Help! needed to secure wireless connection

Stephen_Leak

I'd still use both WEP, but with something else like WPA or WPA-PSK.

No individual security protocol is 100%. The best example of really good security is still the old mediaeval castle - lots of obstacles for an attacker to get through, some difficult, some very difficult.

I know that WEP isn't very secure, but neither is your front door: locks can be picked and it could be just smashed in. So, when you go out, would you leave your front door open? Of course not. You shut it, lock it and - if fitted - set the alarm as well. If you won't be back until after dark, you turn some lights on or use a timer switch. You get the idea?

espresso

Al_Mac wrote: »

Nothing wrong with a little scare mongering, but the doom mongering that goes with it, a little over the top, in my opinion

It is not doom mongering! If you access online banking/shopping etc. over an insecure network, you deserve to get fleeced. It is very easy to hack a WEP encrypted wireless network and MAC address filtering achieves nothing, as the MAC is transmitted in the packet headers for anyone to see.

WPA and WPA2 were devised to overcome WEP's vulnerabilities. WEP is redundant now, although some big ISP's still seem to provide wireless routers with pre-set WEP keys!

gavinp

WEP can be broken in one minute, WPA-PSK with a good passphrase can take over 150 years apparently...

Not difficult to work out which one you should be using, is it ?

Thanks

Gavin

pks00

Are we talking about wireless security here or PC security.
Someone hacking into your wireless doesnt necessarily mean they have access to your net activities.
Surely thats where firewalls come in.

I mentioned WEP only because I put down my config. The link from Belkin that I gave uses WPA.

I also use Sygate and test myself using grc.com. I only have a few ports open and thats for a specific purpose.

superscaper

I've never seen teams of criminals testing people's front doors but I think I'll keep locking mine thanks. Is it really worth the increase risk just to save yourself a couple minute extra work.

pks00

Certainly is with mine. When I get home at the weekend, Im gonna try hack it. But probably change to WPA.
I can see where Al Mac is coming from. Better to lay down all options and explain rather than dissing one option.
As least then u can give informed choices then let people decide what option they want to do.

superscaper

Al_Mac wrote: »

Leaving your door unlocked does not mean you will get robbed.

That's exactly my point, but that doesn't mean that you should leave your door unlocked (if you are the kind of person that does then obviously my arguments are pointless anyway to you). I never said you have to use WPA, because with some legacy devices you won't be able to (although even my very oldest equipment works with WPA) but if you have the choice between a more secure network and a less secure one then why choose the less secure when there's hardly any difference in the effort it takes to implement the more secure one. I wouldn't think of entering bank details into a site that wasn't using SSL etc but I'm sure the chances of any data being intercepted if it wasn't secure are probably quite low. Every encrypted network I can see in my area uses WPA so it's best at the very least not appearing to be the weak one that would attract any nefarious activity.

albertross_2

The analogy I'd use, is you have a door with a 5 lever mortice lock and a yale lock as well, why use the yale lock when the mortice is far more secure.

To the question about whether they can get at your PC, if your encryption is cracked, or you have no encryption, then they can read your emails, every site you goto, passwords and may be able to get at your files depending on the software firewall and file sharing settings.

The chances of someone having a go at your wep are slim, but as friendlier and quicker cracking tools become available, then the odds of a kid in the street having a go will become more likely, especially if it can be done in a minute.

in answer to the original question, here is a guide for Belkin routers

http://www.crn.com/white-box/163106150?pgno=2

superscaper

albertross wrote: »

The chances of someone having a go at your wep are slim, but as friendlier and quicker cracking tools become available, then the odds of a kid in the street having a go will become more likely, especially if it can be done in a minute.

And the more the media highlight it then the more unsavoury types will start looking into it as well.

pks00

We talk about WPA here, but there seems to be different types. My linksys router has 4 options (5 if u include disable ), two of which are WPA

WPA Pre-Shared Key
WPA RADIUS
RADIUS
WEP


Here is the help page on WPA.

WPA Pre-Shared Key: There are two encryption options for WPA Pre-Shared Key, TKIP and AES. TKIP stands for Temporal Key Integrity Protocol. TKIP utilizes a stronger encrytption method and incorporates Message Integrity Code (MIC) to provide protection against hackers. AES stands for Advanced Encryption System, which utilizes a symmetric 128-Bit block data encryption.

To use WPA Pre-Shared Key, enter a password in the WPA Shared Key field between 8 and 63 characters long. You may also enter a Group Key Renewal Interval time between 0 and 99,999 seconds.

WPA RADIUS: WPA RADIUS uses an external RADIUS server to perform user authentication. To use WPA RADIUS, enter the IP address of the RADIUS server, the RADIUS Port (default is 1812) and the shared secret from the RADIUS server.


So people with othe routers, I dont know how many types of WPA encryption there are but something else to take into consideration I guess.
I think the RADIUS one is out of the question since u need a radius server