Re: Setting Up Network Security
- From: Lem <lemp40@xxxxxxxxxxx>
- Date: Mon, 04 Feb 2008 17:04:04 -0500
Superfreak3 wrote:
On Feb 4, 3:42 pm, Superfreak3 <Matt.Wal...@xxxxxxxxxxxx> wrote:On Feb 4, 3:40 pm, Superfreak3 <Matt.Wal...@xxxxxxxxxxxx> wrote:
On Feb 4, 2:44 pm, Lem <lem...@xxxxxxxxxxx> wrote:Also, the other laptop is a Mac PowerBook, so I guess that's aSuperfreak3 wrote:In the Wireless Configuration widget on my laptop, if I select WPA-On Feb 4, 11:49 am, Superfreak3 <Matt.Wal...@xxxxxxxxxxxx> wrote:Your ability to use WPA2 (on the computer side) depends on two things:On Feb 4, 10:37 am, smlunatick <yves...@xxxxxxxxx> wrote:Well, when I attempt to run the download from the provided link, itOn Feb 4, 9:16 am, Superfreak3 <Matt.Wal...@xxxxxxxxxxxx> wrote:Is there any way to tell if XP and the Wireless Adapters are WPA2-I just purchased a TRENDNET TEW-432BRP wireless router and here isYou need to get a separate update to enable the WPA2 security with XP.http://www.microsoft.com/downloads/details.aspx?FamilyID=009d8425-ce2...
what I have so far in the way of functionality....
I currently have Broadcast SSID set to disabled
My broadcast strength is set to low
I have two computers able to access the network through MAC Filter
Now, how can I secure the wireless network more?
I want to set the encryption to WPA2 - PSK with AES (I know the PSK is
for personal as opposed to Enterprise, but not sure on the AES.). The
router setup area for this also prompts for a passphrase. What type
of value should I use here. What is this used for?
When I attempt to set up the encryption, I can no longer access the
net through my two laptops. When I attempt to set up the connection
to my wireless network on one of them via Windows Wireless Network
Configuration Settings, I am prompted for a Network Key. Where do I
get this or how is it generated? Does it relate at all to the
passphrase that would be entered as described above?
In the Wireless Network Configuration Settings area, it indicates that
if WEP is used , the key can be either 5 (64 bit) or 13 (128 bit)
ASCII characters or 10 (64 bit)/26(128 bit) HEX characters. ????? Is
this the same for WPA2?
Also, the installation CD jacket that accompanied the router has an
area to record your SSID and Encryption Key. Where do I get this key
or how is it generated? How does it relate to the passphrase or
Network key described above, if at all?
Any help is greatly appreciated. I just want to make my home network
as secure as I can.
Thanks in advance!
And you should also update all wireless adapter drivers.
Also not broadcasting the SSID is not a method of securing the
wireless network. It can cause network access problems or slow downs.
As for the Emcryption key / network key, this is the "passphrase" that
you come up with. If you set up a "key" within the wireless router,
you need to enter the same key at each wireless network adapter.- Hide quoted text -
- Show quoted text -
ready before installing XP update or adapter drivers?- Hide quoted text -
- Show quoted text -
basically indicates that what I am trying to install is older than
what is currently installed. It can only be applied to SP 1. So, I
guess I'm up-to-date.
In the Wireless Configuration Settings area, the authentication choice
does not include WPA2 on my laptop, however. It does contain WPA-PSK
(Personal) though. Will this cause problems if Router is set to WPA2?
that WindowsXP has been properly updated with WPA2 support AND that the
wireless adapter supports WPA2. If WinXP has the WPA2 updated and you
still don't see WPA2 in the wireless configuration screens for your
adapter, you may be able to get WPA2 by updating the driver for your
wifi adapter. Check the website of the adapter's manufacturer (or a
laptop manufacturer, if you're using a laptop).
If you can't configure *any one* of your wireless adapter to use WPA2,
then yes, setting the router to use WPA2 will cause problems.
On the other hand, WPA-PSK with AES encryption (if this option is
available on *all* devices) is practically as good as (if not equivalent
to) WPA2.
Finally, MAC address filtering -- like disabling SSID broadcast -- is
not an effective security measure. Although MAC address filtering is
not as likely to cause problems as disabling SSID broadcast, it's just
one more thing to have to remember to deal with if you ever have to
troubleshoot your wifi connectivity.
--
Lem -- MS-MVP - Networking
To the moon and back with 2K words of RAM and 36K words of ROM.http://en.wikipedia.org/wiki/Apollo_Guidance_Computerhttp://history.n...quoted text -
- Show quoted text -
Personal (PSK) the network key requirement changes to 'between 8 and
63 characters'. Will this be equilavent to the passphrase? Should I
write down whatever value I use here as the Encryption Key?
Also, with the WPA option in the widget, there is no AES. This is a
setting in the router, I believe.- Hide quoted text -
- Show quoted text -
different dilemma.- Hide quoted text -
- Show quoted text -
I read about not broadcasting the SSID and using MAC filters to
enhance the security not to solely base your piece of mind on them.
Once I get the Encryption thing straightened out, am I basically
secure with regard to the wireless network within my home?
I can't quite recall if when I choose WPA in my router settings if it
requires a passphrase or not.
So for the sake of clarity, the exact string of characters that I
enter in the passphrase is what is to be used in the Wireless
Configuration on my laptop as the Network Key? Is this too the
Encryption Key? It appears that the passphrase and/or network key
need to confirm to some format based on the level of encryption
desired. Is this the case?
I'm sorry if I'm being repetitive, but I just want to get this out of
the way and not have to worry much about security of my network.
If you use WPA encryption with a reasonably "strong" password/passphrase/key (more about this later), then you are indeed basically secure with regard to your home wireless network.
There are still many websites that suggest "hiding" your SSID (i.e., not broadcasting it) and using MAC address filtering as methods of increasing the security of a home wifi network. Neither technique adds much, if anything, to your security, and not broadcasting the SSID may cause problems. If you're interested, read this: http://blogs.technet.com/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx
There are 3 "flavors" of encryption commonly available for home wifi networks: WEP, WPA, and WPA2. WEP today is similar to leaving your front door open, closing the screen door, and fastening the screen door with a hook. WPA was an interim measure. WPA2 is the current state of the art for home wifi security. Prior to WPA2 being "certified," some wifi manufacturers had a setting for WPA that offered either TKIP or AES encryption. In this case, choose AES; this is the encryption scheme that's used in WPA2.
Your router may have an encryption mode that will automatically work with either WPA or WPA2, whichever your wifi adapters are capable of. If so, be sure to select that mode rather than WPA2-only or the like.
If your wifi adapters (or your laptop, if you're using a built-in wifi adapter) is less than 2 or 3 years old, it may well support WPA2. Be sure to check for any driver updates.
All encryption techniques involve the use of a "secret." Anyone who knows the secret can understand the encrypted message. Anyone who does not know the secret can not (unless they can "break" the encryption).
When WEP encryption was used, the secret was generally called a "key." In the context of WPA and WPA2, it's often called a "passphrase" (but it also may be called a "pre-shared key"). Whatever you call it, it's the secret that protects your wifi network.
When you enabled WPA or WPA2 on your router, you *did* enter a passphrase. Generally, the router instructs you that your passphrase must be between 8 and 63 characters long. Exactly what those characters are is up to you. If you decide to make your passphrase 12345678, then no matter how sophisticated the encryption technology may be, anyone who really wants to try is going to be able to easily figure out your secret and break into your network.
There are lots of tips for generating a strong passphrase (i.e., one that's not easily subject to brute force attack). Although there are password generators available on the Internet that will generate a "random" 63-character passphrase, you'll never remember it unless you write it down. In general, pick a phrase that's 15-20 characters in length, include upper and lower case letters, numbers, and symbols, and avoid "dictionary words." Some users develop mnemonic phrases that generate seemingly random passwords — for instance, the first letter of each word. Another way to make "random" passwords more memorable is to use random words (see http://en.wikipedia.org/wiki/Diceware) or syllables instead of randomly chosen letters.
Barb Bowman, an MS-MVP and frequent contributor here, has a good article on using WPA2: http://www.microsoft.com/windowsxp/using/security/expert/bowman_wirelesssecurity.mspx
Finally, I don't know the details of setting up WPA or WPA2 on a PowerBook, but it shouldn't be too difficult or much different than Windows.
--
Lem -- MS-MVP - Networking
To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm
.
- Follow-Ups:
- Re: Setting Up Network Security
- From: Superfreak3
- Re: Setting Up Network Security
- References:
- Setting Up Network Security
- From: Superfreak3
- Re: Setting Up Network Security
- From: smlunatick
- Re: Setting Up Network Security
- From: Superfreak3
- Re: Setting Up Network Security
- From: Superfreak3
- Re: Setting Up Network Security
- From: Lem
- Re: Setting Up Network Security
- From: Superfreak3
- Re: Setting Up Network Security
- From: Superfreak3
- Re: Setting Up Network Security
- From: Superfreak3
- Setting Up Network Security
- Prev by Date: Re: Setting Up Network Security
- Next by Date: Re: Unable to access internet thru LAN
- Previous by thread: Re: Setting Up Network Security
- Next by thread: Re: Setting Up Network Security
- Index(es):
Relevant Pages
|
