Is it possible (i'm sure it is? has to be?!) to set encryption on outgoing packets on a PCMCIA wireless adapter?

I have a D-Link DI-713P (wireless B) router with a Linksys WPC54G (wireless g - slows down to B, I know) and am concerned about packets being sniffed.

What can I do to protect myself from this somewhat? I don't see any options on the Linksys utility to add encryption to the packets, but I guess the encryption would have to be enabled on the router as well...

Anyone?

EDIT: Note, I have set up WEP encryption (all I have) and MAC address filtering on the router side. Just worried about the packets being sent from the PCMCIA card to the router... and being intercepted/sniffed.

Maybe I'm confused, but I just enabled WEP across the wireless side of my network and every PCMCIA device, wireless camera, wireless music player needed the encryption key or it was completely locked out of the network.

If you're using XP, the WEP key is enabled on every wireless connection by going to the "Properties" for the connection, highlighting TCP/IP and clicking the "Properties" button.

Check your wireless access point to check the status of WEP. At 128 bit, it may not be completely secure but they'll spend a heck of a long time sniffing it out...more likely they will move on to the myriad of people who have open wireless networks hanging out across every neighborhood in the U.S.!!!

I finally enabled WEP because I was seeing 2 neighbors' wireless networks -- completely insecure and broadcasting their 'linksys' SSID.

If you have configured WEP on your router, then all traffic is encrypted using your key. Do not connect to insecure networks (disable any 'auto-connect' features) and you should be fine.

Please explain what traffic you are worried about broadcasting.

Reader: WEP and SSID broadcasts are unrelated. Unless you have really interesting mgmt tools in your router, you need to configure both separately. The former encrypts traffic (nothing more) and the latter hides your network - which is only useful if you still change the deafult and use an interesting (hard to guess) name. MAC filtering is better for access control.

Skye

Cyberskye,

Interesting.

My take was that you could choose whether or not to "broadcast" that SSID and therefore, make others easily aware of its existence. (Disabling broadcast, I suspect, wouldn't do much to stop someone really trying to get in...just the neighborhood kids.) You know, the "Check for Available Wireless Networks..."

The MAC "thang" is simply noting what computers/devices MAC addresses have access to the network. While I would like to implement that, the number of "guests" who come home with the kids to study on their (coincidentally) MACs, hasn't lent itself to this. My kids have the WEP key they can share.

You can disable SSID on most routers - which is a good idea. But it's much like leaving a light on at home to discourage thieves. Security through obscurity is the term. Helpful but not to be relied upon solely.

WEP encrypts traffic. Without MAC filtering, if I guess your WEP key, I am not only reading your broadcasts (some of which, like windows and smtp passwords are in plain text) but am on your internet connection, could possibly access network files shares, you name it.

There are gpl wifi sniffers out there that are designed to 'guess' WEP keys (everyone admits it is a flawed protocol). I have it installed on my Linux-based pda to test my (and my friends) wifi security.

BTW - I live in downtown SF - guess how many wifi networks I can detect from my apartment :)

Skye

But you would never do that, right? :D Use neighbour's internet, I meant :)

Anyways - here's my issue. I just recently got a job with a big network company as a tech. I have learned a lot about WEP and TKIP and all. I have come to realize how unsecure my network is with WEP.

My issue though is this:
I have a DI-713P router, wireless B, encrypted using WEP. It's the only encryption my particular router allows. I enabled MAC access control on a certain IP so i'm not worried about someone getting into my router or my PCs. I have no concern about anyone getting into my PCs or my router, or using my internet.

What I AM concerned about is my laptop. The only time I use wireless in this house is on my laptop. After noticing many SSIDs in my neighbourhood and realizing that many people have wireless, I am concerned that someone may someday get the urge to 'sniff' packets being sent out of my laptop (on their way to the router). The 'packets' that concern me most are bank passwords (online banking), Paypal, ebay, etc.

I understand that enabling WEP on my router enables encryption on my network. I get the fact that on it's way to the router, info is packed with the WEP encryption key in it's header and that is what allows me to connect to my router (and slows down my internet a bit at the same time). What I don't get is what is protecting my packets that are leaving my laptop? What is it that I can do to protect the data being sent out of my laptop so that no network genius with a lot of time on his hands can figure out my banking info and stuff.

Can anyone help? Hope that's clear enough.

Thanks for the replies by the way!


You can disable SSID on most routers - which is a good idea. But it's much like leaving a light on at home to discourage thieves. Security through obscurity is the term. Helpful but not to be relied upon solely.

WEP encrypts traffic. Without MAC filtering, if I guess your WEP key, I am not only reading your broadcasts (some of which, like windows and smtp passwords are in plain text) but am on your internet connection, could possibly access network files shares, you name it.

There are gpl wifi sniffers out there that are designed to 'guess' WEP keys (everyone admits it is a flawed protocol). I have it installed on my Linux-based pda to test my (and my friends) wifi security.

BTW - I live in downtown SF - guess how many wifi networks I can detect from my apartment :)

Skye

I'm feeling ignorant.

On the other hand, instead of just a phrase I entered a full 26 character string of A-F, 1-0 characters. I can't tell you what a joy it is to load new hardware on the network and have to enter that every time.

How does the MAC thing work...you just gather up all the MAC addresses of everything on your network (I have LOTS of devices!) and enter them into the router?

I have a wired router, a wireless router functioning as an AP with router disabled, and a Wireless Access Point. I also have a bridge for connecting a network camera wirelessly.

Where do I control the main entries for the MAC inclusion? The main router? The Wireless Access Points?

Anyway, I'm feeling safe. Hell, I just tried to log into my wireless access point and even I don't know the password!!!

;-)

H1 ! :)

Again, I have this router...
The only way that your Wireless "b" WEP key can be broken, is someone that is sniffing your packets, only after a gig or so of data passes thru the air... thats kind of consening, if you are in a "city" like setting. The aspect of "war driving" begins to be more relevent.
The SSID broadcast, can not be disabled, because the router is a "old lady"
She wont let you down if you treat her well..
however, she'll let people in, so lock her away.... in a way of speaking... ;)

What I did, is configured a Windows 2000 Server to be a VPN Server.

So all of my Wireless clients would go to the wireless router first, on route to the VPN server, for authenticating of user name and password, then after that to my wired router. Reasons for this? Encryption within encryption, and authentication before access to wired router;
then out to the internet cloud.
You say that you see a lot of routers in your town... so you have reason to be conserned. I have a new Wireless ISP, like two houses down from me! I'll tell you, I changed a lot of my wireless thinking, after seeing their router, on my wireless network! LOL

Changing your channel (other then the default, I think "6" off of the top of my head...) might also be a good thing to do also.
I can tell you, with the right sniffing program, it is "VERY EASY" to see your SSID on your router.... from the outside, it's only a matter of time after that, with the right person behind the wheel. (right gReEd? Ack ? )
I would really think about not processing any type of data that
is "banking" or "paypal", nature ECT....
My 2 cents to you.
Be Happy,
Shinobi :thumb:

Hey Shinobi,

Thanks for the reply.

Basically you're saying that with my router, there's no way to do this? Is it just with my router? Or if I bought a new router, would there be a way to be more secure? I know TKIP ensures that the key changes all the time, so the person trying to access the data has no time to use the key they spent so long decrypting....

For the next few weeks until my house is done being renovated, I have no choice but to use wireless. I do all my banking.. online... so i guess either go to the bank (though I hate doing that - lines and stuff!) or suck it up and pray nothing happens? :P

Thanks for the info once more.

Thanks to everyone for the replies.


H1 ! :)

Again, I have this router...
The only way that your Wireless "b" WEP key can be broken, is someone that is sniffing your packets, only after a gig or so of data passes thru the air... thats kind of consening, if you are in a "city" like setting. The aspect of "war driving" begins to be more relevent.
The SSID broadcast, can not be disabled, because the router is a "old lady"
She wont let you down if you treat her well..
however, she'll let people in, so lock her away.... in a way of speaking... ;)

What I did, is configured a Windows 2000 Server to be a VPN Server.

So all of my Wireless clients would go to the wireless router first, on route to the VPN server, for authenticating of user name and password, then after that to my wired router. Reasons for this? Encryption within encryption, and authentication before access to wired router;
then out to the internet cloud.
You say that you see a lot of routers in your town... so you have reason to be conserned. I have a new Wireless ISP, like two houses down from me! I'll tell you, I changed a lot of my wireless thinking, after seeing their router, on my wireless network! LOL

Changing your channel (other then the default, I think "6" off of the top of my head...) might also be a good thing to do also.
I can tell you, with the right sniffing program, it is "VERY EASY" to see your SSID on your router.... from the outside, it's only a matter of time after that, with the right person behind the wheel. (right gReEd? Ack ? )
I would really think about not processing any type of data that
is "banking" or "paypal", nature ECT....
My 2 cents to you.
Be Happy,
Shinobi :thumb:

For the next few weeks until my house is done being renovated, I have no choice but to use wireless. I do all my banking.. online... so i guess either go to the bank (though I hate doing that - lines and stuff!) or suck it up and pray nothing happens?

With that router, my answer is "no", rather be safe then sorry.
Other more recent Wireless routers and cards (G) are suppose to be more secure, however, it has been my experience that anything can be "sniffed" and even more so, over open wireless. There is one company that I have talked to, recently, that uses a "certificate base" software, that seems to be very secure, however, it is very expensive as well... I wouldn't smash your current router, just be as careful as possible with your data.
Again, my opinion is that I WOULDN'T do anything involving money transfers ECT..., over wireless connection, with any WIRELESS router.

Shinobi

). The 'packets' that concern me most are bank passwords (online banking), Paypal, ebay, etc.
Those sites use SSL? That adds an additional layer on top of WEP - meaning that if they did crack your WEP key you would still be crypted -

Shinobi - the newer routers offer WPA(256bit) as well as WEP. It's meant to be more secure but there have already been articles to it's (lack of) true effectiveness.

I used to have a setup like shinobi's - with the local W2k vpn gateway which worked well. I have since moved to a bsd box and use ssh port forwarding for mail, web, file shares - much faster.

Here's where I'm waiting for TWW to jump in with Sonicwalls TZW. I haven't worked with that wireless product of theirs yet...but it's supposed to be VERY secure. Basically each "clients" establishes a VPN tunnel through wireless...so it's very secure. Can let someone try to sniff that all day long.

Doesn't help your issue with the DLink right now, but for business setups, or if you're REALLY worried about security...

THose are sweet - expensive, but sweet.

IBM has a really smart approach too with their new thinkpads- they have a chip that identifies itself to the access point. You remove the chip and you destroy it. Great way to finger-print someone and know that they are who they are.