Is my router secure?

Toggle sidebar Toggle sidebar
G

glen

Lifer
Apr 28, 2000
15,995
1
81
I have a Linksys E1000 router.
I have a 2 ways to access it, the main and the guest access.
BOTH require passwords, but the guest access is labeled as Unsecured network.
Here is basically what it looks like:

Disconnect or connect to another network
Show All

MyRouter Connected
MyRouter-guest unsecured
Neighbor Security-enabled network
 
E

ericloewe

Senior member
Dec 14, 2011
260
0
76
What do you mean?

If you mean "Is my router's management page secure?", the answer is: Add a strong password, disable remote access and enable https if possible.

If you mean "Can a random Wardriver steal my Wi-Fi?", the answer is definitely. You have an open guest network, so count on people using it. You say it needs a password, but that doesn't make sense since it's unsecured. I suggest you disable the guest network unless you absolutely need it. It would be better to set up a second network (dunno if a low-end Linksys does that) with a decent password that you give out (WPA2, of course).

Hope this helps, but I may not be understanding what you mean exactly...
 
Ghiedo27

Ghiedo27

Senior member
Mar 9, 2011
403
0
0
The guest account should only have access to the internet. As long as you aren't using it the security features on it uses aren't so important. You may want to disable it entirely if you don't need it.

The important thing is to have your regular wireless connection properly secured. There are different standards, but the one you want to use is WPA2. WEP and WPA(version 1) are older and much less secure than WPA2. WEP in particular can be cracked in 2 minutes or less by anyone with a program you can download for free. Avoid mixed modes like WPA/WPA2. You want it to specifically require the better standard.

There are many online guides for changing your router and computer settings. Here's one link that explains how to change settings in the web interface with a link to how to do it using the Cisco connect program if you prefer that (Linksys is the Cisco brand for home equipment).

I'd recommend setting up the router with a wired device. That way you can still change settings if you have trouble getting your wireless stuff to connect at first. There's a reset button on the router in case you ever need it, but things should go smoothly. While you're at it I would also change the SSID value and login password for your router to anything other than the default (the web interface login is separate from the password you use to connect wireless devices).
 
G

glen

Lifer
Apr 28, 2000
15,995
1
81
I know that "secure" is a relative word because any system can be broken into.
I want to know if I have the basic level of security set up.
If you were to drive past my house, you would see 3 networks available, mine, my guest network, and my neighbor's. The Connect to a Network window looks something like this:


Disconnect or connect to another network
Show All

MyRouter Security-enabled network
MyRouterguest unsecured
Neighbor Security-enabled network

Why does the guest login say unsecured, because if you try to connect, it will ask for a password. In addition, I cannot find anywhere on "Cisco connect" to set up any additional security for the guest network. The main one is WPA2-PSK; guest is unsecured.
 
JackMDS

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,545
422
126
I do not know if your Router is secured or not since you are talking about the Access Point aspect of the plastic box and Not the Routing per-se.

WPA2 is Not functionally Broken and will not be for the foreseeable future.

So if you leave aside deep "Social philosophy", technology wise it is the thing to use.

That said, technology wise some Access Points cannot use the same type of encryption for both the regular and guest access.
In such a case either buy another Wireless device that can do WPA2 for both SSIDs.


Or use WPA2 for the main SSID, and WPA for the guest, then switch off the guest when it is Not in use.


:cool:
 
G

glen

Lifer
Apr 28, 2000
15,995
1
81
JackMDS said:
I do not know if your Router is secured or not since you are talking about the Access Point aspect of the plastic box and Not the Routing per-se.

WPA2 is Not functionally Broken and will not be for the foreseeable future.

So if you leave aside deep "Social philosophy", technology wise it is the thing to use.

That said, technology wise some Access Points cannot use the same type of encryption for both the regular and guest access.
In such a case either buy another Wireless device that can do WPA2 for both SSIDs.


Or use WPA2 for the main SSID, and WPA for the guest, then switch off the guest when it is Not in use.


:cool:
Click to expand...
Alright, quick question:
Does the fact that a guest has to enter a password mean there is some sort of security?
 
E

ericloewe

Senior member
Dec 14, 2011
260
0
76
Theoretically yes, if you can confirm you have WPA2 enabled.

Try logging in to the router directly (i.e. without the Cisco connect thingy). Should be 192.168.1.1, but you can always check your manual.

That should give you a better idea of what's going on.
 
Ghiedo27

Ghiedo27

Senior member
Mar 9, 2011
403
0
0
Does the fact that a guest has to enter a password mean there is some sort of security?
Click to expand...
It's equivalent to hiding your front door key under the doormat. The reason your computer is calling it an unsecured access point is because the information traded between the router and your computer isn't encrypted at all. It's completely open to anyone in range of your wireless signal. The password they type into that web interface is sent without any sort of protection. Anyone nearby can "hear" it and just repeat it to get access to the internet.

Every time someone uses that guest connection all of the information they send is out in the open. Check movie times and grab tickets? Your credit/debit card number just went over the air. Logged into your bank to check the balance before going out for drinks? There goes your bank login information. Any time someone uses the guest connection they are completely unprotected.

edit:
OP has an E1000, which has no firmware update available for WPS attacks (e.g. reaver), therefore his router will never be secure without disabling wifi
Click to expand...
Right, it's not going to be "completely" secure. However, according to Cisco's security response that attack "could find the WPS PIN in as little as a few hours." That, imo, is still a reasonable amount of protection unless you did something to piss off your neighbors something fierce.
 
Last edited:
JackMDS

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,545
422
126
I Don't know E1000, but almost all other Models can be set to Real Security through their web interface and thier is No need to use the WPS.

WPS was made for people who refuse to learn anything about their hardware and insist upon getting Wireless individually secure out of the box. If you get Wirelss individualy secured out of the box you need to put somewhere the password, the manufacturers put a sticker on the device because no one has the Intelectual tanasity to read anything beyond.

There is not too many choices when people avoid dealing with simple issues, instead they turn them into "Huge" philosophical" life "tragedies" just because they have Allergy to read few pages.


:cool:
 
L

Lifted

Diamond Member
Nov 30, 2004
5,748
2
0
JackMDS said:
I Don't know E1000, but almost all other Models can be set to Real Security through their web interface and thier is No need to use the WPS.

WPS was made for people who refuse to learn anything about their hardware and insist upon getting Wireless individually secure out of the box. If you get Wirelss individualy secured out of the box you need to put somewhere the password, the manufacturers put a sticker on the device because no one has the Intelectual tanasity to read anything beyond.
Click to expand...

WPS cannot be disabled on all of the early Linksys E series routers, unless Cisco has released a firmware update for that model. Many other routers have this same issue. Disabling WPS via the web interface does not disable it, it simply makes it appear disabled in the interface.

WRT or Tomato, if available for your router, is a good alternative as it doesn't leave WPS enabled even after disabling.

If you live in a rural area, this is not as much of an issue.

If you live in a suburban or urban area, it is a major cause for concren. While testing reaver, it took me a few days to crack the ~40% of WPA2 enabled routers of my neighbors which were vulnerable. The E1000, running stock firmware, is vulnerable.
 
Last edited:
Lemon law

Lemon law

Lifer
Nov 6, 2005
20,984
3
0
There are all kinds of ways to look at wireless security, but any unsecured wireless
network makes any such user into nothing but a WIFI hotspot. Not to say even hardwired networks can be also hacked, but then the means of attack is different. As adding wireless to your network exposes a far easier means of attack to any self respecting hacker.

So please someone anybody please take my wife who is connected to my wireless network that could be hacked by someone else. As I only have her connected by a medium security password in her computer room 25 feet away due east of me. And of all the 802.11 standards, be it C, G, or N, I would have to have to use the longer range N standard when C will do the 25 feet and not much more through 4 layers of drywall. In terms of the nearest public road 80 feet to the North, I put a handy dandy metal plate blocking wireless to the North but not the east. After that to the East, its many more layers of drywall and siding plus close 250 feet to the nearest public road to the east.

After that I always know how many users are connected to my modem, I may be one, my wife may be two, I can also connect up one or two wireless capable laptop's that know my medium security settings, but still I always know how many of my devices are connected at any given time. Plus there is no public parking on any of my streets. And to get any closer a car or a person I could see from my computer room window would have to trespass on my property to get close enough to even detect my wireless network. And the very second they hacked my medium security security network, and added themselves in as a user, I would be shutting my modem down.

Has not happened in three plus yet, but I will cross that bridge when I come to it. The shorter your wireless range, the better we are protected.
 
G

glen

Lifer
Apr 28, 2000
15,995
1
81
So, what is the easiest way to see who or how many people are connected to the router?
 
Ghiedo27

Ghiedo27

Senior member
Mar 9, 2011
403
0
0
There's usually an "attached devices" or similarly intuitive tab in the web interface that lists information such as IP address, MAC address, and what the computer name is. I'm reading that under Cisco connect it's called "computers and devices."
 
B

beginner99

Diamond Member
Jun 2, 2009
5,315
1,760
136
Not that I do it but a good thing would also be to turn the router/AP off when you don't use it. For a serious hacker, I would guess such a network is not very helpful with unpredictable up time.

But a strong passphrase with WPA2 sure is the way to go.
Disable guest access completely. Anyone using it would get the same IP as you have in the net and whatever he does will fall back on you.
 
JackMDS

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,545
422
126
I use the Guest Account because I do not want to give Guest my main account password and get busy with too much playing with the configuration rathe than using the hardware for real purpose.

If one is really over concern (beyond WPA2) about it the security, then get an second Wireless Router that can do 802.11g only (this way guests also can not consume too much bandwidth) and set a segregate network. ( http://www.ezlan.net/shield.html ).


:cool:
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom