Wireless Home Networks [Archive] - Glock Talk

PDA

View Full Version : Wireless Home Networks


Don At PC
07-15-2005, 06:33
I have seen several posts suggesting folks buy a wireless router to set up their home networks on both DSL and High Speed Broadband Cable. Now I have tried one at my son-in-laws house and yes it is very nice with a laptop so you can move around within the house and the kids can be on the desktop and everyone has their own little thing going.

My concern is "Security". I have been told by many not to do it because anyone driving down the street could access your system and do whatever they wanted. Now mine at home is on comcast cable and a Net Gear wired router and when I go to the test site to check my ports it passes as all invisable. I tried it at my son-in-laws house with his wireless system and it wouldn't pass. It showed one port open and visable.

I would like to hear some comments from our most knowledgeble folks here as to the true facts of security & safety of using a wireless router for my Home Network. I am not real computer savy but do have moderate experience so please don't make it too complicated.;f

HerrGlock
07-15-2005, 09:00
What people see on the 'net about your computer and network has nothing to do with what people driving down the street see on the wireless portion of the network.

When you plug in a wireless card, look at the possible connections within the program that came with the card. It's probable that you have more than just yours as an option to connect to. That means someone around your house did not take the time to lock their wireless setup down.

Look these up in your wireless owner's manual or on the net:

How to change the essid away from the default
How to not broadcast essid
How to set up WEP (128 bit) or pre-shared encryption (preferred)
How to make only certain MAC addresses can connect to your access point (MAC has nothing to do with operating systems, Windows systems have a MAC address too)
How to only allow a specific number of connections to the access point (only allow the number of computers YOU will use at one time to access it)

There are more, but the first 4 are the primary ones.

DanH

hodgdonhead
07-18-2005, 22:53
I work for the dark overlord of networking gear (no not anything to do with Microsoft,,, think blue and bridges) and I specialize in wireless voice.

Pretty much most APs (wireless access points) on the consumer level come with the following security combos for the home:

-Open No Encryption (basically no security or packet encryption)Unfortunately, this is the most popular option in most homes because this is the default setting on most APs. Wireless sniffers are easily downloaded and people "sniffer" your network will be able to any plain test user names and passwords you send across the wireless medium (unless you are using a VPN or doing SSL).

-Open with WEP (This allows any client to associate, but the client wireless packets will not be accepted by the AP without the correct WEP KEY. WEP keys are either made up of ASCII or HEX characters and can be 40/64bit or 104/128bit in size. THis is probable the widest used security combo.

-Shared with WEP (pretty much like Open with WEP except that the AP will ask for the WEP key during the associtation process for authenticaiton and encryption. A litte more secure, but not by much. There are some black market utilties out there for decrypting WEP keys.

-WPA PreshareKey with TKIP (probably the strongest Auth and Encryption you can get for the consumer market. This type of Authentication uses a Preshare Key statment for authentication. The authentcation process does not use plain text so it is hard to break into. Also TKIP uses a rotatating key with a MIC that is far superior to WEP. The only problem here is many older clients do not support this method.

There are a lot more Authentication and Ecryption types available to enterprise customers like EAP LEAP PEAP EAP-FAST EAP-TLS WPA-EAP WPA2 CKIP AES, etc etc, but no use going into those.

HerrGlock had some solid advice for home users.

Daynja
07-18-2005, 23:52
Originally posted by hodgdonhead
-WPA PreshareKey with TKIP (probably the strongest Auth and Encryption you can get for the consumer market. This type of Authentication uses a Preshare Key statment for authentication. The authentcation process does not use plain text so it is hard to break into. Also TKIP uses a rotatating key with a MIC that is far superior to WEP. The only problem here is many older clients do not support this method.

Anything less than this is nearly worthless IMO. Everything made within the last couple years supports it, so you should use it.