wireless security question

[AntMan530]

My connection drops frequently. I tried changing the router to b only....g only...but it continues to drop. I'm guessing its the wep.

I was curious if mac filtering is good enough security...I'll also disable broadcasting my ssid.

Oh yeah, should I lower the MTU more? I lowered it to 1492 as directed by someone...Most people are telling me to leave it on auto.

 

[jlazzaro]

if you change the encrytion from wep to open, do you still have disconnects? have you tried to switch to wpa?

is the wireless router and client card both running the most recent firmware/drivers?

mac filtering is no form of security...mac addresses can be easily sniffed and spoofed

 

[n0cmonkey]

MAC filtering and not broadcasting your SSID does absolutely nothing to secure your connection or your data. Sniffing the traffic is trivial.

Make sure your drivers are up to date. Make sure the retarded XP wireless utility isn't messing with the manufacturer's utility, or vice versa.

 

[JackMDS]

1. MTU is part of the TCP/IP stack and has to be set according to the type of Internet connection.

Optimizing & Measuring the "Speed" of Internet Connection.

2. Try for a while the system without any security to make sure that it is stable, it might be that the disconnection is Not the security fault.

3. Disabling the SSID would make the system even less stable.

4. MAC filtering is a very weak security measures, it helps only in an environment that all users, thier guest, and the War Drivers, are Wireless Ignorant.

5. WPA is more stable than WEP.

Wireless Security - http://www.ezlan.net/Wireless_Security.html

 

[nweaver]

2. Try for a while the system without any security to make sure that it is stable, it might be that the disconnection is Not the security fault.

good suggestion

3. Disabling the SSID would make the system even less stable.

I've never seen this cause instability...false sense of security, yes, but no instabliity (note we have run with SSID broadcasts disabled for years without issues)

5. WPA is more stable than WEP.

eh...I don't think either should effect stabliity of an AP/client....again, I don't deal so much in consumer grade, but encryption should not impact speed OR stability.

 

[NuroMancer]

Originally posted by: nweaver

3. Disabling the SSID would make the system even less stable.

I've never seen this cause instability...false sense of security, yes, but no instabliity (note we have run with SSID broadcasts disabled for years without issues)

I was under the impression when you use the windows xp zero configuration client that there are some stability issues when disabling the SSID broadcast. Could be wrong.

 

[nweaver]

WZC is craptastic when compared to a well supported utility written to support specific hardware. (Sorry, I'm biased).

I don't THINK this is the case though, as we have some in the office who use the guest wireless with wzc without issues (WZC won't support our security config)

 

[JackMDS]

Originally posted by: nweaver
WZC is craptastic when compared to a well supported utility written to support specific hardware. (Sorry, I'm biased).

You are entitled to feelings, however that does not change the reality that thousands of End-Users? did try both the original Brand Utility and WZC, and decided that WZC serves them better. It is much easier to control Wireless with WZC when you are changing between few sources every day.

I don't THINK this is the case though, as we have some in the office who use the guest wireless with WZC without issues (WZC won't support our security config)

The original statement stated that: ?Disabling the SSID would make the system even less stable".

Less stable does not mean Not working.

Your fancy stuff might compensate better than End-Users hardware, and or you guests do not stay long enough to expense the instability.

 

[nweaver]

Originally posted by: JackMDS

Originally posted by: nweaver
WZC is craptastic when compared to a well supported utility written to support specific hardware. (Sorry, I'm biased).

You are entitled to feelings, however that does not change the reality that thousands of End-Users? did try both the original Brand Utility and WZC, and decided that WZC serves them better. It is much easier to control Wireless with WZC when you are changing between few sources every day.

I don't THINK this is the case though, as we have some in the office who use the guest wireless with WZC without issues (WZC won't support our security config)

The original statement stated that: ?Disabling the SSID would make the system even less stable".

Less stable does not mean Not working.

Your fancy stuff might compensate better than End-Users hardware, and or you guests do not stay long enough to expense the instability.

Again, I won't say that it doesn't work, I jsut don't like it. I am a bit different then joe blow end user, I work only with higher end gear (Cisco AP's) and look from the perspective of function, security, and ease of administration. The Intel Pro Set hits those well...you can't do EAP-Fast, ore Eap-Fast enhancements with WZC.

Also, my Intel pro Set goes from AP to AP and network to network no issues. I am on one network in the lab (I have to manually switch from corp to lab) one on corp, one at a friends I'm at alot, one at home, and random ones on the road. The only time I touch the utility is when I need to manually switch from corp to lab or back.

The other nice thing is Single Sign on, I can get users to login to the wireless network, and authenticate in realtime (as opposed to cached credentials) so changing passwords/locking accounts etc is much better.

As far as stability with/without SSID broadcasts, where do you get that data to show that? My only experience is supporting a small company. My desktop is on wireless, and I have ~ 2 disconnects per week (or less) and I'm a "heavy user". Again, that's a cisco CB21 PCI card, and a Cisco 1200 series AP, so maybe that's why. I don't bother turning ssid off at home (and wouldn't at work, except it's management's call, and they seem to think it's "more secure" in spite of what I said otherwise)

 

[Kaido]

Quote from one of my blog entries:

If you want to add good security, I would suggest the following:

1. Add a unique admin password for the router
2. Give your router a unique name (SSID)
3. Disable the SSID broadcast (makes your router invisible to other people)
4. Type your MAC IDs into the router's whitelist (not "Macintosh" ID but "MAC" ID; it's a networking thing)
5. Add security: WPA-PSK TKIP is good, WPA-PSK AES is better; use a good password
6. Change the broadcast channel to 11 (avoids neighboring interference)
7. If you're using B & G connection devices, switch the wireless mode to "Mixed"

 

[nweaver]

Originally posted by: Kaido
Quote from one of my blog entries:

If you want to add good security, I would suggest the following:

1. Add a unique admin password for the router
2. Give your router a unique name (SSID)
3. Disable the SSID broadcast (makes your router invisible to other people)
4. Type your MAC IDs into the router's whitelist (not "Macintosh" ID but "MAC" ID; it's a networking thing)
5. Add security: WPA-PSK TKIP is good, WPA-PSK AES is better; use a good password
6. Change the broadcast channel to 11 (avoids neighboring interference)
7. If you're using B & G connection devices, switch the wireless mode to "Mixed"

Mine is to change the password to radius authenticated
Disable SSID broadcast (a pointless effort, but mgmt dictated)
ignore the mac address stuff, it's useless and a pain (takes me all of about 20 packets and I can probably bypass that)
add ENCRYPTION, WPA2-AES or WPA-TKIP
add SECURITY, EAP-Fast or EAP-TLS
Set AP to scan and change channels based on noise/load by using it's radios to scan, and requesting RM measurements from the clients

 

[n0cmonkey]

From my back patio area at my apt, I found 24 wireless networks with kismet. At least half did not use any wep or wpa protection, two used wpa or better, and only two were on channels other than 6 or 11.

 

[vorgusa]

yeah wireless security is rarely used. my apartment complex just threatened to shut people's internet down (the apartment free internet) if they do not start using secure wireless routers. a lot of these issues are based on the router you have, my 10 cents is to look up info about your router and see what other people have to say, WPA has never given me problems, but if you have an old router it might not work well, check for firmware updates