Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Wireless router security question

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Wireless router security question

Old 09-26-04, 10:24 PM
  #1  
DVD Talk Limited Edition
Thread Starter
 
madcougar's Avatar
 
Join Date: Feb 2001
Location: Houston
Posts: 6,690
Likes: 0
Received 2 Likes on 2 Posts
Wireless router security question

I recently picked up a second computer, and a Netgear wireless router and wireless USB adaptor. I've got the thing up and running. However, I'm a bit nervous about security issues. I've enabled the 128 bit encryption key successfully. Is this all I have to do to keep people from doing my network harm?

I have Norton Antivirus and Norton Firewall in place already, but I've been told that people will drive around to find wireless networks to hack. Is the encryption thing enough, or is there something more I need to do.

Please help. I am not smart.
Old 09-26-04, 11:15 PM
  #2  
Senior Member
 
Join Date: Oct 2000
Location: Addison, TX
Posts: 905
Likes: 0
Received 0 Likes on 0 Posts
Enable mac address filtering and turn off ssid broadcast. Use WPA if your wireless router and all the clients support it instead of wep.
Old 09-27-04, 12:21 AM
  #3  
DVD Talk Limited Edition
Thread Starter
 
madcougar's Avatar
 
Join Date: Feb 2001
Location: Houston
Posts: 6,690
Likes: 0
Received 2 Likes on 2 Posts
Just to make sure, because seriously, I'm not smart...

By enabling the mac address filtering, only the stations I choose can recieve the signal from the router and by turning off the ssid broadcast my router won't go around advertising itself to everyone, right? I did those two things. My router uses the wep thing, and not the wpa.

Thanks for your help!
Old 09-27-04, 02:06 AM
  #4  
JM
DVD Talk Special Edition
 
Join Date: Dec 1999
Posts: 1,156
Likes: 0
Received 0 Likes on 0 Posts
That's basically right. Keep in mind, however, that both MAC address filtering and SSID cloaking are *trivial* to get around, though they do provide a couple extra layers of security (thin as they may be). Strong WPA or WEP encryption is a *must*. Use strong passphrases and change them regularly.
Old 09-27-04, 11:32 AM
  #5  
Banned
 
Join Date: Sep 1999
Location: Memphis, TN
Posts: 11,544
Likes: 0
Received 0 Likes on 0 Posts
Using a non-default SSID is important, as is enabling encryption. But realistically, anybody capable of getting through the encryption is capable of getting past the MAC filtering and lack of SSID broadcasts.

SSID broadcast allows Windows and other software to display your network as one of the available networks. It doesn't allow anybody to connect without the key, it just lets it show up in the list.

I recommend leaving SSID broadcast enabled and not bothering with MAC Filtering. You can do these if you want, but they really don't add any extra security. They just make it slightly harder for you to connect new boxes to the network.

If you can do WPA, do that instead of WEP. WEP is easier, WPA is stronger. Realistically though, enabling WEP is all you need because there's a lot more low hanging fruit around there. Unless you think somebody is specifically targeting your network, don't worry about it too much.
Old 09-27-04, 11:48 AM
  #6  
DVD Talk Gold Edition
 
Join Date: Mar 2000
Posts: 2,827
Likes: 0
Received 0 Likes on 0 Posts
In case you have not already, change any default passwords for the Administration of the router...
Old 09-27-04, 11:02 PM
  #7  
Senior Member
 
Join Date: Feb 2003
Location: Eau Claire, WI
Posts: 410
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Otto
I recommend leaving SSID broadcast enabled and not bothering with MAC Filtering. You can do these if you want, but they really don't add any extra security. They just make it slightly harder for you to connect new boxes to the network.
I agree that disabling broadcast SSID is unnecessary, as it doesn't provide much security, and it absolutely kills your ability to roam on certain hardware platforms.

However, I do like mac filtering. It keeps a neighbor from even accidentallly associating to my AP, and it really isn't that much of a headache to maintain.

WPA is great if you have it, but if not, WEP isn't totally useless. If it's all you have then it's better than nothing. Sure it's easily breakable, but so is the window on my car. Having the window up keeps some kid walking by from reaching in and grabbing my spare change lying on the console. If you have WEP it may keep that kid from jumping on your network. Why take the extra time when every other yahoo on the block has nothing turned on and is using the SSID "linksys".

And if you think I'm kidding about every joker on your block having an open AP, I'm not. I'm a wireless network admin for a very large retail company. My AP's do rogue AP scans every night, and so far my list is over 600 access points located close enough to our stores for me to detect them. Over 400 of those have no security and are using the default SSID. Every morning I come in and have three or four new ones detected, and a lot more often than not they are wide open.

Last edited by Son-volt; 09-27-04 at 11:04 PM.
Old 09-27-04, 11:18 PM
  #8  
JM
DVD Talk Special Edition
 
Join Date: Dec 1999
Posts: 1,156
Likes: 0
Received 0 Likes on 0 Posts
Also, while WPA is definitely better, WEP is not as weak as a lot of people think. Breaking a 128-bit WEP key still requires capturing and analyzing a sizeable amount of authorized data traffic on your WLAN. Depending on how heavily your WLAN is used, this could take at least a few days. This is something that would be easy enough for a neighbor to do without arousing much suspicion; however, it deters a casual war driver and those who don't want to park in front of your house for a week capturing the necessary data to break WEP. Changing your keys frequently makes this all the more difficult.

BTW, by comparison, one has all the info needed to bypass SSID cloaking and MAC address filtering in just a few packets. Thus, you should never rely on them in lieu of encryption.
Old 09-28-04, 01:29 AM
  #9  
DVD Talk Limited Edition
Thread Starter
 
madcougar's Avatar
 
Join Date: Feb 2001
Location: Houston
Posts: 6,690
Likes: 0
Received 2 Likes on 2 Posts
Thanks for all the info. I wish I had done more research on all of this before purchasing the router. On the other hand, I'm not expecting anyone to actively "come get me." So if there are that many yahoos not taking care of their business, I can't imagine they'll bother with me too much. At least that's what I'm telling myself.
Old 09-28-04, 10:45 AM
  #10  
Banned
 
Join Date: Sep 1999
Location: Memphis, TN
Posts: 11,544
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Son-volt
However, I do like mac filtering. It keeps a neighbor from even accidentallly associating to my AP, and it really isn't that much of a headache to maintain.
WEP keeps your neighbors from associating to your wireless too. No need for MAC filtering for that purpose.

When I'm adding and disconnecting boxes it's a lot easier if I simply leave MAC filtering off. For one, all I have to do is to put in the WEP key on the device itself. I don't have to go find another connected machine to open the web config page and add the MAC address of the device I'm trying to connect. And if a friend comes over for a LAN party or to go out drinking or whatever, all he needs to connect to my network is my WEP key. I hand him a post-it-note with the key and let him work it out. Much easier than dealing with it myself.
Old 10-03-04, 09:16 PM
  #11  
Senior Member
 
Join Date: Jan 2001
Location: Northern VA, USA
Posts: 543
Likes: 0
Received 0 Likes on 0 Posts
How do you change the MAC filtering? How can I stop the SSID broadcast? I just read this thread an am a little confused. How can I change from WEP to WPA (I use a linksys router and adapter). If I have a relatively difficult passcode, is that the best protection in this situation?
Old 10-03-04, 09:50 PM
  #12  
DVD Talk Gold Edition
 
Join Date: Mar 2000
Posts: 2,827
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by ebs0303
How do you change the MAC filtering? How can I stop the SSID broadcast? I just read this thread an am a little confused. How can I change from WEP to WPA (I use a linksys router and adapter). If I have a relatively difficult passcode, is that the best protection in this situation?
Start reading here:

http://www.linksys.com/edu/page9.asp

follow the links, and it will give you step by step instructions for your linksys router

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.