Suggestions about wireless security

One of my passions is wireless security. Even if I have to say that securest wireless net is a turned-off wireless net :), we need to know how we can guarantee at least a mininum level of security against intrusions. There are a lot of websites that can explain you everything about wireless nets, so I say you only few suggestion (I’m considering 802.11b/g standard):

  • Don’t leave your router/wireless connection totally opened, without any encryption security. Doing that, even a baby can use your wifi connection to search informations about his favourite candy on the net. :)
  • Don’t use WEP (Wired Equivalent Privacy) encryption. It is breakable in 5 minutes using simple programs.
  • WPA/WPA2 (Wi-Fi Protected Access) is securer then the previous one (WPA2 is better then WPA). You can chose PSK security mode, where every user is given the same pass-phrase.
  • Use a long and not-simply-hitting pass-phrase (use alphanumeric characters, lower and upper case, numbers, special characters as !, @, #,…), don’t use a dictionary based word.
  • If you can, use AES WPA algorithm, actually it is the strongest.
  • Change the default SSID (Service Set Identifier) and disable the SSID broadcast on your Access Point, so your A.P. will be hided from not-skilled wardrivers.
  • You can use MAC filters to increase your wireless network protection. Doing that, only PCs with their mac address registered can enter the network; but remember that MAC addresses can be spoofed and that exist MAC address changing softwares.
    From Wikipedia: “While giving a wireless network some additional protection, MAC filtering can be circumvented by scanning a valid MAC (via airodump-ng) and then spoofing one’s own MAC into a validated one. This can be done in the Windows Registry or by using commandline tools on a Linux platform.”
  • If you don’t need so, disable File and Printer sharing and Client for Microsoft Networks on your wireless adapter.
  • Pay attention to your Access Point:
  1. Change your Access Point default password. Do it long and difficult to hit.
  2. Keep your Access Point and wifi cards firmware updated.
  3. Keep your Access Point and PC firewalled.
  4. Use SSH to administer your Access Point, or use https instead http.
  5. If you can, don’t use DHCP server and assign static IP address to each client.
  6. If your firewall supports this function, enable logging and check if something is not normal.
  7. Turn of Wireless LAN when you don’t use it.
  • Finally I think that the best choice to protect your WLAN can be a VPN (Virtual Private Network), in particular OpenVPN (that is under GNU GPL), that allows you to create a tunnel between computers using preshared private key, certificates, or username/password.

Wired & Wireless speed

Here it is a collection of informations about speed on wires or air applied on PCs.
It comes from my curiosity that sometimes asked “is it better USB 2 or Firewire? Sata or SCSI or SAS?”
Pay attention because these speed is maximum bus speed, but in reality it depends on physical devices limits.
Note: Mb/s means Mega bits per second, MB/s means Mega Bytes per second, Gb/s means Giga bits per second.

Velocità su cavo e in aria

Di seguito c’è un insieme di informazioni sulle velocità dei dati che viaggiano su cavo o in aria.
E’ partito tutto dalla curiosità di sapere ad esempio “meglio USB 2 o Firewire? Sata o SCSI o SAS?”
Fate attenzione perché queste velocità sono le massime velocità del bus, ma in realtà tutto dipende dal limite fisico dei device.
Nota: Mb/s sta per Mega bits al secondo, MB/s significa Mega Bytes al secondo, Gb/s sta per Giga bits al secondo.

USB

  • USB 1.0: 1.5 Mb/s
  • USB 1.1: 12 Mb/s
  • USB 2.0: 480 Mb/s
  • USB 3.0: 4800 Mb/s

[Maximum 5 hubs connected together, maximum 127 peripherals. Maximum cable length: 50 m]

Firewire 400

  • S100: about 98 Mb/s
  • S200: about 197 Mb/s
  • S400: about 393 Mb/s

[Maximum cable length: 4.5 m or 72 m only with regenerative devices]

Firewire 800

  • S800: about 786 Mb/s

[Maximum category 5 cable length: 100 m]

Parallel ATA (PATA)

  • UDMA 0: about 16.7 MB/s
  • UDMA 1: about 25.0 MB/s
  • UDMA 2: about 33.3 MB/s
  • UDMA 3: about 44.4 MB/s
  • UDMA 4: about 533.6 Mb/s – 66.7 MB/s
  • UDMA 5: about 800.0 Mb/s – 100.0 MB/s
  • UDMA 6: about 1026.0 Mb/s – 133.0 MB/s

Serial ATA (SATA)

  • SATA I: about 1.2 Gb/s – 150 MB/s
  • SATA II: about 2.4 Gb/s – 300 MB/s

Parallel SCSI

  • SCSI-1: 5 MB/s
  • Fast SCSI: 10 MB/s
  • Wide SCSI: 20 MB/s
  • Ultra SCSI: 20 MB/s
  • Ultra Wide SCSI: 40 MB/s
  • Ultra2 SCSI: 40 MB/s
  • Ultra2 Wide SCSI: 80 MB/s
  • Ultra3 SCSI: 160 MB/s
  • Ultra320 SCSI: 320 MB/s
  • Ultra360 SCSI: 640 MB/s

Serial Attached SCSI (SAS)

1.5 Gb/s, 3.0 Gb/s, 6.0 Gb/s

Internet SCSI (iSCSI)

Implementation/network-dependent.

Fibre Channel (FC)

1 Gb/s, 2 Gb/s, 4 Gb/s, 8 Gb/s

Ethernet

10 Mb/s – 1.25 MB/s, 100 Mb/s – 12.5 MB/s, 1 Gb/s – 125 MB/s, 10 Gb/s – 1250 MB/s

Infrared Data Association (IrDA)

2.4 kbit/s to 16 Mbit/s, 100 Mbit/s data rates are under development.

Bluetooth

  • Bluetooth 1.1, Bluetooth 1.2: 721 Kb/s
  • Bluetooth 2.0: 2.1 Mb/s

802.11x

  • 802.11a: 54 Mb/s (Typical: 24.7 Mb/s)
  • 802.11b: 11 Mb/s (Typical: 5.9 Mb/s on TCP, 7.1 Mb/s on UDP)
  • 802.11g: 54 Mb/s (Typical: 24.7 Mb/s); another version of 802.11g called SuperG has 108 Mb/s theoretical data rate
  • 802.11n: 540 Mb/s (Typical: 200 Mb/s)

Please inform me about mistakes.

Per favore, informatemi di eventuali errori.