Professional Web Applications Themes

Airport & Timbuktu Security - Mac Networking

Hi, We're on OS 9.2.2, a "snow" base-station, one desktop machine (connected to the base station), DSL, connected to base station, and one Macintosh laptop, with an airport card. I've got the latest AirPort software compatible with OS 9.2. The desktop machine has Norton firewall installed. Only ports necessary for Timbuktu are open. File sharing and Application sharing is turned off. Appletalk is turned off. The base station has a secure password. I don't normally open apps that listen to ports, anyway. FTP downloads and occasional uploads. HTTP. Email. That's about it. Personal Web Sharing (or whatever that's called) is ...

  1. #1

    Default Airport & Timbuktu Security

    Hi,

    We're on OS 9.2.2, a "snow" base-station, one desktop machine (connected
    to the base station), DSL, connected to base station, and one Macintosh
    laptop, with an airport card. I've got the latest AirPort software
    compatible with OS 9.2.

    The desktop machine has Norton firewall installed. Only ports necessary
    for Timbuktu are open. File sharing and Application sharing is turned
    off. Appletalk is turned off. The base station has a secure password. I
    don't normally open apps that listen to ports, anyway. FTP downloads and
    occasional uploads. HTTP. Email. That's about it. Personal Web Sharing
    (or whatever that's called) is not installed.

    I only use Timbuktu to communicate between desktop and laptop machines.
    The Timbuktu connection is securely password protected.

    I don't have a firewall installed in the laptop, though I guess I could,
    easily enough.

    The airport connection between laptop and base station is not password
    protected. I know how to do that, but I'd rather leave the DSL wireless
    open to unknown others, as long as I am secure.

    Recent newspaper articles make me wonder if all this is secure enough.
    It seems pretty secure to me. But, I'm not a computer professional, and
    this stuff is not exactly my hobby, either.

    Have I overlooked any important security gaps? I wonder how secure
    wireless Timbuktu encryption is, for example. I've noticed the Timbuktu
    doentation says virtually nothing about its encryption scheme, if it
    has one at all, or how secure it is.


    Thanks in advance.


    Tim Miller

    Timothy Guest

  2. #2

    Default Re: Airport & Timbuktu Security

    In article <com>, Timothy Miller <com> wrote:
     

    It doesn't have one at all. The only protection you would get is the
    obscurity of their connection protocol. (i.e., there may not be an
    easily available tool to easily access/display/decode the information
    in the tcp packets to/from timbuktu.)

    From http://www.netopia.com/en-us/support/faqs/software/win15faq.html

    "Does Timbuktu Pro support encryption?

    Since Timbuktu Pro is a set of services that runs on top of the
    protocol layer, it is fully compatible with any third party LAN based
    encryption schemes (Virtual Private Networks) or connection protocols
    such as PPTP. Passwords are encrypted and connections are established
    using a challenge and response protocol. Timbuktu Pro also provides a
    comprehensive activity log for monitoring activity. None of the
    services are encrypted by Timbuktu Pro. However, in the case of Control
    and Observe, the data is highly tokenized and would require a
    non-trivial effort to reassemble into useful data. We have never had a
    reported case of Timbuktu Control or Observe sessions being captured."
     

    If you want security then turn WEP on in your snow base station with
    128 bit encryption and a 26 character random hex password, e.g.,
    http://world.std.com/~reinhold/passgen.html. (Use of a plain language
    password reduces the key space so significantly that cracking the
    password is relatively easy with available tools. (e.g. kismac))

    http://groups.google.com/groups?selm=140320042115595957%25darrell.usenet2%4 0telus.invalid&oe=UTF-8&output=gplain

    Cheers,

    Darrell

    --
    To reply, substitute .net for .invalid in address, i.e., darrell.usenet2 (at)
    telus.net
    Darrell Guest

  3. #3

    Default Re: Airport & Timbuktu Security



    Darrell Greenwood wrote:
    --snip-- 

    Thanks Darrell,


    I wouldn't mind "sharing" by DSL connection with unknown others outside
    the building. Actually, I sort of like the idea. Id guess that if I turn
    WEP on, that won't be possible. True?


    Thanks a bunch,


    Tim

    Timothy Guest

  4. #4

    Default Re: Airport & Timbuktu Security

    In article <com>, Timothy Miller
    <com> wrote: 

    True. Yes, that is the case.

    I use Timbuktu also to control a motley collection of Macs on my LAN (I
    never sell my old Macs, I just find something for them to do :-), one
    is a packet sniffer, another runs several servers.) I personally
    wouldn't be particularly concerned about somebody investing the
    time/effort into watching my Timbuktu sessions. i.e., the effort would
    be high for the limited payoff.

    However I have locked down my ABS as hard as I can with WEP. Reason:
    password sniffing.

    I have been installing various unix net applications to play with and
    learn TCP/IP and networking, such as nessus, nmap, ngrep, snort,
    ettercap. Ettercap, an easy install under fink, to my consternation,
    offered up my passwords it had sniffed, automatically, without even a
    request from me. That is how easy it is.

    From http://www.koot.biz/docs/tech/Obtaining%20passwords.htm

    "Ettercap (v0.4.3) -download RPM here or TAR here

    An Excellent tool for sniffing networks (and password discovery).
    Collects passwords for the following protocols: TELNET, FTP, POP,
    RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP,
    SOCKS 5, IMAP 4, VNC (other protocols coming soon...)

    ....

    Using Ettercap:

    Ettercap is relatively easy to use, in fact; I don't know how they
    could have made it any easier."

    I am not a happy camper with the idea that somebody is sniffing my
    passwords. The effort is very low with a tool such as ettercap, with a
    high payoff.

    Cheers,

    Darrell

    --
    To reply, substitute .net for .invalid in address, i.e., darrell.usenet2 (at)
    telus.net
    Darrell Guest

  5. #5

    Default Re: Airport & Timbuktu Security



    Darrell Greenwood wrote: 
    >
    >
    > True. Yes, that is the case.
    >
    > I use Timbuktu also to control a motley collection of Macs on my LAN (I
    > never sell my old Macs, I just find something for them to do :-), one
    > is a packet sniffer, another runs several servers.) I personally
    > wouldn't be particularly concerned about somebody investing the
    > time/effort into watching my Timbuktu sessions. i.e., the effort would
    > be high for the limited payoff.
    >
    > However I have locked down my ABS as hard as I can with WEP. Reason:
    > password sniffing.[/ref]


    --snip--

    Presumably, ABS is airport base station, and locking it down refers to WEP.

    I have a vague understanding of *some* of the other things you wrote
    about. A lot of high level geeks here. :-) The smiley means that's a
    good thing, not a bad thing.

    I guess the bottom line is, if you want to make your fast internet
    connection available to wireless users in the area, you'd better either
    1--Know what you're doing or 2--Dedicate a machine, base station and
    broadband connection to that purpose.

    Did I get that approximately right?

    Thanks Darrel.


    Tim Miller

    Timothy Guest

  6. #6

    Default Re: Airport & Timbuktu Security

    In article <com>, Timothy Miller
    <com> wrote:
     

    Yes, sorry for the abbreviations.
     

    Yes. If you are very careful with your own traffic, not using POP for
    example, using SSH instead of telnet and https instead of http, you
    could safely share in my opinion, albeit it may be a bit limiting on
    one's capabilities.

    But my ISP's mail server is POP only, not all sites that I share
    personal information/passwords with use https and keeping track whether
    I am operating in secure or non-secure mode would be difficult for me.
    I would be taking a chance, perhaps small, on the integrity of
    anonymous driveby users if I shared.
     

    Yes.

    Cheers,

    Darrell

    --
    To reply, substitute .net for .invalid in address, i.e., darrell.usenet2 (at)
    telus.net
    Darrell Guest

Similar Threads

  1. Replies: 0
    Last Post: October 22nd, 09:23 AM
  2. Laptop Airport security
    By Randy Hills in forum Photography
    Replies: 6
    Last Post: August 28th, 10:17 PM
  3. FS: Timbuktu Bag
    By Dave Moorman in forum Mac Portable
    Replies: 0
    Last Post: August 23rd, 01:43 PM
  4. Replies: 14
    Last Post: July 20th, 09:47 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139