PDA

View Full Version : Wireless Security



linksys
12-Jan-06, 22:56
Hi

Just bought a Linksys Wireless G router and Linksys Wireless G USB thing for my PC so I can relocate the PC to the spare room and still use it for web etc. I want to secure my network and don't know if I should be using WEP, WPA Pre-Shared Key or WPA Radius. Does this mean anything to anyone who can advise please?

Best wishes

The Angel Of Death
13-Jan-06, 00:24
wpa pre shared key is more secure than wep but as long as the wep is set to 128 bit encryption then it shouldnt make that much diffrence to be honest as long as the password or passcode you select isnt to easy to guess

linksys
13-Jan-06, 20:14
thanks for that I have done as advised

cullbucket
13-Jan-06, 23:18
I recently set up my wireless at home but couldn't get the encryption to work. I spoke to the IT guy at work and he suggested setting up so that only specified MAC adresses can access your router (that is what he has done at home too). This was really easy to do and it took about 5 mins to set up both my PCs. While any data you send or recieve is not encrypted, nobody can sit next door and log on and surf on your router, which is all I was really worried about....

Bobinovich
13-Jan-06, 23:24
I'd have to agree with cullbucket here. Putting encryption on you system slows it down so allowing stations with particular MAC addresses makes much more sense.

I've set up a number of wireless networks in the above manner and most of them are unencrpyted (except where someone has insisted on the extra security) - even where other wireless networks exist in the vicinity.

jjc
14-Jan-06, 01:35
If all you are trying to do is stop the kid next door from turning on his Nintendo DS, automatically discovering your wireless network, connecting and using your bandwidth then tying down the clients that can connect by specifying their MAC addresses is fine but all that you are doing is restricting your network, you aren’t securing it.

It really doesn't take much effort to clone a MAC address... if you want security then use security, if you don't then don't; but using half-measures and calling them secure just leads to complacency.

cullbucket
14-Jan-06, 09:45
Let me first make it clear that I am no expert in this area, I just managed to get my wireless router working.
Stopping nearby PC users accessing my wireless network is exactly what I am trying to do, I was more worried about the local paedophile logging on and acessing all sorts of dodgy sites via my router.

Someone who knows more about this than me said it was not easy to intercept the data anyway and that "the only people likely to have the equipment would be the government"

Is this true or is my heed being filled?

jjc
14-Jan-06, 15:54
I restrict access to my wireless network because I don’t want anybody else to use it to access the web. Of course that includes the worst-case scenario of a paedophile piggybacking onto my connection to access illegal content, but I’m more worried about the kid next door using my bandwidth to download huge files and eating into my upload limit with file sharing.

I secure my wireless network because I use it to access my work network when I am on call and because I bank online.

Actually, it is very easy to intercept data on a network – wireless or otherwise. If you don’t restrict access to your network then anybody with a wireless-enabled PC/laptop within range can connect to it. Once they are connected all they need is a packet sniffer and they can see the data flowing through the network. Packet sniffers are fairly easy to use and are readily available for free download from the web.

To give you an example of how powerful packet sniffers can be in the wrong hands, we recently used one (legitimately) at work. We had an old application that connected to an old database and we needed to know the username and password it was using. The company who supplied it had gone bust years ago so we couldn’t ask them; instead we installed a packet sniffer and fired up the application. The username and password were right there in plain text (there’s a reason the company went bust) in the data flowing across the network. Of course, if we tried the same thing on an encrypted network we would only have seen garbled rubbish.