Which wireless security should I run?

[munckee]

I got a linksys wireless router yesterday. Setup was a breeze, but I'd like to get the security encryption running. It offers:

WPA Personal
WPA Enterprise
WPA2 Personal
WPA2 Enterprise
Radius
WEP

Which should I run? Any tips for it? I know one of them requires a "$" in front of the password or something?

Thanks!

 

[prostuff1]

To be honest i dont know. You could try MAC filtering instead of the password protection...or you could use MAC and password.

I have a linksys WRT54G v. 3.1 and i have never been able to get the password protection to work. If anyone can help me that would be great also.

 

[stevep]

I don't bother with anything other than MAC address filtering, and hiding the network name just to stop casual passers-by.

 

[tivoboy]

what is your concern?

And where do you live?
If you are concerned with ACCESS then you can turn off the SSID and use MAC address filtering and that will highly limit any casual passersby.

Are you concerned with the DATA travelling wirelessly over the air and that someone could SNIFF it and decode it and VIEW your data, then you need to ENCRYPT it with an encryption schema: Generally, WPA is fine, WAP2 is better. Start with what you feel is necessary and you are confortable with. All encryption programs will slow perforance a bit.

The ABOVE items, turning off SSID broadcasting and using MAC address filtering will NOT affect performace at all.

From there, you could always setup a VPN connection with another computer and use a secure tunnel to transport your data.

 

[mkrishnan]

Unless you have a computer you can dedicate as a keyserver, all the ones with Enterprise on the end and the Radius one are out. So it's really just WEP, WPA Personal, or WPA2 Personal. If all your devices support it, just go with WPA2 Personal, and do the MAC filtering.

 

[ElectricSheep]

I would be wary of relying on SSID hiding and MAC filtering for security. Passively sniffing out wireless packets and spoofing a MAC address is not very difficult at all these days, and doesn't take a lot of time at all.

WEP can be cracked in as little as 15 minutes on a busy network, especially if packet re-injection is used.

WPA and WPA2 are good choices, as long as you pick a nice strong password. They can still be cracked using dictionary attacks.

The only trouble I've had with WPA/WPA2 is that attempting to set up a Wireless Distribution System across devices from multiple venders using WPA/WPA2 can be a real pain in the butt, and doesn't always work.

 

[jsw]

I have a linksys WRT54G v. 3.1 and i have never been able to get the password protection to work. If anyone can help me that would be great also.

Some Linksys/AirPort setup advise can be found (deeply buried) in this thread.

 

[Spies]

WEP + MAC + Hidden SSID is quite safe.

You can't sniff the MAC because of encryption and you can't get a decent sample of data to get the key because you can't get the MAC.

 

[whocares]

WEP + MAC + Hidden SSID is quite safe.

Looks like I got all my bases covered then. Phew.


I am considering putting aluminium foil all over my walls though, just is case.

 

[ElectricSheep]

An interesting and relevant video. Breaking open a WEP network in 10 minutes with KisMac and a Prism-based adaptor.

link

 

[Spies]

An interesting and relevant video. Breaking open a WEP network in 10 minutes with KisMac and a Prism-based adaptor.

link

This is why you run MAC filtering aswell, it prevents such attacks occurring.

 

[munckee]

Thanks guys. Looks like WPA/WPA2 + MAC filtering + SSID is the answer. Now for the next dumb question: How the heck do I set all that up??

We'll have three Mac's running wirelessly and one PC. I live in NYC, so there are a lot of other networks around and a lot of people who would gladly mooch off our connection as well.

 

[briangig]

what os is the PC running? If I'm not mistaken, XP SP2 is required for WPA2, anything else doesnt support it. As for setting it up, it's pretty straight forward. Any specific questions?

 

[munckee]

what os is the PC running? If I'm not mistaken, XP SP2 is required for WPA2, anything else doesnt support it. As for setting it up, it's pretty straight forward. Any specific questions?

It's my roommate's I'll have to ask him.

How do I set up the SSID?

I'm assuming if we have a friend over who wants to jump on our network, we have to go into the router and allow their mac address, etc.

We may actually not want to do quite so much. We're really just trying to avoid the casual user from borrowing off our network, etc.

 

[whocares]

I'm assuming if we have a friend over who wants to jump on our network, we have to go into the router and allow their mac address, etc.

Yes. However he should be able to just casually plug in with an ethernet cable. Maybe not ideal - but plug'n play.

 

[briangig]

One option is to enable Wireless MAC Filtering. if you have friends coming over, disable it, they will be able to get online no problem. Then when they leave, enable it, it should remember your MAC addresses (my WRT54G did, but I'm running a different firmware).

 

[grapes911]

For a business or anyone that has info that really needs to be secure, you should use a very good encryption, hide the SSID, MAC filtering, etc, etc.

For the normal home user, WPA is enough. Anything less is easily breakable. There is no need to use anything else if you turn on WPA. Adding anything else just makes things more of a hassle and doesn't add that much more security.

WPA is as strong as the password you use. Make it a random, non-easily guessed password, and you'll be perfectly fine.

 

[imac abuser]

I would say dependent on where you live. I live on 10 acres in the middle of no where i dont use any encryption lol. But if you live in an apartment building or something just use the 64 bit encryption using the wep key last 10 of the mac address and your all set. If your uber paranoid block the ssid from broadcasting but dont trip.. It's cool to have people see your name they cant get on your network, and you can pull reports on your firewall with linksys if you think someone is attacking you.

Chris

 

[ElectricSheep]

This is why you run MAC filtering aswell, it prevents such attacks occurring.

Not necessarily. The very weakness exploited in WEP that makes it easy to crack is the fact that it will transmit cleartext (unencrypted) IV packets over the network.

All one needs to do is passively collect these packets, break the encryption, identify a valid MAC address on the network, and then spoof it.

See here for a demonstration of cracking a WEP + Hidden SSID + MAC filtered wireless network.

 

[superbovine]

Thanks guys. Looks like WPA/WPA2 + MAC filtering + SSID is the answer. Now for the next dumb question: How the heck do I set all that up??

We'll have three Mac's running wirelessly and one PC. I live in NYC, so there are a lot of other networks around and a lot of people who would gladly mooch off our connection as well.

I always like helping people like you, first you try and understand the concept then you ask how to do it. it always easier to help these people.

your linksys router should have come with a manual, I'd suggest you read it to setup wpa. it is pretty straight forward. usually linksys router can connect via a web browser http://192.168.1.1. Some linksys router don't like safari so I would suggest firefox. The default login is usually admin/admin. I would suggest if wireless isn't enable you connect via a straight cable to setup the router. After it is setup, you just select the wireless icon on the top right and select "other". After type in your network ssid which which should be viewable because you hide it then select your encryption type and password.

On the XP machine the support section of linksys.com has a wizard that will walk you through it step by step. It will depend heavily on the wireless card drivers and the support software on the XP machine. some wireless card have a special program to configure it, and others you just configure in the driver config menus.

btw change the admin/admin thing