How safe is wireless without encryption?

[stimpyman77]

Hello all..

Being a wireless networking newbie, I would like some feedback. Is it absolutley necessary to run encryption on the network? I have disabled the SSID broadcasting and have employed the use of MAC filters to control access to my Linksys WAP54G. Something just doesn't feel right without encryption. I know that this is a good starting point, but I tend to err on the paranoid side. How much of a hit will I sustain by enabling WPA? or is current config ok? General use of the network is file and print services
with the usual email and internet activity for an office of 12 people. I just don't want everything to slow to a crawl.


Thanks!

Stimpyman77

 

[JackMDS]

Should not be a noticeable difference between WEP and WPA.

However you would not know unless you have the Guts to try.

:sun:

 

[Boscoh]

Originally posted by: stimpyman77
Hello all..

Being a wireless networking newbie, I would like some feedback. Is it absolutley necessary to run encryption on the network? I have disabled the SSID broadcasting and have employed the use of MAC filters to control access to my Linksys WAP54G. Something just doesn't feel right without encryption. I know that this is a good starting point, but I tend to err on the paranoid side. How much of a hit will I sustain by enabling WPA? or is current config ok? General use of the network is file and print services
with the usual email and internet activity for an office of 12 people. I just don't want everything to slow to a crawl.


Thanks!

Stimpyman77

12 people on a WAP has the potential to slow to a crawl REAL quick with or without encryption...been there, done that. All it's gonna take is a couple people doing some big file transfers in the LAN and there goes your bandwidth. Figure you're gonna get 18mbps average real-world throughput rates. That's shared (unequally) among the clients. I'd drop some CAT5e to a couple of the clients if I were you...if you've got some heavy hitters of the file/print services, put them on CAT5e along with your servers.

I dont know about the WEP/WPA performance hit...that seems to change with every generation of hardware. WPA-AES should give you the least performance hit though, if your hardware supports it. TKIP might be a little higher I think. Should still be under 15% though.

Edited for second thoughts .

 

[ktwebb]

12 people on one AP? .11g AP I hope and even then, unless your talking about internet connectivity, that is too many people. Heavy file sharing on what amounts to about 25-30 Mb of shared bandwidth doesn't work. If your talking about a .11b AP WLAN then you can fo-git it. Can you say dialup speeds when multiple people are transferring data over the wireless segment? Well maybe ISDN speeds. If you really intend of doing file sharing with 12 folks, then you should strongly consider using a multiple Access Point infrastructure. If the file sharing is really light and you don't expect large email attachments then you might be fine. Even with the added bandwidth of .11g AP's, low power microwave still isn't ideal large data transfer activity.

 

[stimpyman77]

Just to clarify some details, there are multiple access points, 3 of them to be exact. Two of them are 802.11g in the heavier use areas, the least used area is 802.11b and so far no complaints. I did caution them about the issues they would encounter if someone started to hog bandwith with apps like Kazza and huge attachment downloads etc. I would have to say that their usage for now is light to medium. The people that hit the server the most (secretaries) are hardwired 100mb already. I was more worried about people being able to connect to the network by sniffing the traffic, since I was not using encryption. If I am filtering MAC addresses already I am assuming that someone would have to forge one to get on the network. I know that the ability to forge a MAC address exists, but I guess I am gambling with the idea of how many people capable of this will drive by signal range and attempt it. I will have to setup the encryption to test and see what gives.. Like JackMDS said, you have to try..



Thanks for your input everyone.. it always tickles the brain.

Stimpyman77

 

[Boscoh]

Originally posted by: stimpyman77
If I am filtering MAC addresses already I am assuming that someone would have to forge one to get on the network. I know that the ability to forge a MAC address exists, but I guess I am gambling with the idea of how many people capable of this will drive by signal range and attempt it.



Stimpyman77

If you're in an urban area, you might be very surprised. Changing a MAC is very simple, whether it be on MacOS X, Windows XP, 2000, or Linux. Very simple to do.

 

[Cheetah8799]

How safe is wireless without encryption?

Depends on if you like sharing your internet connection and all your networked systems with people in range to connect to your ap.

I suggest you use any and all security precautions that your ap provides. mac filtering, wep encryption, SSID name hiding, etc. etc.

 

[Goosemaster]

Originally posted by: Cheetah8799

How safe is wireless without encryption?

Depends on if you like sharing your internet connection and all your networked systems with people in range to connect to your ap.

I suggest you use any and all security precautions that your ap provides. mac filtering, wep encryption, SSID name hiding, etc. etc.

Aye. Wireless is incredibly insecure WITH WEP or WPA. Without them is is just like leaving a CAT 5 cable leading to a park across the street with a sign that says "le sex."


I recommend the Mutiple AP recommendation. In addition, look into highergrade equipment like a Cisco Aironet[sic] or an Orinoco(proxim) ap-2000 etc.