better wireless security?

[bissa]

I use wireless as my method of connecting to the internet. to prevent people who should not be changing settings from doing so, I have put a complex administrator password in. however my room mate, in an attempt to screw me over used some kind of script to remotely reset the router and set up mac filters to block my computers from the network. does anyone know what these scripts do and how to prevent things like this from occurring again?

[sswilson]

Most routers have a factory reset button on them (that's more than likely how he got into it). Reset it to factory defaults, set your security, then keep it locked up in your closet so that he can't access it.

Any advice beyond that would be related to hacking and as such would be immediately deleted from the site.

[MarkOne]

Exactly.... so no special hacking talents

Quote:

Originally Posted by sswilson

.(that's more than likely how he got into it). ..

[bissa]

no, I know that he did not do it since I already know he has no physical access to it. that is one of the first things I learned about network security. physical security is more important than any kind of software you will ever find.

[JD]

What kind of router is this? Do you have remote management or similar enabled?

I don't really see how he could reset it to defaults without having the admin password or physical access to the router.

And are you MAC filtering to only allow your PCs? That would be the first step to stopping him IMO.

[MarkOne]

So I guess what you have left to do it's ask him ......

Quote:

Originally Posted by bissa

no, I know that he did not do it since I already know he has no physical access to it. that is one of the first things I learned about network security. physical security is more important than any kind of software you will ever find.

[foxman]

MAC filtering isn't a wise choice if your goal is to make your wireless network secure, since MAC address are easily spoofed, at least on Linux-based OS.

If you say that you had set up a non-trivial password (which would make a dictionary/brute force attack unpractical), and that your room mate had no physical access to your router, then I guess your router is either not authenticating you securely (i.e. sending password in cleartext, which could then be intercepted) or there's some kind of security hole in your router administration software that he is aware of.

Anyway. I don't know who should have access to your wireless network, but that shouldn't stop you from making it secure, i.e. using something like WPA2-PSK AES. Of course, if there's a security hole in your router administration software that you can't fix, people for who you gave access to your wireless network will always be able to modifiy your router settings, but then...

[bissa]

the router is a WRT300N so, since it is from a fairly popular company I would also assume that they would have put some effort into having good security in the administration software. and I am aware that mac filters are not safe, however they can take a little while to identify and if you don't have the macs that are on the network, it can be quite hard to spoof.

[Jonwall]

You dont have the password saved in firefox/ie do you? That would certainly be a way for him to gain access to it.

[foxman]

Windows is from a fairly popular company, but does this mean it has no security holes ? ;)

More seriously, I also doubt that there are discovered vulnerabilities in the administration software of your WRT300N. Still, I wonder how your room mate "broke into" your router if he had no physical access and if the password you used was strong.

And MAC addresses of network cards connected to a wireless network are readily available since this information is present in every data frame exchanged between a station and an access point (and never encrypted). Basically, as soon as you are connected to your wireless network, this information becomes accessible to anyone listening to wireless traffic.