Few newbie security questions

[Rob9874]

I just set up my first wireless network at home. I will use it for my work laptop (IBM T30) and my wife's new Dell laptop, which has yet to arrive. I want to learn all I can about wireless security. I searched the archives and Google, but didn't find anything good. Can someone point me to a good resource to at least make sure I have the basics covered?

Here's the issue I have. The router (Dell TrueMobile 2300) and card on my wife's computer are 802.11g and WPA enabled. However, my work laptop allows only WEP security (I'm sure I'm using noob verbiage!). Is WEP that bad? Am I better off using WPA on the router and my wife's laptop? Will my laptop not be secured? How about with a firewall?

After connecting, I can sign into my company's network via a VPN. If I went WPA, which doesn't work for me, and use the VPN, am I secure? How about with Zone Alarm too?

I'm such a newbie when it comes to wireless, and I'm so embarrassed because I know the rest of computing pretty well. Thanks in advance!

 

[Kaervak]

First, a great resource for wireless is here. WEP isn't all that bad. For a home user it's plenty fine. One of the drawbacks of WEP is that it can be easily cracked due to how it's implemented. If the router can do both WPA & WEP at the same time, you're good. If it can only do one or the other, I'd use WPA. Now, if you don't use WEP and just use a firewall you're not protected. WEP encrypts the data being sent to you, a firewall won't do that it just keeps things from getting in and out of your system. Yes if use use a VPN or IPSEC and don't use WEP you're secure. VPN & IPSEC encrypt the data. What you can do if you don't want to use WEP or WPA at all is use VPN or IPSEC with your wireless. Some people that have wireless do this. As long as your data is encrypted, you're good to go. And if I'm wrong about anything, anyone please don't hesitate to correct me.

Edit:

Also turn off SSID broadcast and use MAC address filtering. Just a couple of extra things to do to help keep people from finding/accessing your wireless. And WPA is making it's way to all wireless hardware. So all the old WEP gear will have a firmware update to support WEP. Check your manufacturer's website to see if they have it.

 

[Rob9874]

Thanks for the tips! That was just what I was looking for. I will use WPA when my wife's laptop arrives. I can only do one or the other. I called my company's IT dept, and they said they only support WEP on my laptop. (And I work for Intel, go figure.) The card says High Rate Wireless LAN. I'm assuming it's an Intel card? Isn't that horrible that I don't know?

So whenever I use my laptop, I'll just sign on to Intel's VPN. Then is my connection 100% protected via the VPN?

And the key is just a password I set myself? (Using alpha, numeric, and special characters, I know)

 

[Kaervak]

Well, if it's a Centrino based system then it's Intel's card. If it's not Centrino based, then it could be anyone's. However, almost all the WiFi cards use the same base chipset so there really isn't a whole lot of difference between the cards. I wouldn't say 100% protected, anything can be cracked and compromised but VPN's are pretty damn secure. Yes, the WEP key is set by you. There are some setups that can auto generate/rotate the keys. The higher level of WEP the longer the key. I'm using D-Link's 802.11b+ gear and I've got 256bit WEP running, the key is 50 something characters IIRC. And it has to be entered manually too.

 

[martind1]

Originally posted by: Rob9874
I searched the archives and Google, but didn't find anything good.

search harder.