WIFI Security

[Pghpooh]

HI
Moved into a new house and trying to set up a wifi network to use until I can get some wiring done.
I am now with Comcast HSI. I am using the Comcast modem for now and once things settle I will buy a new modem eliminating the monthly retal fee.

I am using a Linksys wifi router. I think it is the wrt160n
When setting up the security what is best? Should I use wep or wpa or wpa personal, etc?
There are no wifi users around me. I checked using Wireless Net Viewer software.

My laptop can run "N" band and if I remember right the security has to be set a certain way for "N" band to run

Do certain security settings slow down the downloads?? (Just curious)
Thanks

 

[JackMDS]

From the weakest to the strongest, Wireless security capacity is.

No Security
Switching Off SSID (same has No Security. SSID can be easily sniffed even if it is Off)
MAC Filtering______(Band Aid if nothing else is available, MAC number can be easily Spoofed).
WEP64____(Easy, to "Break" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).

-------------------
The three above are Not considered safe.
Safe Starts here at WPA.
-------------------

WPA-PSK__(Very Hard to Break).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).

Note 1: WPA-AES the the current entry level rendition of WPA2.

Note 2: If you use WinXP bellow SP3 and did not updated it, you would have to download the WPA2 patch from Microsoft.

http://support.microsoft.com/kb/893357

The documentation of your Wireless devices (Wireless Router, and Wireless Computer's Card) should state the type of security that is available with your Wireless hardware.

All devices MUST be set to the same security level using the same pass phrase.

Therefore the security must be set according what ever is the best possible of one of the Wireless devices.

I.e. even if most of your system might be capable to be configured to the max. with WPA2, but one device is only capable to be configured to max . of WEP, to whole system must be configured to WEP.

If you need more good security and one device (like a Wireless card that can do WEP only) is holding better security for the whole Network, replace the device with a better one.

Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html

The Core differences between WEP, WPA, and WPA2 - http://www.ezlan.net/wpa_wep.html


😎

 

[Pghpooh]

Jack
Thank You!

 

[Emulex]

802.11N router chipsets use WPA2 in hardware - most implement WEP in software. iirc WEP is not allowed for N but only for G according to spec 2.0

So you will feel great pain using WEP on most 802.11n routers.

 

[ichy]

WPA is only secure if you use a strong password. If you use a password that comes from the dictionary then WPA is relatively easy to brute force.

 

[Auric]

Also, disable SSID broadcast and enable MAC address filtering (entering those from your hardware -run getmac on Windows, and so on). For the WPA/WPA2 password, optionally google a generator to produce the max 63 characters and then manually replace a few of them for your own use; for example:

&uc=0H~f^W9}Z]#\@Gsen]Q5bQrLHq/KaR^>->0CB$*8LP`nl;q[+fXuz"<"`;/

 

[spidey07]

Also, disable SSID broadcast and enable MAC address filtering (entering those from your hardware -run getmac on Windows, and so on). For the WPA/WPA2 password, optionally google a generator to produce the max 63 characters and then manually replace a few of them for your own use; for example:

&uc=0H~f^W9}Z]#\@Gsen]Q5bQrLHq/KaR^>->0CB$*8LP`nl;q[+fXuz"<"`;/

It is highly discouraged to disable SSID broadcast as it can cause problems with clients. And mac filtering is all but useless because they are sent in the clear and easy to spoof. These are NOT security features and should be avoided. With a 12+ character complex passphrase and WPA2/AES nobody is getting on your network

 

[hellotyler]

Wpa2.

 

[sygyzy]

Wow, great write-up Jack!

 

[evilspoons]

I agree about not switching off SSID broadcast.

If it's switched off, it annoys people who legitimately want to use the network.

Every WiFi scanner program I've ever used picks up networks that have SSID switched off anyway so it's not any sort of deterrent whatsoever.

I can't remember where I read it but it's like taking the numbers off your house expecting that to keep burglars from breaking in. They don't care what the house's number is and will just come in anyway, but it's going to keep your friends from visiting because they can't find your address!


Oh, and... WPA2, of course.

 

[ichy]

WPA2 with a strong password will keep anyone out. Disabling SSID or MAC address filtering are wastes of time.

 

[RebateMonger]

It is highly discouraged to disable SSID broadcast as it can cause problems with clients. And mac filtering is all but useless because they are sent in the clear and easy to spoof. These are NOT security features and should be avoided. With a 12+ character complex passphrase and WPA2/AES nobody is getting on your network

Like they say:

"If MAC addresses are outlawed, only outlaws will have MAC addresses."

Or something like that...

Disabling SSID broadcast and implementing MAC filtering for WiFi just makes it harder for legitmate users and administrators without appreciably adding to security.