Go Back   nV News Forums > Software Forums > Networking And Security

Newegg Daily Deals

Reply
 
Thread Tools
Old 08-22-07, 12:44 PM   #1
911medic
Is it football season yet
 
911medic's Avatar
 
Join Date: Jun 2004
Location: Near Minneapolis, MN
Posts: 715
Default Wireless Security Questions (My Home Network)

I have a (noob) question regarding enabling security on my home wifi network.

I have an old router (802.11b), and it has MAC address filtering and WEP. So far, I haven't done anything but enable the address filtering for security (yes, I know it can be spoofed/hacked easily). I want to enable WEP, but the last time I tried, I had major problems, likely of my own making and due to my lack of understanding (I had great difficulty connecting and getting back into my router settings to turn it off).

I want to have it enabled, and am going to try again, but here's my question:

My wife's laptop connects both here and at work. If I enable WEP here at home and configure her laptop to connect to it, will it screw up her work connection? This is a BIG deal as I will seriously be in the doghouse if this happens.

And please, I know that MAC address filtering and WEP suck, but they're better than nothing. My goal is to deter the casual wi-fi stealer (oh, look, an unsecured network...I'll just connect). I live in a fairly rural area, with only a few close neighbors. I can detect 2 or 3 other wireless networks in my neighborhood.
__________________
E4300 @ 3GHz (lapped) || Tuniq Tower 120 (lapped) || Gigabyte EP45-UD3L || eVGA 8800GTS 640MB @ 648/1512/999 || 6GB DDR2-800 @ 5-5-5-15|| 74GB Raptor || 80GB Caviar || 250GB WD || Corsair HX520W || Samsung 225BW 22" LCD (1680x1050) || X-Fi XtremeGamer || Win7 RC x64 || Antec SX1040BII Server Tower || Altec-Lansing ATP3 Speakers
No comprehension to fail; I vacuum the wind for my sail
Can't be the rest; Let others waste my time?
Owning success is the bottom line

911medic is offline   Reply With Quote
Old 08-22-07, 05:13 PM   #2
911medic
Is it football season yet
 
911medic's Avatar
 
Join Date: Jun 2004
Location: Near Minneapolis, MN
Posts: 715
Default Re: Wireless Security Questions (My Home Network)

Looking at some of the other threads here, I'm wondering if I should've posted this in here at all.
__________________
E4300 @ 3GHz (lapped) || Tuniq Tower 120 (lapped) || Gigabyte EP45-UD3L || eVGA 8800GTS 640MB @ 648/1512/999 || 6GB DDR2-800 @ 5-5-5-15|| 74GB Raptor || 80GB Caviar || 250GB WD || Corsair HX520W || Samsung 225BW 22" LCD (1680x1050) || X-Fi XtremeGamer || Win7 RC x64 || Antec SX1040BII Server Tower || Altec-Lansing ATP3 Speakers
No comprehension to fail; I vacuum the wind for my sail
Can't be the rest; Let others waste my time?
Owning success is the bottom line

911medic is offline   Reply With Quote
Old 08-22-07, 06:01 PM   #3
Monolyth
Meow Mix Kills
 
Monolyth's Avatar
 
Join Date: Aug 2002
Location: END OF DAYS
Posts: 1,228
Default Re: Wireless Security Questions (My Home Network)

I believe WEP will only apply to the SSID of your home network (basically that connection's profile). It will not apply WEP across all WiFi networks available. So when she goes to work it will enable a separate network connection profile for her work.

So I'd say you'll be alright.
__________________
Gaming 5.0
Asus R4 Extreme | Core i7 3930K @ 4.8Ghz Corsair H100 | 16GB G.Skill@1866Mhz | EVGA GTX TITAN Superclocked | Sammy 40" LCD
Asus Essence One | OCZ Revo 3 120GB, Revo 3 X2 240GB | HSPC Tech Station | Corsair HX1200 | Windows 8.1 Pro


Storage 2.0
Gigabyte Z68XP-UD3-iSSD | Core i7 2600K @ 4.5Ghz NH-D14 | 16GB G.Skill@1600Mhz | Areca 1880ix-16 RAID HBA
Temp Storage - 1.8TB (4x450GB Hitachi 15k RPM SAS) | 18TB (12x3TB Hitachi RAID10) | HSPC Tech Station | Corsair HX620 | Windows 7 x64
Monolyth is offline   Reply With Quote
Old 08-22-07, 06:17 PM   #4
911medic
Is it football season yet
 
911medic's Avatar
 
Join Date: Jun 2004
Location: Near Minneapolis, MN
Posts: 715
Default Re: Wireless Security Questions (My Home Network)

Quote:
Originally Posted by Monolyth
I believe WEP will only apply to the SSID of your home network (basically that connection's profile). It will not apply WEP across all WiFi networks available. So when she goes to work it will enable a separate network connection profile for her work.

So I'd say you'll be alright.
Thanks...I'll give it a shot.
__________________
E4300 @ 3GHz (lapped) || Tuniq Tower 120 (lapped) || Gigabyte EP45-UD3L || eVGA 8800GTS 640MB @ 648/1512/999 || 6GB DDR2-800 @ 5-5-5-15|| 74GB Raptor || 80GB Caviar || 250GB WD || Corsair HX520W || Samsung 225BW 22" LCD (1680x1050) || X-Fi XtremeGamer || Win7 RC x64 || Antec SX1040BII Server Tower || Altec-Lansing ATP3 Speakers
No comprehension to fail; I vacuum the wind for my sail
Can't be the rest; Let others waste my time?
Owning success is the bottom line

911medic is offline   Reply With Quote
Old 08-22-07, 06:24 PM   #5
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Wireless Security Questions (My Home Network)

Monolyth is correct, and there's a recent thread with some great infomation. To reiterate some key points, defense in depth is a perfectly acceptable practice. While each vector of security in itself is insecure in some fashion, a layered approach is best.

To highlight some key points:

1) Tune your transmit power and antenna to not cover any area you don't need WiFi access; max power isn't the best solution.

2) Use 128 Bit WEP since that's all you have available.

3) Don't broadcast your SSID, and, set it to something to indicate you're not your average SOHO 'linksys' or 'netgear' user. Something like 'I_WATCH_ASSOCATIONS_AND_WILL_PROSECUTE' or 'Honeypot' are good examples. Even though your SSID is easily discovered with tools like Kismet, it's still a good idea.

4) Enable the firewall on your home computers. Even though your connected through a NAT router, penetration of your WiFi shouldn't be synonymous with local machine penetration.

5) Setup MAC address filtering, as you've already done.

6) Change the router password to something complex and secure to avoid penetration and intentional man-in-the-middle (MITM) attacks via DNS poisoning.

7) Firewall broadcast traffic and GARP (gratuitous ARP) to avoid arpsoof style MITM attacks.

8) Limit the maximum number of client assocations in the router/access-point to the total number of clients you have. No reason to permit 100 assocations if you only have two WiFi clients.

9) Watch your logs!
evilghost is offline   Reply With Quote
Old 08-22-07, 09:49 PM   #6
911medic
Is it football season yet
 
911medic's Avatar
 
Join Date: Jun 2004
Location: Near Minneapolis, MN
Posts: 715
Default Re: Wireless Security Questions (My Home Network)

Thanks EG...

To respond to a few of your points,

1. My router doesn't have "transmit power" control. It is an old Belkin 802.11b router (F5D6230-3), and I see no where in the control panel for it any adjustment of that kind. My laptop (and other wireless devices, I assume) have "transmit power" settings in its driver control panel, is this what you're referring to?

3. This same old router doesn't have a setting to broadcast/not broadcast the SSID. I can change it, but not choose to not broadcast it. (Oh, and "honeypot"? I don't get it...)

4. I do run basic software firewalls on all my PCs, in addition to the router.

6. Router password is fairly obscure. It's not like "b2360fd0c61e" or anything that random, but it's a 10 digit alpha-numeric password, so I hope it's good enough.

7. Using ZoneAlarm free firewall, can you suggest how I can do this? I honestly don't know what GARP is.

8. I can restrict LAN Clients to certain hours, etc, in the router, but I can't limit the max associations in the router control panel.

9. I don't do this enough.

I'm having major issues just trying to enable WEP. More on that to come. Gotta go put the kids to bed...

Thanks for the help, guys.
__________________
E4300 @ 3GHz (lapped) || Tuniq Tower 120 (lapped) || Gigabyte EP45-UD3L || eVGA 8800GTS 640MB @ 648/1512/999 || 6GB DDR2-800 @ 5-5-5-15|| 74GB Raptor || 80GB Caviar || 250GB WD || Corsair HX520W || Samsung 225BW 22" LCD (1680x1050) || X-Fi XtremeGamer || Win7 RC x64 || Antec SX1040BII Server Tower || Altec-Lansing ATP3 Speakers
No comprehension to fail; I vacuum the wind for my sail
Can't be the rest; Let others waste my time?
Owning success is the bottom line

911medic is offline   Reply With Quote
Old 08-22-07, 10:09 PM   #7
Bman212121
Registered User
 
Join Date: Jan 2006
Posts: 6,726
Default Re: Wireless Security Questions (My Home Network)

Quote:
Originally Posted by 911medic
Thanks EG...

To respond to a few of your points,

1. My router doesn't have "transmit power" control. It is an old Belkin 802.11b router (F5D6230-3), and I see no where in the control panel for it any adjustment of that kind. My laptop (and other wireless devices, I assume) have "transmit power" settings in its driver control panel, is this what you're referring to?

3. This same old router doesn't have a setting to broadcast/not broadcast the SSID. I can change it, but not choose to not broadcast it. (Oh, and "honeypot"? I don't get it...)

4. I do run basic software firewalls on all my PCs, in addition to the router.

6. Router password is fairly obscure. It's not like "b2360fd0c61e" or anything that random, but it's a 10 digit alpha-numeric password, so I hope it's good enough.

7. Using ZoneAlarm free firewall, can you suggest how I can do this? I honestly don't know what GARP is.

8. I can restrict LAN Clients to certain hours, etc, in the router, but I can't limit the max associations in the router control panel.

9. I don't do this enough.

I'm having major issues just trying to enable WEP. More on that to come. Gotta go put the kids to bed...

Thanks for the help, guys.
If it's a belkin I would worry about #1 or IMO restricting the number of wireless clients. The range on those aren't that great and they will abosuletly tank with only a few connections on them. I'm not usually one to rag on hardware but we used to have a few belkin routers, and everyone of them were horrible. They are limited in features, part of that though is because it is older, part is they just don't have them. We were having all sorts of problems once you put them under a little load. I'd be tempted to suggest upgrading it depending upon your pc. If you can use Wireless G and WPA it might be worth the upgrade as it will work a lot better and also give you some more security features. (Disable SSID broadcast, WPA, as well as Stateful Packet Inspection (SPI) and better filtering / port forwarding.)

Enough ragging though. I'm trying to figure out where you would enable it, but from looking at their quick reference manual they don't even show anything about the wireless on it. If you could print screen the page the wireless is on, or if you can't find it the login page so we can get an idea how to set it up that would be great.
Bman212121 is offline   Reply With Quote
Old 08-22-07, 10:18 PM   #8
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Wireless Security Questions (My Home Network)

Agree, at this point it's really a wise idea to upgrade to something that's going to support WPA or WPA2 so you can mitigate some of the other security concerns.

'Honeypot' is a 'hacker' term for a intentional open system used to discover/collect/audit/monitor 'hacker' activity. A loose allusion would be intentionally leaving your door unlocked and sitting behind the door with a 12ga pointed at it waiting for someone to open it. See http://en.wikipedia.org/wiki/Honeypot_%28computing%29
evilghost is offline   Reply With Quote

Old 08-23-07, 12:03 AM   #9
911medic
Is it football season yet
 
911medic's Avatar
 
Join Date: Jun 2004
Location: Near Minneapolis, MN
Posts: 715
Default Re: Wireless Security Questions (My Home Network)

I'm about at that point of replacing it. My and my wife's laptops both do b/g, but the kids' PC has an adapter that's b-only, so I'd have to replace that as well--not too big of a deal.

Too bad, since it's really worked well for us for 5+ years. Transmits well througout our house and immediate yard area; has no problems handling one hardwired and 3 wireless PCs all connecting thru it simultaneously.

If you want to see the manual for it, you can d/l the pdf here. The relevant page is #48. Here are some screen shots of the Router control panel...



^^This one shows 128-bit WEP where the router "automatically" generates a key based on a "passphrase" you enter. However, after doing this and hitting "enter," it doesn't display any key that is generated.



^^Here's the same page, except I have enabled 128-bit manual. As you can see, it populates all the hex digit pairs fields automatically with dots, so you can't see what it is. I have tried to enter my own key here, and then enter the same one into my laptop's settings, but it won't connect. As soon as you hit "enter" on this page, WEP is enabled, and my laptop disconnects from the network.

So, then I went into my laptop. I had been using Windows Wireless Zero Configuration service to connect, as the Intel ProSet software is really bloated. Here's what that control panel looks like:



As you can see, you can't put in a "passphrase" using this software, only the network key. I tried entering in the key I used in the router control panel...no luck. No connection. I tried both with the decimal places and without...nothing.

Looking a little deeper, I found that the Intel ProSet software does allow passphrase usage, so I downloaded and re-installed it. Here's what that panel looks like:



Here it says the passphrase HAS to be 13 characters. The Belkin cp doesn't say anything about that, and takes any number of characters. Either way, using a passphrase that I input into the router doesn't work. So, I tried the entire manual key. No go. Nothing I do gets my wireless devices to connect to the router once WEP is enabled. This is what happened last time I tried to enable WEP, and is also why I gave up last time, too.
__________________
E4300 @ 3GHz (lapped) || Tuniq Tower 120 (lapped) || Gigabyte EP45-UD3L || eVGA 8800GTS 640MB @ 648/1512/999 || 6GB DDR2-800 @ 5-5-5-15|| 74GB Raptor || 80GB Caviar || 250GB WD || Corsair HX520W || Samsung 225BW 22" LCD (1680x1050) || X-Fi XtremeGamer || Win7 RC x64 || Antec SX1040BII Server Tower || Altec-Lansing ATP3 Speakers
No comprehension to fail; I vacuum the wind for my sail
Can't be the rest; Let others waste my time?
Owning success is the bottom line

911medic is offline   Reply With Quote
Old 08-23-07, 12:20 AM   #10
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Wireless Security Questions (My Home Network)

G is backwards compatible with B, your B card will work just fine with a G router.
evilghost is offline   Reply With Quote
Old 08-23-07, 12:34 AM   #11
911medic
Is it football season yet
 
911medic's Avatar
 
Join Date: Jun 2004
Location: Near Minneapolis, MN
Posts: 715
Default Re: Wireless Security Questions (My Home Network)

Well, that solves that then...

Recommendations on a good router? Or link to a discussion/reviews?
__________________
E4300 @ 3GHz (lapped) || Tuniq Tower 120 (lapped) || Gigabyte EP45-UD3L || eVGA 8800GTS 640MB @ 648/1512/999 || 6GB DDR2-800 @ 5-5-5-15|| 74GB Raptor || 80GB Caviar || 250GB WD || Corsair HX520W || Samsung 225BW 22" LCD (1680x1050) || X-Fi XtremeGamer || Win7 RC x64 || Antec SX1040BII Server Tower || Altec-Lansing ATP3 Speakers
No comprehension to fail; I vacuum the wind for my sail
Can't be the rest; Let others waste my time?
Owning success is the bottom line

911medic is offline   Reply With Quote
Old 08-23-07, 12:36 AM   #12
evilchris
 
evilchris's Avatar
 
Join Date: Nov 2003
Location: San Diego, CA
Posts: 4,411
Default Re: Wireless Security Questions (My Home Network)

At my house, my wireless works as follows:

Connect to Cisco 1231AG via WPA2/RADIUS. WAP is wired to an interface on my ASA5505 that is in between the outside and inside interfaces in security level. To gain access to the inside wired network, I establish an IPSEC VPN connection to the ASA.

This solution can be considered REAL "Wired Equivalent Privacy".

If someone managed to crack my WPA2 stream, they'd wind up with an AES256 encrypted cipher stream.
__________________
[CENTER][SIGPIC][/SIGPIC]
[/CENTER][B][CENTER]--Communist Party of America--[/CENTER][/B]
evilchris is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
$29.99 - Linksys WRT120N 802.11b/g/n Wireless Home Router up to 150Mbps/ 10/100 Mbps News Archived News Items 0 06-20-12 10:00 PM

All times are GMT -5. The time now is 02:30 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.