Configuring and securing a WiFi network

[riahc3]

My main computer is plugged thru ethernet and running Windows Vista Ultimate. My moms laptop is also plugged thru ethernet running Windows XP Home. We just got a new laptop running Windows Vista Home Premium and it has to be connected thru WiFi. I got it connected :) now I just need help setting up security. My router has these options:

WEP

PSK-Personal

PSK2-Personal

PSK-Enterprise

PSK2-Enterprise

Radius

Which security method should I use? I tried WEP but once I autogenerated the 4 keys I have no clue what to do.

Im right now using PSK-Personal but the laptop connects without the password I put or anything. Serious help needed thanks.

[Craig Brass]

I'd use WEP. Generate a key and then copy that key to a pen drive or write it down. Once you have done this, enter it on the laptop when it finds the wireless network.

I'd also use access control too based on MAC codes.

[riahc3]

I'd use WEP. Generate a key and then copy that key to a pen drive or write it down. Once you have done this, enter it on the laptop when it finds the wireless network.

I'd also use access control too based on MAC codes.

When I generated the key, it generated 4 keys. I wrote the 4 down and when I tried to connect thru the laptop it asked me for the key. I put the first one and it didnt work.

[aero9]

WEP is primitive and can be hacked in a matter of seconds, id use psk2 or atleast psk.

dont use WEP.

psk stands for pre-shared key, its simple to setup, just select a key (any aplhanumeric string) shre it with the wifi enabled comp and ur set.

[matty13]

I'd use WEP. Generate a key and then copy that key to a pen drive or write it down. Once you have done this, enter it on the laptop when it finds the wireless network.

I'd also use access control too based on MAC codes.

No, it was on the news, to use WPA couple days ago as WEP's are being easily cracked now.

[SIE]

If you can just use MAC address filtering and disable SSID broadcasting.

[riahc3]

psk stands for pre-shared key, its simple to setup, just select a key (any aplhanumeric string) shre it with the wifi enabled comp and ur set.

Im using PSK but when my laptop connects to my router it conects automatically without asking for a password or anything and I have a password set.

[TurboTuna]

I'd use WEP. Generate a key and then copy that key to a pen drive or write it down. Once you have done this, enter it on the laptop when it finds the wireless network.

I'd also use access control too based on MAC codes.

If you can just use MAC address filtering and disable SSID broadcasting.

<snipped> Please don't advise on something that you clearly have no idea of.

WPA2 is what you want. PSK2 as shown by your post, assuming your hardware supports it. Ignore anyone that suggests otherwise.

Edited June 11, 2007 by Fred Derf

[SIE]

<snipped> Please don't advise on something that you clearly have no idea of.

WPA2 is what you want. PSK2 as shown by your post, assuming your hardware supports it. Ignore anyone that suggests otherwise.

As far as encryption goes yeah WPA2 is the best option, but you think MAC address filtering and disabling SSID broadcasting is a bad idea? Why is that?

Edited June 11, 2007 by Fred Derf

[primexx]

As far as encryption goes yeah WPA2 is the best option, but you think MAC address filtering and disabling SSID broadcasting is a bad idea? Why is that?

Security by obscurity never works alone. It helps, but it should never be used as your primary method. And then there's the whole MAC filtering doesn't actually lock out other people thing.

Personally, I use WPA2 with a 63 character alphanumeric key and disabled SSID broadcast. For XP machines you'll need a patch to enable WPA2 functionality.

[oceanseleven]

MAC filtering is very secure. I have 3 MAC addresses setup to access my network wirelessly and if anybody knows how to hack their physical MAC address to look like its one of those 3, well then fine, you can access the internet from a few hundred feet of my house. If he wants anything on my network, he can have it, theres nothing there.

[TurboTuna]

MAC filtering is very secure. I have 3 MAC addresses setup to access my network wirelessly and if anybody knows how to hack their physical MAC address to look like its one of those 3, well then fine, you can access the internet from a few hundred feet of my house. If he wants anything on my network, he can have it, theres nothing there.

I think you'd change your tune when you start getting police turn up at your door for browsing *very very naughty* things. Especially when it wasn't you that did it.

Mac address are sent via plain text, and can be captured and changed easily. Hardly secure.

[oceanseleven]

I think you'd change your tune when you start getting police turn up at your door for browsing *very very naughty* things. Especially when it wasn't you that did it.

Mac address are sent via plain text, and can be captured and changed easily. Hardly secure.

Well hardly secure is a judgement call, but i think it is secure. WPA2 does not currently have a weakness so i suppose we should all just do that but i dont have a problem with the way i'm doing it. it is easy to capture, but given the requirements (within 150feet of my apartment and in a good hiding spot) its fine. i'd be willing to say you could break into my house and plug into my router directly to do your illegal activity and have the same chance of getting caught.

[+BudMan MVC]

GAWD.. Will the FUD never die?? Mac filtering is fine as a method of access control - as a security measure, no not really! It's a pointless waste of time if being used for that. It only makes it harder for you to add/allow machines to access your own network.

Not broadcasting SSID, is again pointless - an again just causes grief for the owner of the network trying to add users, or let uses access their network.. Who do you think not broadcasting your ssid keeps out?? Grandma next door??

Use WPA2, if you want to move to the next level of security then use a radius server for auth, or for that matter go with 802.1x an EAP-TLS, an require each client to have cert..

Isolate your wireless segment from the rest of lan an only allow the required pinholes into your wired network, use mac filter to control who can use the pinholes, etc..

But to be frankly honest, if you really think mac filtering an not broadcasting your ssid are methods for wireless security - you really should not be giving out advice about wireless anything.

edit: as to 150 feet of your apartment.. Did you walk that out, checking signal strength.. Is there a fence at 300 feet that keeps people away? What antenna did you use to see what signal strength was available? ;)

As already mentioned security thru obscurity is not security -- just because you think your network is hidden, does not mean its secure!

[Bgnn32]

So many people here with no clue. MAC Filitering does nothing, same with not broadcasting your ssid and WEP does next to nothing.

WPA2 is all you need.

[riahc3]

WOW...alot of confusing information in this thread.

For now, Im using MAC filtering and noone has accessed my network except the laptop that needs to. This is a small town so I dont think there are any big time hackers around here with enough knowledge.

[FATILA]

You should combine all the methods mentioned here, not choose which one you think works better than the others. Wireless networking is not, and may never be totally secure; but you can reduce the chance of intrusion by 1) Encryption and 2) Making network less visible. WPA2 is the best method currently, but use WPA if not all your devices support it, diabling SSID and mac filtering can only help with security.

[+BudMan MVC]

For now, Im using MAC filtering and noone has accessed my network except the laptop that needs to. This is a small town so I dont think there are any big time hackers around here with enough knowledge.

An how exactly do you "KNOW" someone has not used wireless network?? As to small town -- you do not have to be a big time hacker to bypass a mac filter.. You have to be able to search google - an have basic understanding of what they are talking about ;)

Does not matter if you live in a town with slack jawed morons, you clearly have the means to secure your network.. Your the one that posted the different options your router supports.. Look up the differences between the different methods you posted..

Any security would be better than NONE.. for gosh sake, it would take you 2 seconds to turn on WPA an pick out a goog password to use.. 20 some characters should be fine..

It's quite simple to find out that WPA2 is the current standard for wireless security, any simple google on wireless security will show this -- why would you not turn that on, if your hardware supports it????

[Bgnn32]

For all of you who actually think MAC Filtering is a viable security method read this article http://www.lockergnome.com/nexus/it/2005/0...ac-filtering-2/

It explains in easy terms how MAC Filtering does nothing for security, although the article it self is a little foolish as after it finishes explaining how easy MAC filtering is to get around it says to use it, but still it clearly shows how easy it is to get around.

And rIaHc3 how do you know noone has accessed your network? Router logs can be cleared and tampered with.

diabling SSID and mac filtering can only help with security.

Explain how then... if your so sure it helps with security how does it?

[S7un7]

Use at least WPA, it uses less overhead than WEP, and like everyone says, WEP is not a good form of protection.

[FATILA]

For all of you who actually think MAC Filtering is a viable security method read this article http://www.lockergnome.com/nexus/it/2005/0...ac-filtering-2/

It explains in easy terms how MAC Filtering does nothing for security, although the article it self is a little foolish as after it finishes explaining how easy MAC filtering is to get around it says to use it, but still it clearly shows how easy it is to get around.

And rIaHc3 how do you know noone has accessed your network? Router logs can be cleared and tampered with.

Explain how then... if your so sure it helps with security how does it?

That article only decrys using mac filtering as the sole method of securing a network.

[riahc3]

An how exactly do you "KNOW" someone has not used wireless network??

No network activity from the wireless light :) If someone tried to access the router or turned on their WiFi signal to search for networks there would be activity.

None the less, I have to comment that my Linksys WAG300N does not support WPA :(

[Bgnn32]

so you sit there watching your wireless light 24/7?

[funkymunky]

I have the option for four different types of WPA2 which shall I use??

[+BudMan MVC]

None the less, I have to comment that my Linksys WAG300N does not support WPA :(

I highly doubt that! Clearly stated on the spec sheet for a wag300N

And the manual clearly spells it out as well that it supports both WPA and WPA2 for both psk and enterprise modes.

PSK = WPA

PSK2 = WPA2

have you even bothered to look at your manual????