptop into a network jack? Well aside from locking the windows, you would: 1. Rename the Administrator account on all machines to something random. Keep a record, don't lose it 2. Change the Administrator password on all machines to something complex, and make every machine different. By default this password is blank, and everyone out there knows it. Keep a record, don't lose it. 3. Have your own password for your own user account set to a complex password,...blank does count as complex :-) Keep a record, don't lose it. 4. Disable the Guest Account on all machines if it is not already. 5. Do not have Shares on any machine with permissions to "Everyone",...especially not "Full Control". 6. Another *optional* thing you can do is change the default IP Range of the LAN from the normal 192.168.1.0 or 192.168.0.0 to something else like 192.168.231.0. Then disable DHCP on the "router" and manually (statically) assign the IP Specs of all the machines on your LAN. Now, not only will they not get an address automatically, but they will have a difficult time knowing what IP# would be a valid one for the LAN. Now,..I could still figure out something that would work eventually,...but your average idiot would not. Now if someone gets a machine on your LAN (wired -vs- wireless is irrelevant) then, assuming you did not do #6, the worst they would do is steal some bandwidth by "borrowing" your Internet Connection. But if you did #6 they would probably totally fail and their machine would do nothing but talk to itself. SignaturePhillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- First of all, thanks very much for your insights. I'm quite novice at networking, let alone wireless and dito security. Having said that, I seem to have it all up and running smoothly. But... as I'm not a born optimist I tend to keep investigating in possible security risks. > > So you mean there is no way ever to know if security has been hacked??? > > (until days later when your bank account gets robbed of course). That [quoted text clipped - 12 lines] > connected. So at they point they connected normally, nothing was "broken" > or "damaged",...so there is no "trail" to find. I would have thought there to be some way to log legitimate connections also? > Remember that the WPA Key only protects the *Radio Connection* to the WAP or > WRtr. It does nothing for the rest of the LAN. Think about this,...how > would you protect your stuff from someone crawling in through a window and > physically plugging a laptop into a network jack? I have thought about that, so I use BIOS passwords and Windows login passwords in my computers in case people break into the house in situation when I'm not at home. > Well aside from locking the windows, you would: > 1. Rename the Administrator account on all machines to something random. > Keep a record, don't lose it OK, some work for me here... > 2. Change the Administrator password on all machines to something complex, > and make every machine different. That 'll weigh down on my brain cells... > By default this password is blank, and > everyone out there knows it. Keep a record, don't lose it. > 3. Have your own password for your own user account set to a complex > password,...blank does count as complex :-) Keep a record, don't lose it. > 4. Disable the Guest Account on all machines if it is not already. Another task on my list... I believe Guest is generated by default automatically. I hope removing this will have no adverse implications? > 5. Do not have Shares on any machine with permissions to > "Everyone",...especially not "Full Control". Another issue I have to get into. > 6. Another *optional* thing you can do is change the default IP Range of > the LAN from the normal 192.168.1.0 or 192.168.0.0 to something else like > 192.168.231.0. Then disable DHCP on the "router" and manually (statically) > assign the IP Specs of all the machines on your LAN. Now, not only will > they not get an address automatically, but they will have a difficult time And I'm afraid I will get a difficult time myself, keeping my legitimate connections working... I'll have to spend some time digging into the cryptic router settings :-( > knowing what IP# would be a valid one for the LAN. Now,..I could still > figure out something that would work eventually,...but your average idiot > would not. Aha... Hope I'm not one of them... > Now if someone gets a machine on your LAN (wired -vs- wireless is > irrelevant) then, assuming you did not do #6, the worst they would do is > steal some bandwidth by "borrowing" your Internet Connection. But if you > did #6 they would probably totally fail and their machine would do nothing > but talk to itself. Not yet a guru... just in the process of becoming one. Signatureregards, |\ /| | \/ |@rk \../ \/os Hi All Internet connections are full of "noise", and so is the air ways that are used for Wireless. If one would look at the Router logs it might be full of unaccounted traffic (especially Cable Internet connection). Most of it is just noise or unintentional attempt to make connection and should be ignored (like the traffic on the street, the only thing that you can do is to keep yourself safe). The way an End-User can combat it, is to use both Router (or Wireless Router) combined with Software Firewall on each computer, and to secure the Wireless at level WPA and above. From the weakest to the strongest, Wireless security capacity is. No Security MAC______(Band Aid if nothing else is available). WEP64____(Easy, to "Break" by knowledgeable people). WEP128___(A little Harder, but "Hackable" too). WPA-PSK__(Very Hard to Break). WPA-AES__(Not functionally Breakable) WPA2____ (Not functionally Breakable). Note 1: WPA-AES the the current entry level rendition of WPA2. Note 2: If you use WinXP and did not updated it you would have to download the WPA2 patch from Microsoft. http://support.microsoft.com/kb/893357 The documentation of your Wireless devices (Wireless Router, and Wireless Computer's Card) should state the type of security that is available with your Wireless hardware. All devices MUST be set to the same security level using the same pass phrase. Therefore the security must be set according what ever is the best possible of one of the Wireless devices. I.e. even if most of your system might be capable to be configured to the max. with WPA2, but one device is only capable to be configured to max . of WEP, to whole system must be configured to WEP. If you need more good security and one device (like a Wireless card that can do WEP only) is holding better security for the whole Network, replace the device with a better one. Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html The Core differences between WEP, WPA, and WPA2 - http://www.ezlan.net/wpa_wep.html Jack (MVP-Networking). > First of all, thanks very much for your insights. > I'm quite novice at networking, let alone wireless and dito security. [quoted text clipped - 94 lines] > \../ > \/os > First of all, thanks very much for your insights. > I'm quite novice at networking, let alone wireless and dito security. > Having > said that, I seem to have it all up and running smoothly. But... as I'm > not > a born optimist I tend to keep investigating in possible security risks. I am pretty much a hardcore pessimist, but am also a "realist" at the same time. So I don't chase ghosts and see "hackers under every rock". Most intrusion detection mechanism (what few exist in what few products that have any that are really useful) only tell you when something was successfully blocked,...which doesn't matter because it was,...blocked. They don't tell you about something successful,...because it was,...successful,...and therefore apears as normal proper behavor so there is nothing to trigger an alert. The era of "Star Trek" has not arrived. What you see in the movies is not true. You don't have an investigator sit at a machine,..do a little "ticketa-ticketa" on the keyboard and have a picture popup of the hacker with his size, weight, hair color, and full color picture,..and tell you where his computer is sitting within a 10 square foot range. That only happens on CSI Miami. > I would have thought there to be some way to log legitimate connections > also? Define a "connection". It isn't that simple. Connecting to the WAP Radio is not a connection to the LAN (like in my little IP trick I mentioned), the person has to also get a legitment IP Config to function on the LAN. So you have a Radio Connnection to the WAP, then a second IP-based connection to the DHCP Service via broadcasting, then you have the third connection to the LAN after a IP Config is received. So you have 3 connections already, and you still haven't connected to any resources yet. There are connections within connections, connections on top of connections, connections beside connections, there are connections at Layer1 (Radio or physical cable), at Layer2 (virtual circuits created within switchs), Layer3 (the IP# level) and Layer4 (port addresses), and well above and beyond those Layers with communication between Applications. So what are you going to log? Where are you going to store billions of log entries and be able to sort them to find anything useful? > I have thought about that, so I use BIOS passwords and Windows login > passwords in my computers in case people break into the house in situation > when I'm not at home. In reality, then they'd just steal the whole machine, pull the hard drive out of the machine and put it in another machine to read it. That's how the police (in real life) bust people commiting computer based crimes. >> 2. Change the Administrator password on all machines to something >> complex, >> and make every machine different. > > That 'll weigh down on my brain cells... ...and the intruders... > Another task on my list... I believe Guest is generated by default > automatically. I hope removing this will have no adverse implications? Disable it,..not delete it. Don't delete "built" in accounts. SignaturePhillip Windell www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- > Where can I check to make sure if, when and by who illegal login > (attempts) where made? > > (PC Win2KSP4 and notebook Vista wi-fi networked using router-modem with > WPA secure connection) Install a hidden camera. Otherwise, you can't know who attempted incorrect login, because they tried somebody other's credentials. --PA |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.