Specific question about various encryption methods - wireless network

[annk]

After reading what I can find here about these issues, I still have a few questions.

Background: Had to buy a new router (D-Link DI-524) yesterday, as my less-advanced D-Link died on me.

I believe I have managed to make a MAC filter that only allows us on the network via the MAC addresses for our three computers, 2 PBs and a Mini. (Each computer has a separate MAC address for Airport and Ethernet, right? I put in all six addresses, so our computers would be allowed online via both of these methods.)

I also think I managed to deactivate SSID broadcasting. I say think, because when I put each computer back on the network, I didn't see our network's name - I had to write it in, couldn't just choose it from a list. Of course, now the name shows up in the lists on our computers, even if I turn airiport off and on again, but I assume that's because I wrote it in and the computer found and was allowed on the network.

What I can't seem to manage, is to activate either WEP or WAP without causing some problem that makes us suddenly not able to log on again. And though the router has this 802.1x business, I really don't feel confident that I understand that at all.

My question: If I've managed to block SSID broadcasting, and have done the MAC filter correctly, is it reasonable to assume that I've protected the network, despite not having WAP in place (I know WEP is hopeless and can easily be cracked)?

 

[swiftaw]

No, disabling SSID broadcasting and using a MAC filter will not in themselves protect you entirely. Both of these safeguards can be circumvented.

I would highly recommend using WPA encryption.

After reading what I can find here about these issues, I still have a few questions.

Background: Had to buy a new router (D-Link DI-524) yesterday, as my less-advanced D-Link died on me.

I believe I have managed to make a MAC filter that only allows us on the network via the MAC addresses for our three computers, 2 PBs and a Mini. (Each computer has a separate MAC address for Airport and Ethernet, right? I put in all six addresses, so our computers would be allowed online via both of these methods.)

I also think I managed to deactivate SSID broadcasting. I say think, because when I put each computer back on the network, I didn't see our network's name - I had to write it in, couldn't just choose it from a list. Of course, now the name shows up in the lists on our computers, even if I turn airiport off and on again, but I assume that's because I wrote it in and the computer found and was allowed on the network.

What I can't seem to manage, is to activate either WEP or WAP without causing some problem that makes us suddenly not able to log on again. And though the router has this 802.1x business, I really don't feel confident that I understand that at all.

My question: If I've managed to block SSID broadcasting, and have done the MAC filter correctly, is it reasonable to assume that I've protected the network, despite not having WAP in place (I know WEP is hopeless and can easily be cracked)?

 

[annk]

Ok, I'll give it a try again.

There are many options for different kinds of WAP encryption - I think there might have been as many as 6 on the list in the configuration program. Any suggestions as to whether any of them are better? Sorry I don't list them up here - I have to log on to my router to do so, and don't want to do that til I'm ready to give it another go.

 

[swiftaw]

Ok, I'll give it a try again.

There are many options for different kinds of WAP encryption - I think there might have been as many as 6 on the list in the configuration program. Any suggestions as to whether any of them are better? Sorry I don't list them up here - I have to log on to my router to do so, and don't want to do that til I'm ready to give it another go.

You probably want to use WPA-PSK

 

[annk]

I've found the place in the configuration where I can choose WPA-PSK. But there's nothing in my user manual about the further choices here. I need to know whether to choose TKIP or AES, and what the preshare key needs to looks like (how many characters, what kind of characters etc). Also - what if anything do I need to do in the prefs for the Macs to ensure that they can read this encryption?

THANK YOU in advance. I'll be gone now for a few hours, but will check this and continue as soon as I get back.

 

[sk1985]

I've found the place in the configuration where I can choose WPA-PSK. But there's nothing in my user manual about the further choices here. I need to know whether to choose TKIP or AES, and what the preshare key needs to looks like (how many characters, what kind of characters etc). Also - what if anything do I need to do in the prefs for the Macs to ensure that they can read this encryption?

THANK YOU in advance. I'll be gone now for a few hours, but will check this and continue as soon as I get back.

Use WPA 2 encryption if your router supports it. Most newer router support WPA 2, seriously check your manual and see if does. Also some router manufactures have software updates that enable certain older routers to use WPA 2. So check for some updates. WPA 2 uses both TKIP and AES encryption. If your router doesn't support WPA 2 then you'll have to just use WPA and pick between the two encryption methods you mentioned. I can't remember which one of the two is more secure (TKIP or AES). I know one of the two uses 128 bit encryption and the other uses 64 bit encryption (clearly you want to use the one that has a 128 bit encryption). Also remember that you're never 100% safe with wifi. Even with all that added protection you should remember that. So don't do online shopping over it and don't do your online banking over it.