wireless network security question

[cain]

ok, in my office i have a US robotics wireless router going. 2 of the 4 computers are on wireless and others on regular lan, i am wondering if there is a way to password protect the wireless network so only the people in my office can use the network. thanks!

 

[cain]

no one knows?

 

[JackMDS]

One solid way to do so is install a RADIUS Server.

It is available for few platforms; you have to choose the one that goes with whatever your Office Server system is based on.

Part I covers the General: Using RADIUS For WLAN Authentication, Part I

Part II has information that is also platform related: Using RADIUS For WLAN Authentication, Part II

:sun:

 

[cain]

thanks, i think it cna be done in away that doesnt involve a third party software. i guess i will just call customer service and figure out whats going on, if that doesnt work, i will try RADIUS

 

[Boscoh]

Just enable WEP or WPA on the wireless router. WPA is better, but WEP is better than nothing. With WEP, just make sure you change the keys on a regular basis.

 

[InlineFive]

Originally posted by: Boscoh
Just enable WEP or WPA on the wireless router. WPA is better, but WEP is better than nothing. With WEP, just make sure you change the keys on a regular basis.

That has nothing to do with authentication. Admittedly encryption is also very important but if your router can't keep out spoofing hackers what good does encryption do?

 

[Boscoh]

Originally posted by: PorBleemo

Originally posted by: Boscoh
Just enable WEP or WPA on the wireless router. WPA is better, but WEP is better than nothing. With WEP, just make sure you change the keys on a regular basis.

That has nothing to do with authentication. Admittedly encryption is also very important but if your router can't keep out spoofing hackers what good does encryption do?

I must be missing something here....

He wants to keep people off his wireless network. He doesnt want to use 3rd party software. You need to know the WEP/WPA key before you're allowed to authenticate to the access point and thus onto the network. This solves his problem.

What did I miss?

Yes, RADIUS in an 802.1x (I'm guessing that's what you guys are getting at) will extend your AAA capabilities beyond what WEP or WPA can do, and will make sure the user with the WEP/WPA key is really who they say they are, and will give them rights to do only what they are allowed to do, and will create logs to hold them accountable for what they do on the network. It is not, however, a requirement to restrict wireless access to only authorized users. It is an additional layer of protection. His wireless AP might not even support the use of a RADIUS server for extended user authentication.

 

[MtnMan]

You can lock down the WAP so that it only accepts connections from specific MAC addresses. That will prevent them from connecting unless they go to a lot of effort to discover and spoff the MACs'.

Then set up WPA or WEP encryption to prevent interception of your data.

 

[dnuggett]

Originally posted by: MtnMan
You can lock down the WAP so that it only accepts connections from specific MAC addresses. That will prevent them from connecting unless they go to a lot of effort to discover and spoff the MACs'.

Then set up WPA or WEP encryption to prevent interception of your data.

It is no effort at all to find and spoof the MAC. That is childsplay. Also stay away from WEP, it has been cracked for about 4 years now via freeware under the nix OS. WPA is your best bet, with RADIUS if you can afford it (I am assuming you are in a Windows platform). If you are under nix, you can set it up for free if you know what you are doing.

 

[whalen]

PPPoE?

 

[suklee]

Originally posted by: JackMDS
One solid way to do so is install a RADIUS Server.

It is available for few platforms; you have to choose the one that goes with whatever your Office Server system is based on.

Part I covers the General: Using RADIUS For WLAN Authentication, Part I

Part II has information that is also platform related: Using RADIUS For WLAN Authentication, Part II

I've been running a Linksys WRT54 WAP here in the office for a few months now; and security was always in the back of my mind and I finally came here to look up some info.

The router's security setting has been on WEP the entire time as I didn't even know about WPA. At this point, at most two laptops connect to the router wirelessly but most of the time, it's just one (the BOSS). Would it be wise to take the time to implement WPA RADIUS or RADIUS Pre-Shared Key? (which is better?)

Thanks

:sun:

 

[Boscoh]

I'm assuming you meant WPA Radius and WPA Pre-shared Key.

WPA Radius would require you to install and configure a RADIUS server, but would give you more authentication and authorization capabilities.

WPA Pre-shared Key should be fine for your setup. Basically, they'll have a key and if it matches, they're allowed onto the network. There is no additional rules that could come into play as to what they can access like you might have with a RADIUS setup, unless it comes from group policies as part of a domain that they are logging into.

The decision is up to you...but there is nothing wrong with WPA Pre-shared key, it just does not provide the more advanced capabilities that a RADIUS setup might offer. Are you using AES or TKIP encryption?

 

[suklee]

oh yes, I meant WPA Pre-shared key

As you can tell, I have zero experience with WPA, so the more basic Pre-shared key sounds just fine.

WPA Radius > WPA Pre-shared key > WEP?


edit: have no idea re TKIP and AES algorithms. Which is better?

 

[Boscoh]

AES is a better choice. But if TKIP is all you have, use it. It's by no means bad.

 

[suklee]

My router gives me the option of both. Thanks for the help, I'll try to fiddle around with this WPA thing