Secure Wireless Network FAQ:
I have been reading about the capabilities of IPSec policies in Windows Server and workstation platforms to secure TCP/IP traffic across your intranet and/or the public Internet and I was wondering if a home network implementation of the policies would be a good way to secure wireless transmissions. The scenario I was wondering about is if a person were able to hack in to a wireless network using either WEP or WAP security, as is clearly possible and as I’m seeing on the Internet becoming quite easy as well, and able to obtain an TCP/IP connection to your home wireless AP router for instance, could an IPSec policy implementation make it much harder for a hacker to install malicious software on a PC in that network?
Well, I understand very well the specifics of wireless security and all of the things that you elaborated on Mr. Fantasy, but thank you for the refresher course.
But that really wasn’t my question. My question was is the implementation of an IPSec secured communication policy on my internal networked computers going to severely or completely hinder the capabilities of a hacker installing malicious software on one of my computers if that hacker has successfully compromised my wireless AP’s security and now has wireless TCP\IP connectivity to my router/internal network (and by the way I have secured the router admin account with a strong password)? I would also like to know if all packets moving around in my network with IPSec encapsulation would be safe from ease-dropping, packet sniffing if as I hypothesized the intruder was monitoring and capturing packets.
Oh, and is SSL really strong enough to keep a hacker from getting your credentials to an online bank’s resources if they have intercepted your packets bound for those resources on the public Internet?
I have been reading about the capabilities of IPSec policies in Windows Server and workstation platforms to secure TCP/IP traffic across your intranet and/or the public Internet and I was wondering if a home network implementation of the policies would be a good way to secure wireless transmissions. The scenario I was wondering about is if a person were able to hack in to a wireless network using either WEP or WAP security, as is clearly possible and as I’m seeing on the Internet becoming quite easy as well, and able to obtain an TCP/IP connection to your home wireless AP router for instance, could an IPSec policy implementation make it much harder for a hacker to install malicious software on a PC in that network?
Well, I understand very well the specifics of wireless security and all of the things that you elaborated on Mr. Fantasy, but thank you for the refresher course.
But that really wasn’t my question. My question was is the implementation of an IPSec secured communication policy on my internal networked computers going to severely or completely hinder the capabilities of a hacker installing malicious software on one of my computers if that hacker has successfully compromised my wireless AP’s security and now has wireless TCP\IP connectivity to my router/internal network (and by the way I have secured the router admin account with a strong password)? I would also like to know if all packets moving around in my network with IPSec encapsulation would be safe from ease-dropping, packet sniffing if as I hypothesized the intruder was monitoring and capturing packets.Oh, and is SSL really strong enough to keep a hacker from getting your credentials to an online bank’s resources if they have intercepted your packets bound for those resources on the public Internet?
{ 1 comment… read it below or add one }
The one thing that most people don’t think about when setting up a home network is to setup the router with either WPA or WEP. That would definitely be a nice start. WPA is harder to crack, so either go with that or WEP 128 bit.
Be sure to set a password on the router itself. Every router has a list on the manufacturer website with the default name and password.
Another thing you could do is hide the routers SSID. You and who ever is in your home know what it is but the attacker doesn’t. You can’t attack what you can’t see…
Another idea with the router would be to do IP and MAC filtering. Allow only your hardware address and others that you trust to be able to use the network.
IPSec, like you mentioned, would be another good way to encrypt and authenticate everything. Not too difficult to implement as well. But try those other ways as well.
A firewall wouldn’t be a bad touch too. Use it to block/open certain ports.
Now internet banking however is going to have to be through your browser, if you have secured your hardware and home network first…. With the browser just go into the options and set it to a higher security. The internet banking should also reflect the bank that you use to. Most of them have secure sites using triple sign in authentication like username, “recovery questions” and password. So its half their part too.
***Edit***
IPSec will indeed do some stuff for you like packet encryption. It authenticates them and ensures a little bit of integrity.
TSL/SSL will definitely keep the bad guys from thinking they can use Wireshark or Cain to penetrate your system. lol TSL/SSL will keep them from altering your packets. This will take care of integrity in a big way…
Theres a lot that goes into securing your network and if you don’t check the network on a daily basis or update daily, then you leave holes open and all that time that goes into security goes down the drain.
Hopefully I answered your question. I try my best to understand all of it. I’ve put in more time than anyone else lol…