PDA

View Full Version : Re: wireless security question



Jack \(MVP-Networking\).
05-01-08, 06:46 PM
Hi
From the weakest to the strongest, Wireless security capacity is.
No Security
MAC______(Band Aid if nothing else is available).
WEP64____(Easy, to "Brake" by knowledgeable people).
WEP128___(A little Harder, but "Hackable" too).
WPA-PSK__(Very Hard to Brake ).
WPA-AES__(Not functionally Breakable)
WPA2____ (Not functionally Breakable).
Note 1: WPA-AES the the current entry level rendition of WPA2.
Note 2: If you use WinXP and did not updated it you would have to download
the WPA2 patch from Microsoft. http://support.microsoft.com/kb/893357
The documentation of your Wireless devices (Wireless Router, and Wireless
Computer's Card) should state the type of security that is available with
your Wireless hardware.
All devices MUST be set to the same security level using the same pass
phrase.
Therefore the security must be set according what ever is the best possible
of one of the Wireless devices.
I.e. even if most of your system might be capable to be configured to the
max. with WPA2, but one device is only capable to be configured to max . of
WEP, to whole system must be configured to WEP.
If you need more good security and one device (like a Wireless card that can
do WEP only) is holding better security for the whole Network, replace the
device with a better one.
Setting Wireless Security - http://www.ezlan.net/Wireless_Security.html
The Core differences between WEP, WPA, and WPA2 -
http://www.ezlan.net/wpa_wep.html
Jack (MVP-Networking).


"kaloochi" <kaloochi@discussions.microsoft.com> wrote in message
news:A94C5E14-E216-40D3-890E-09FEE01F1722@microsoft.com...
> I've just recently networked my xbox 360 with my computer using a D-link
> router. I'm using a wired connection so i didn't set encryption on set up.
> Now i've just connected, wirelessly, to my sons PSP and it automatically
> detected my SSID. Does this mean the router is wirelessly 'active' and
> anyone
> can piggyback off me? And what about accessing anything i'm doing on my
> network? Would setting encryption rectify this or what should i do?
>
>

Trespasser
05-01-08, 07:33 PM
IMHO:: Some simple things to increase security.

At least try to increase your encryption to 128bit as a minimum. It wont
stop people trying to break in but it will slow them down a little

Change the password to access your router !!!!! If they have access to your
wireless, they have access to your router and could wipe out the log files
or perhaps lock you out altogether so you cant alter any settings including
the new wireless key. DO NOT use things such as: names, admin, nimda, 1234,
1111, 0000, your house number .... etc. As an example you need to look for
something like the date (02May2008), or your birthday (22ndApril1966) ...
you see the point of using numbers and letters ????

Perhaps an alternative is to turn off 'SSID' broadcasts, I say this on the
basis that if I can't see you, Im going to look for more visible targets.

Go around your wireless devices and look for the 'mac' addresses, then edit
your firewall in your BB router to allow access by the specified 'mac'
addresses you have found on your devices. (can be tricky for the novice)

Rename the wireless connection you have at the moment. This is a give away
when I see wireless stations flying the ISP's brand name (2wire (bt), 3Com
(sky), Netgear (virgin), HomeHub (bt) .... etc). It also gives clues as to
the security level provided by default, as most home users dont bother
messing and foolishly trust the broadband provider to look after them.

Admitably wireless is very usefull (I use it myself), however if you can use
network cable to connect devices in the same room ...... DO IT!

Try turning down the wireless power if possible (usually a setting in the
router). The less area you transmit over, the less likely you are of being
picked up.

Chuck [MVP]
05-02-08, 12:08 AM
On Fri, 2 May 2008 01:33:08 +0100, "Trespasser" <annonymous99@hotmail.com>
wrote:

>IMHO:: Some simple things to increase security.
>
>At least try to increase your encryption to 128bit as a minimum. It wont
>stop people trying to break in but it will slow them down a little
>
>Change the password to access your router !!!!! If they have access to your
>wireless, they have access to your router and could wipe out the log files
>or perhaps lock you out altogether so you cant alter any settings including
>the new wireless key. DO NOT use things such as: names, admin, nimda, 1234,
>1111, 0000, your house number .... etc. As an example you need to look for
>something like the date (02May2008), or your birthday (22ndApril1966) ...
>you see the point of using numbers and letters ????
>
>Perhaps an alternative is to turn off 'SSID' broadcasts, I say this on the
>basis that if I can't see you, Im going to look for more visible targets.
>
>Go around your wireless devices and look for the 'mac' addresses, then edit
>your firewall in your BB router to allow access by the specified 'mac'
>addresses you have found on your devices. (can be tricky for the novice)
>
>Rename the wireless connection you have at the moment. This is a give away
>when I see wireless stations flying the ISP's brand name (2wire (bt), 3Com
>(sky), Netgear (virgin), HomeHub (bt) .... etc). It also gives clues as to
>the security level provided by default, as most home users dont bother
>messing and foolishly trust the broadband provider to look after them.
>
>Admitably wireless is very usefull (I use it myself), however if you can use
>network cable to connect devices in the same room ...... DO IT!
>
>Try turning down the wireless power if possible (usually a setting in the
>router). The less area you transmit over, the less likely you are of being
>picked up.

Turning off SSID broadcasts is security by obscurity. Maybe you don't see
someone with SSID broadcast disabled. Anybody worth fearing will see you
though.
<http://networking.nitecruzr.net/2005/05/disabling-ssid.html>
http://networking.nitecruzr.net/2005/05/disabling-ssid.html

Also, remember that the people to be feared will have ultra sensitive receivers.
Your turning your power down will inconvenience you more than the bad guys.

The only real WiFi security is from using WPA or better, with a randomly
generated key.
<http://networking.nitecruzr.net/2005/05/setting-up-wifi-lan-please-protect.html>
http://networking.nitecruzr.net/2005/05/setting-up-wifi-lan-please-protect.html

Renaming the SSID to something a) unique and b) not relevant to your identity is
a good idea though. If only for physical security.

--
Cheers,
Chuck, MS-MVP 2005-2007 [Windows - Networking]
http://networking.nitecruzr.net/