look n stop and wireless security

Discussion in 'LnS English Forum' started by cthorpe, Aug 2, 2006.

Thread Status:
Not open for further replies.
  1. cthorpe

    cthorpe Registered Member

    Joined:
    Jun 30, 2006
    Posts:
    168
    Location:
    Texas
    Hello,

    Does Look n Stop help protect a laptop that accidentally associates with an untrusted network? My wife's laptop has recently been jumping onto a neighbor's unsecured network. I don't like the idea of someone else suddenly having access to her computer as a "trusted" source. I saw a post somewhere that talked about using MAC addresses in LnS rules, and I am thinking that restricting trusted access to my router's MAC and our Home PC's MAC would give better protection. Do I have the right idea with that?

    Thanks,
    C
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi cthorpe :)

    May be it's a good idea to complete the LNS protection with this free tool:

    RogueScanner

    « RogueScanner is an open-source vulnerability management tool that is used to gain greater network visibility to enable you to quickly identify and remove rogue wireless devices that may provide a back door to access your critical data and infrastructure.
    » [Overview from Network Chemistry]

    http://www.networkchemistry.com/products/roguescanner.php

    You already have an other layer of protection (SSM) and I guess this tool may help you for this specific problem.

    See also from the same editor:

    BlueScanner
    http://www.networkchemistry.com/products/bluescanner.php
    and
    Packetyzer
    http://www.networkchemistry.com/products/packetyzer.php

    :)
     
  3. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi cthorpe,

    Did you look at the content of the packets the PC is receiving/sending?
    I you see a specific MAC address (in dest field for outgoing packets) then yes you can create some rules that will work only for your network.

    Regards,

    Frederic
     
  4. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada
    Hello cthorpe,

    If you want full protection on WiFi with LnS,I use 128-bit Secure Sockets Layer (SSL) technology, similar to that of a bank. So you can rest easy knowing that you are really safe with a (m)AES (CCM), AES (CCM), WPA2-PSK key,and have never had unwanted people connecting to my WiFi connection (SSL) is great! For privacy and over all protection.


    Good Luck :)
     
  5. cthorpe

    cthorpe Registered Member

    Joined:
    Jun 30, 2006
    Posts:
    168
    Location:
    Texas
    I'm not that concerned about others joining my network as I have WPA running with a very long password that is literally a random jumble of letters (both cases), numbers, and symbols generated by banging on the keyboard. I'm concerned about the laptop joining another network and suddenly having all of its resources exposed. I tried the MAC filtering in LnS, and I can't seem to get it to allow my PC to connect to shared resources.
     
  6. Kush

    Kush Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    138
    Location:
    Montreal,Canada
    Hi cthorpe,

    Sorry,I was just trying to say (SSL) makes your WPA key into 128-bit Secure key,but I understand what your problem is more clearly now and if you need more help you should post in the your question here:

    http://www.mntolympus.org/phpbb2/index.php?c=4


    And if anybody can help you the the administrator of this site,does have vast knowledge on LnS.He has helped many when all hope was lost!

    Good luck and hope you have it working soon.:)
     
  7. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    My Notebook allows me to temporally deactivate the WLAN radio/transmitter. (1) This saves a lot of energy => good for your battery, (2) By doing so, I can not connect to another access point without my knowledge.

    Thomas :)
     
  8. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,017
    You are right mac adresses are good to use to prevent others from joining YOUR network as i'm able to do regularly on the road from peoples unprotected networks.
    As for you joining other networks, this is basically not different than accessing any other websites.
    The main concern is to to have a good firewall that will show you invisible and prevent unauthorized inbound access.
     
Thread Status:
Not open for further replies.