Re: WLAN security concerns
- From: "Jack [MVP-Networking]" <jack@xxxxxxxxxxxxxxxxxxx>
- Date: Sun, 6 Sep 2009 22:45:58 -0400
You can email them this too. ;)
From the weakest to the strongest, Wireless security capacity is.No Security
Switching Off SSID (same has No Security. SSID can be easily sniffed even if it is Off)
MAC Filtering______(Band Aid if nothing else is available, MAC number can be easily Spoofed).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
The three above are Not considered safe.
Safe Starts here at WPA.
WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP bellow SP3 and did not updated it, you would have to download the WPA2 patch from Microsoft. <http://support.microsoft.com/kb/893357>
The documentation of your Wireless devices (Wireless Router, and Wireless Computer's Card) should state the type of security that is available with your Wireless hardware.
All devices MUST be set to the same security level using the same pass phrase.
Therefore the security must be set according what ever is the best possible of one of the Wireless devices.
I.e. even if most of your system might be capable to be configured to the max. with WPA2, but one device is only capable to be configured to max . of WEP, to whole system must be configured to WEP.
If you need more good security and one device (like a Wireless card that can do WEP only) is holding better security for the whole Network, replace the device with a better one.
Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html
The Core differences between WEP, WPA, and WPA2 - http://www.ezlan.net/wpa_wep.html
"Dave T." <Dave@xxxxxxxxxxxxxxx> wrote in message news:h7uuq9$85d$1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Malke wrote:Dave T. wrote:
I just set up a home wireless network (first time) and in the process
some security questions came up.
I am using a 2wire gateway provided by AT&T. It has a firewall internal,
and all 3 of my machines have windows firewall functional. In order to
make the wireless connection, I was required to enter the Passkey number
from the gateway, but I was given the choice to connect to 2 other
networks which I assume belonged to neighbors. The signals were weak,
but I tried one and was able to piggyback to the 'net with no problem.
My question is, how do I know that the neighbors are not able to connect
to my network? Should I care? Would they be able to hack into my
machines, and if so what should I do about it?
Good question, Dave T. Wireless is in the air and if you don't properly secure your wireless network, then someone sitting outside your house (or in your neighbor's house) can use your network and its bandwidth and get into your computers.
Here is general information about setting up a wireless network securely:
Have a computer connected to the router with an ethernet cable. Examples given are for a Linksys router. Refer to your router manual or the router mftr.'s website for default settings if you don't have a Linksys. Open a browser such as Internet Explorer or Firefox and in the addressbar type:
http://192.168.1.1 [enter] (this is the router's default IP address, which varies from router to router so check your manual)
This will bring you to router's login screen. The default username is left blank and the Linksys default password is "admin" without the quotes. Enter that information. You are now in the router's configuration utility. Your configuration utility may differ slightly from mine. The first thing to do is change the default password because *everyone* knows the default passwords for various routers.
Click on the Administration link at the top of the page. Enter your new password. WRITE IT DOWN SOMEWHERE YOU WILL NOT LOSE IT. Re-enter the password to confirm it and click the Save Settings button at the bottom of the page. The router will restart and present you with the login box again. Leave the username blank and put in your new password to get back into the configuration utility.
Now click on the Wireless link at the top of the page. Change the Wireless Network Name (SSID) from the default to something you will recognize. I suggest that my clients not use their family name as the SSID. For example, you might wish to name your wireless network "CastleAnthrax" or the like. ;-)
Click the Save Settings and when you get the prompt that your changes were successful, click on the Wireless Security link which is right next to the Basic Wireless Settings link (where you changed your SSID). Most computers purchased within the last 4 years have wireless hardware that will support WPA2-Personal (also called WPA2-PSK). This is the encryption level you want. If your wireless hardware is older, use WPA. Do not use WEP as that is easily cracked within minutes. So go ahead and set the Security Mode to WPA2-Personal. Do that and enter a passphrase. For example, you might use the passphrase, "Here be dragons, beware you scurvy dogs!". The passphrase is what you will enter on any computers that are allowed to connect to the wireless network. WRITE IT DOWN SOMEWHERE YOU WILL NOT LOSE IT.
At this point, your router is configured and if the computer you were using to configure the router is normally going to connect wirelessly, disconnect the ethernet cable and the computer's wireless feature should see your new network. Enter the passphrase you created (exactly as you wrote it with all capitalization and punctuation) to join the network and start surfing.
thanks for this. My router is not a linksys, its a 2wire but configuration is similar enough that it was pretty easy to go through it. It is pre-installed with a fairly hi bit strength password and the config is such that I'm more confident now than I was. I tested it by deleting the connection I had with my laptop, and tried to make a new connection without the passkey and couldn't find a way to do it. I was, of course, still able to see the 'net through my neighbors router. I guess I will have to make the rounds to see who it is and let them know that I don't need to pay my ISP anymore! 8>)